Hey everyone,
Running into a little issue. I am trying to use Config Change Templates to perform firmware updates for about several hundred SonicWalls.
First I created a CCT to have the SonicWall run the import ftp commands to download the firmware from my share. Then a second CCT to make the sonicwall 'boot imported' which brings it up on the new firmware. Where I run into an issue is the SonicWall only supports FTP or SCP. On SonicWalls connected to slower connections after about 60-70 seconds the SonicWall will kill the session before the firmware has been downloaded. With SCP the SonicWall will download the entire firmware, so I would like to use SCP. Where I am running into an issue is when the device runs the command:
import firmware scp scp://UID@XXX.XXX.XXX.XXX/sonicos.sig
The authenticity of host 'xx.xx.xx.xx (xx.xx.xx.xx)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
Are you sure you want to continue connecting (yes/no)? Yes
My CCT script doesn't wait for the RSA key to generate before it sends the Yes command, which causes this to fail.
Output from the failed script on Solarwinds Config Change Template logs
import firmware scp scp://UID@xx.xx.xx.xx/sonicos.sig
The authenticity of host 'xx.xx.xx.xx (xx.xx.xx.xx)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
YES
xxxxxxxxxxx
YES
Are you sure you want to continue connecting (yes/no)?Please type 'yes' or 'no':Please type 'yes' or 'no':Please type 'yes' or 'no':
Host key verification failed.
% Error encountered processing command:
import firmware scp scp://uid@xx.xx.xx.xx/sonicos.sig
% Error: File transfer error.
My script is as follows:
// Template to have SonicWall SCP new Firmware from Orion.
/*
.PARAMETER_LABEL @ContextNode
NCM Node
.PARAMETER_DESCRIPTION @ContextNode
The node the template will operate on. All templates require this by default. The target node is selected during the first part of the wizard so it will not be available for selection when defining values of variables.
*/
script GetFirmware(NCM.Nodes @ContextNode)
{
string @BootCommand='import firmware scp scp://UID@xx.xx.xx.xx/sonicos.sig'
CLI
{
@BootCommand
YES
xxxxxxxxxxx
YES
}
}
OK so my question is, does any one know of a way to script the SonicWall to wait after 'import firmware scp scp://UID@xx.xx.xx.xx/sonicos.sig' for approx. 5 seconds before sending the YES command, so that the RSA key has time to generate? The password that is x'ed out and second YES command can run as normal. But it seems like the CCT is sending the first yes before the RSA key is generated.
Thanks in advance,