Watchguard has two ways to upgrade the firmware. One is from the web UI and the other via Firebox System Manager. I prefer the System Manager, but when you download the firmware it runs an installer. This is leaving my programs list full of firmware update packages. Lots of clutter that Watchguard could easily fix by having their installer’s cleanup old firmwares, leaving a switch to prevent cleanups should someone want to have an older firmware.
To help with this, I wrote up a simple script that looks through my programs and finds all related firmware to Watchguard and removes it. I added a filter to have it exclude the latest firmware. So I can easily run this after installing a bunch of firmware packages to cleanup the old ones.
[CmdletBinding(SupportsShouldProcess=$true)]
param(
[Parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true,Position=0)][string]$Version = $null,
[System.Management.Automation.CredentialAttribute()] $Credential
)
begin
{
if (($Version -eq $null) -or $Version -eq '')
{
Write-Error "A Version is needed to identify which version to keep".
exit
}
Write-Host "Version: $Version"
$InstallArgs = '/verysilent';
$searchString = 'Watchguard Fireware v* for Firebox*';
$filterString = 'Watchguard Fireware v'+$Version+' for Firebox*'
}
process {
# The files
$theseParams = @{
Path = "HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*"
}
if ($Credential){$theseParams.Credential = $Credential;}
$whereParams = @{
FilterScript = {($_.DisplayName -like $searchString) -and ($_.DisplayName -notlike $filterString)}
}
if ($Credential){$whereParams.Credential = $Credential;}
$OldInstalls = Get-ItemProperty @theseParams | where @whereParams
# Install
foreach ($install in $OldInstalls)
{
$name = $install.DisplayName;
Write-Host "Attempting to remove $name" -NoNewLine
# Sanity Check.
if ((($install.DisplayName -like 'Watchguard*') -and (($install.DisplayName -like '*Fireware*'))) -eq $false)
{
Write-Host "... Removal Failed (Name)"
exit
}
$UninstallString = $install.QuietUninstallString -split ' /';
$UninstallExe = $UninstallString[0] -replace '"', '';
$UninstallArgs = '/'+$UninstallString[1];
Write-Verbose "UninstallExe: $UninstallExe"
Write-Verbose "UninstallArgs: $UninstallArgs"
# Build the uninstaller command.
$theseParams = @{
FilePath = $UninstallExe
ArgumentList = $UninstallArgs
Wait = $true
NoNewWindow = $true
}
if ($Credential){$theseParams.Credential = $Credential;}
# Debugging code.
#Write-Verbose "theseParams:"
#$theseParams
#exit
# Do the Removal.
Start-Process @theseParams
Write-Host "... Success"
}
}
Now this is great but installing all those firmware gets annoying as you start getting to work with multiple models. In my case this is 6 different models I work with. Each one needs its own firmware downloaded.
In comes a script to install all of them. It needs a path, but attempts to default to the downloads folder, where they typically live until I have installed them. This will look for all matching files in that folder.
[CmdletBinding(SupportsShouldProcess=$true)]
param(
[Parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true,Position=0)][string]$Folder = $null,
[System.Management.Automation.CredentialAttribute()] $Credential
)
begin
{
if ($Folder -eq $null)
{
$Folder = $env:USERPROFILE+'\Downloads'
}
Write-Host "Folder: $Folder"
$InstallArgs = '/verysilent';
}
process {
# The files
$theseParams = @{
Path = "$Folder\Firebox_OS_*.exe"
}
if ($Credential){$theseParams.Credential = $Credential;}
$Files = Get-Item @theseParams
# Install
foreach ($file in $files)
{
# Build the installer command.
$theseParams = @{
FilePath = $file.FullName
ArgumentList = $InstallArgs
Wait = $true
NoNewWindow = $true
}
if ($Credential){$theseParams.Credential = $Credential;}
# Do the install.
Start-Process @theseParams
# Since it exits while installing, give it a few seconds.
sleep 5;
}
}
With this, I now have a simple way of installing and removing firmware for Watchguards.
I was going to write a script to pull the files off Watchguard’s website, but haven’t wanted to dig into how to do that or finding out if it would require authentication to download them. This alone is a time saver.