Two SMB appliances autoconf.clish issues

Document created by Günther W. Albrecht on Mar 26, 2018
Version 1Show Document
  • View in full screen mode

I have written about autoconf.clish in USB First Time Config using autoconf.clish files. The autoconfig.clish file is very valuable if used for basic configuration. But for complete configuration, there still is room for additions ! Find here two problems from unit configuration in production that have been reported to CP as RFEs already.

First issue appears when a - rather very strict - rule base is defined using

# set fw policy mode "strict"

This has a side effect - it creates the same rule as

# set fw policy mode "standard"

that is shown as "Allow traffic between internal networks" in WebGUI.

In WebGUI, selecting "standard" and then switch to "strict" will clear this rule - but using autoconf.clish, this is not possible and the "Allow traffic between internal networks" rule will always be added.

Second issue is that the process of defining a RADIUS server in autoconf.clish is not very secure as it needs clear text password and should be changed ! sk107558 How to change administrator password to a clear-text password or a password hash gives the best solution for this, as the Admin password can be set using password-hash instead of clear text. Also, issueing the show configuration command will show hashes insted of the Admin or RADIUS password.

Better would be a syntax similar to Admin password:

# set radius-server priority "1" shared-secret-hash ...
2 people found this helpful