diff --git a/.gitignore b/.gitignore
index cf8d01ba4..5fb9c538c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,6 +25,7 @@ test/ipt/secuwall-1
 Makefile
 !test/*/Makefile
 install*
+!src/res/configlets/*/install*
 ltmain.sh
 configure
 config.h
diff --git a/VERSION b/VERSION
index 38daffdc9..f4a38dc9e 100644
--- a/VERSION
+++ b/VERSION
@@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
 # build number is like "nano" version number. I am incrementing build
 # number during development cycle
 #
-BUILD_NUM="3521"
+BUILD_NUM="3522"
 
 VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"
 
diff --git a/VERSION.h b/VERSION.h
index c1108136c..c750d78c2 100644
--- a/VERSION.h
+++ b/VERSION.h
@@ -1,2 +1,2 @@
-#define VERSION      "4.2.0.3521"
+#define VERSION      "4.2.0.3522"
 #define GENERATION   "4.2"
diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec
index d9476c1e8..b7b65025a 100644
--- a/packaging/fwbuilder-static-qt.spec
+++ b/packaging/fwbuilder-static-qt.spec
@@ -3,7 +3,7 @@
 
 
 %define name    fwbuilder
-%define version 4.2.0.3521
+%define version 4.2.0.3522
 %define release 1
 
 %if "%_vendor" == "MandrakeSoft"
diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control
index 02e28f181..45396147d 100644
--- a/packaging/fwbuilder.control
+++ b/packaging/fwbuilder.control
@@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
 Priority: extra
 Section: checkinstall
 Maintainer: vadim@fwbuilder.org
-Version: 4.2.0.3521-1
+Version: 4.2.0.3522-1
 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
 Description: Firewall Builder GUI and policy compilers
diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec
index 74952b146..79378e85f 100644
--- a/packaging/fwbuilder.spec
+++ b/packaging/fwbuilder.spec
@@ -1,6 +1,6 @@
 
 %define name    fwbuilder
-%define version 4.2.0.3521
+%define version 4.2.0.3522
 %define release 1
 
 %if "%_vendor" == "MandrakeSoft"
diff --git a/src/libgui/FirewallInstaller.cpp b/src/libgui/FirewallInstaller.cpp
index 733d42e53..ee46249ec 100644
--- a/src/libgui/FirewallInstaller.cpp
+++ b/src/libgui/FirewallInstaller.cpp
@@ -776,25 +776,20 @@ void FirewallInstaller::replaceMacrosInCommand(Configlet *conf)
  * Unix.
  */
 
-    QString fwbscript = fwcompiler::CompilerDriver::escapeFileName(
-        QFileInfo(cnf->remote_script).fileName());
-
-    if (fwbscript.indexOf(":")!=-1) fwbscript = fwbscript.section(':', 1, 1);
-
     if (fwbdebug)
     {
         qDebug() << "Macro substitutions:";
         qDebug() << "  $fwdir=" << cnf->fwdir;
         qDebug() << "  cnf->script=" << cnf->script;
         qDebug() << "  cnf->remote_script=" << cnf->remote_script;
-        qDebug() << "  $fwscript=" << fwbscript;
+        qDebug() << "  $fwscript=" << cnf->fwscript;
         qDebug() << "  $firewall_name=" << QString::fromUtf8(
             cnf->fwobj->getName().c_str());
     }
 
     conf->setVariable("fwbprompt", fwb_prompt);
     conf->setVariable("fwdir", cnf->fwdir);
-    conf->setVariable("fwscript", fwbscript);
+    conf->setVariable("fwscript", cnf->fwscript);
     conf->setVariable("firewall_name",
                       QString::fromUtf8(cnf->fwobj->getName().c_str()));
 }
diff --git a/src/libgui/instConf.cpp b/src/libgui/instConf.cpp
index 357736e9e..717900ea8 100644
--- a/src/libgui/instConf.cpp
+++ b/src/libgui/instConf.cpp
@@ -88,5 +88,6 @@ void instConf::clear()
     sshArgs = "";
     scpArgs = "";
     putty_session = "";
+    fwscript = "";
 }
 
diff --git a/src/libgui/instConf.h b/src/libgui/instConf.h
index 278d476f1..3ad098b9b 100644
--- a/src/libgui/instConf.h
+++ b/src/libgui/instConf.h
@@ -64,6 +64,7 @@ class instConf {
     QString   sshArgs;
     QString   scpArgs;
     QString   fwdir;
+    QString   fwscript;
     
     libfwbuilder::Firewall  *fwobj;
 
diff --git a/src/libgui/instDialog_installer.cpp b/src/libgui/instDialog_installer.cpp
index b4d7e1b04..7b34f47c1 100644
--- a/src/libgui/instDialog_installer.cpp
+++ b/src/libgui/instDialog_installer.cpp
@@ -28,15 +28,16 @@
 #include "utils.h"
 #include "utils_no_qt.h"
 
