Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 835 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Scheduling site-to-site IPSEC

ChrisBailey

Hi All,

I'm running a few test workloads in Azure, but want to schedule the connection times the IPSEC tunnel from the UTM to Azure to keep costs to a minimum, is there a way in the UTM to schedule these connections?

 

TIA,

Chris



This thread was automatically locked due to age.
Parents
  • 0

    Hi Chris and welcome to the UTM Community!

    I would do this with a cron job.  You can find the available IPsec Connections at the command line with:

    cc get_objects ipsec_connection site_to_site |grep \'name

    Once you have the name you want (Lets call it Azure), you can find the REF_ with:

    cc get_object_by_name ipsec_connection site_to_site 'Azure'|grep \'ref

    Lets assume that gave us REF_IpsSitAzure.

    You can add the following commands to /etc/crontab-static to enable the tunnel at 7AM and then disable it at 6PM Monday through Friday:

    0 7 * * 1,2,3,4,5 /usr/local/bin/confd-client.plx change_object REF_IpsSitAzure status 1
    0 18 * * 1,2,3,4,5 /usr/local/bin/confd-client.plx change_object REF_IpsSitAzure status 0

    Now, set update to "Manual" in WebAdmin to force the lines into /etc/crontab.  This will survive reboots, but is not included in a config backup.

    I haven't tested that, but I don't think I made any mistakes.  Let us know your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hi Chris and welcome to the UTM Community!

    I would do this with a cron job.  You can find the available IPsec Connections at the command line with:

    cc get_objects ipsec_connection site_to_site |grep \'name

    Once you have the name you want (Lets call it Azure), you can find the REF_ with:

    cc get_object_by_name ipsec_connection site_to_site 'Azure'|grep \'ref

    Lets assume that gave us REF_IpsSitAzure.

    You can add the following commands to /etc/crontab-static to enable the tunnel at 7AM and then disable it at 6PM Monday through Friday:

    0 7 * * 1,2,3,4,5 /usr/local/bin/confd-client.plx change_object REF_IpsSitAzure status 1
    0 18 * * 1,2,3,4,5 /usr/local/bin/confd-client.plx change_object REF_IpsSitAzure status 0

    Now, set update to "Manual" in WebAdmin to force the lines into /etc/crontab.  This will survive reboots, but is not included in a config backup.

    I haven't tested that, but I don't think I made any mistakes.  Let us know your results.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML