10.5.3. Configuring Installer on Windows

You can skip this section if you run Firewall Builder GUI on Linux, *BSD or Mac OS X.

Built-in policy installer in Firewall Builder GUI uses ssh client to connect to the firewall. While ssh client is standard on all Linux and BSD systems, as well as Mac OS X, it does not come with Windows. In order to be able to use Firewall Builder GUI to install policy on Windows, you need to download ssh client PuTTY and configure fwbuilder to use it. Note: PuTTY is free software.


Starting with version 4.0.2, Firewall Builder includes putty ssh client utilities plink.exe and pscp.exe in Windows package. You do not need to do any additional configuration if you use fwbuilder v4.0.2 on Windows and can skip this section. However if you already have putty on your machine or want to use different ssh client, then follow instructions in this section to see how you can configure fwbuilder to use it.

If you do not use PuTTY and do not have it on your machine, start with navigating to the web site http://www.chiark.greenend.org.uk/~sgtatham/putty/

Download and install putty.exe, plink.exe and pscp.exe somewhere on your machine (say, in C:\PuTTY).

Installer does not use putty.exe, but it will be very useful for troubleshooting and for setting up sessions and ssh keys.

In the Edit/Preferences dialog, in the Installer tab, use the Browse button to locate plink.exe. Click OK to save preferences. If you installed it in C:\PuTTY, then you should end up with C:\PuTTY\plink.exe in this entry field. Do the same to configure the path to pscp.exe.

Figure 10.22. 

You may log in to the firewall using a regular user account or as root. See instructions below for an explanation how to configure sudo if you use regular user accounts. This part of the configuration does not depend on the OS on which you run Firewall Builder.

Before you try to use fwbuilder installer with plink.exe and pscp.exe, test it from the command line to make sure you can log in to your firewall. If this is the first time you've tried to log into the firewall machine using putty.exe, plink.exe or pscp.exe, then the program will discover a new host key, ask you if it is correct and ask if you want to save it in cache. There are lots of resources on the Internet that explain what this means and how you should verify key accuracy before you accept it. If the key is already known to the program it will not ask you about it and will just proceed to the part where it asks you to enter a password. Enter the password and press Enter to see if you can log in.

Here is the command (assuming you use account "fwadmin" to manage firewall "guardian"):

        C:\Users\vadim>c:\PuTTY\plink.exe -l fwadmin guardian

Figure 10.23. 


The installer does not use the GUI ssh client putty.exe, it uses command line utilities that come from the same author: plink.exe and pscp.exe. You can test SSH connectivity with putty.exe, but do not enter path to it in the Installer tab of the Preferences dialog in Firewall Builder. It won't work.

Section 15.4 offers troubleshooting tips for problems you may encounter trying to use policy installer.


Copyright © 2000-2012 NetCitadel, Inc. All rights reserved.
 Using free CSS Templates.