I've built a working template for downloading Sidewinder Firewall configurations with NCM, and been happy (so far) with the results showing in NCM's Daily Configuration Comparison Reports. There are some important caveats for you to be aware of if you apply this template:
Do NOT enable NCM's option to use this template for auto-discovery. The OID is one recommended by SolarWinds Technical Support, and I'd previously used 1.3.6.1.4.1.1573.2.1. I found that when I enabled this template for auto-discovery when using the OID SolarWinds suggested, it was applied to some of my Cisco switches, and those devices' could no longer be accessed successfully by NCM. I disabled auto-discovery for this template and the Cisco problem was resolved. It might be appropriate to use a more granular OID for this template (such as 1.3.6.1.4.1.1573.2.1)--please feel free to share that if you find a better one.
This config backup cannot be used to restore a Sidewinder. It’s only for config comparison and for daily configuration management. Use the McAfee Configuration Backup and Restore processes, preferably by generating an Emergency Config Backup & Restore USB drive.
This template WILL NOT backup a Sidewinder's Startup-Config. Don't expect to be able to backup the Startup-config of a Sidewinder with this. You may be able to create such a script by working with McAfee and modifying this template, but this template isn't for startup-config backups. The startup solution on a Sidewinder relies on hardened FreeBSD structure and files. This template does not address those needs.
There is no section for executing command scripts in this template. I recommend you use the Cobra GUI for the Firewall Enterprise (a.k.a.: "Sidewinder firewall"), or perform your commands manually at the CLI.
<Configuration-Management Device="Device Name" SystemOID=" 1.3.6.1.4.1.9">
<Commands>
<Command Name="RESET" Value="srole${CRLF}uname -r" />
<Command Name="DownloadConfig" Value="cf policy export${CRLF}cf service q${CRLF}cf burb q${CRLF}cf config q${CRLF}cf license q${CRLF}cf adminuser 1${CRLF}cf agent q${CRLF}cf appfilter q${CRLF}cf audit q${CRLF}cf auth q${CRLF}cf burbgroup q${CRLF}cf cert q${CRLF}cf cluster q${CRLF}cf cmd q${CRLF}cf crontab q${CRLF}cf daemond q${CRLF}cf dns q${CRLF}cf domain q${CRLF}cf export q${CRLF}cf failover q${CRLF}cf fips q${CRLF}cf fwregistered q${CRLF}cf geolocation q${CRLF}cf host q${CRLF}cf hostname q${CRLF}cf ids q${CRLF}cf ikmpd q${CRLF}cf interface q${CRLF}cf ipaddr q${CRLF}cf cf iprange q${CRLF}cf ipsec q${CRLF}cf lca q${CRLF}cf netgroup q${CRLF}cf ntp q${CRLF}cf package q${CRLF}cf pool q${CRLF}cf reports q${CRLF}cf server q${CRLF}cf servicegroup 1${CRLF}cf snmp q${CRLF}cf ssl q${CRLF}cf subnet q${CRLF}cf timeperiod q${CRLF}cf timezone q${CRLF}cf udb q${CRLF}cf ups 1${CRLF}cf usergroup q"/>
<Command Name="Version" Value="uname -r"/>
<Command Name="Disconnect" Value="exit${CRLF}exit"/>
<Command Name="VirtualPrompt" Value="%"/>
<Command Name="MenuBased" Value="false"/>
<Command Name="UseVirtualPromptForCommands" Value="True"/>
<Command Name="UseMultipleDownloadCommands" Value="True"/>
</Commands>
</Configuration-Management>
My thanks to SolarWinds Technical Support for assisting on the basics for helping me determine the appropriate syntax for the various Values, and also to Secure Computing (now McAfee) for helping with the many "cf" commands. Note that the list I provided in the "DownloadConfig" Value is from data I received from Secure Computing back in 2009. It works perfectly for my Sidewinders, but may not be complete, given they've been upgraded several times since 2009. You can access your Sidewinder's "man" page from an SSH CLI session and search for the various options using the "man cf" command. And you can remove or add sections to this section as needed, since you may not want to see all of the data.
A more intuitive way of listing the firewall's rules may be to use
<Command Name="DownloadConfig" Value="cf policy query${CRLF} . . ." instead of <Command Name="DownloadConfig" Value="cf policy export${CRLF} . . ."
In fact, you might consider ONLY using just that much, and omit all the rest in that section. The resulting command you'd use to replace that section would be:
<Command Name="DownloadConfig" Value="cf policy query"/>
Have at it, all!
Swift Packets!
Rick Schroeder