-#include "instDialog.h"
-#include "FirewallInstallerCisco.h"
-#include "FirewallInstallerUnx.h"
-#include "FirewallInstallerProcurve.h"
+#include "CompilerDriver.h"
 #include "FWBSettings.h"
 #include "FWWindow.h"
-#include "instOptionsDialog.h"
-#include "instBatchOptionsDialog.h"
+#include "FirewallInstallerCisco.h"
+#include "FirewallInstallerProcurve.h"
+#include "FirewallInstallerUnx.h"
 #include "events.h"
+#include "instBatchOptionsDialog.h"
+#include "instDialog.h"
+#include "instOptionsDialog.h"
 
 #include "fwbuilder/Resources.h"
 #include "fwbuilder/FWObjectDatabase.h"
@@ -62,6 +63,18 @@ bool instDialog::runInstaller(Firewall *fw, bool cancelAllVisible)
     cnf.fwobj = fw;
     cnf.maddr = "";
 
+    // TODO: there must be a better place to fill cnd.fwscript than
+    // this.  All I need to do is fill it before calling summary() and
+    // before launching installer that uses it in
+    // FirewallInstaller::replaceMacrosInCommand()
+
+    QString fwscript = fwcompiler::CompilerDriver::escapeFileName(
+        QFileInfo(cnf.remote_script).fileName());
+
+    if (fwscript.indexOf(":")!=-1) fwscript = fwscript.section(':', 1, 1);
+
+    cnf.fwscript = fwscript;
+
     if (fwbdebug)
         qDebug() << "instDialog::runInstaller: built-in installer"
                  << fw->getName().c_str()
diff --git a/src/libgui/instDialog_ui_ops.cpp b/src/libgui/instDialog_ui_ops.cpp
index 7a71735a4..6a7d1e244 100644
--- a/src/libgui/instDialog_ui_ops.cpp
+++ b/src/libgui/instDialog_ui_ops.cpp
@@ -497,10 +497,6 @@ void instDialog::summary()
     else
         str.append(QObject::tr("* Management address : %1").arg(cnf.maddr));
 
-
-    if (!cnf.putty_session.isEmpty())
-        str.append(QObject::tr("* Using putty session : %1")
-                   .arg(cnf.putty_session));
     str.append(QObject::tr("* Platform : %1")
               .arg(cnf.fwobj->getStr("platform").c_str()));
     str.append(QObject::tr("* Host OS : %1")
@@ -515,6 +511,15 @@ void instDialog::summary()
     if (cnf.dry_run)
         str.append(QObject::tr("* Commands will not be executed on the firewall"));
 
+    if (fwbdebug)
+    {
+        str.append(QObject::tr("--------------------------------"));
+        str.append(QObject::tr("* Variables:"));
+        str.append(QObject::tr("* fwdir= %1") .arg(cnf.fwdir));
+        str.append(QObject::tr("* fwscript= %1") .arg(cnf.fwscript));
+        str.append(QObject::tr("* remote_script= %1") .arg(cnf.remote_script));
+    }
+
     str.append("");
 
     QTextCursor cursor = m_dialog->procLogDisplay->textCursor();
diff --git a/src/res/configlets/fwsm_os/installer_commands_post_config b/src/res/configlets/fwsm_os/installer_commands_post_config
new file mode 100644
index 000000000..ab03f94f7
--- /dev/null
+++ b/src/res/configlets/fwsm_os/installer_commands_post_config
@@ -0,0 +1,27 @@
+## -*- mode: shell-script; -*- 
+##
+## Lines that start with "##" will be removed before this code is
+## added to the generated script.
+##
+## These are commands built-in policy installer runs on the firewall
+##
+##  Variables:
+##
+##  {{$rbtimeout}}  -- rollback timeout
+##  {{$test}}       -- doing installation in test mode
+##
+
+
+{{if cancel_rollback}}
+reload cancel
+{{endif}}
+
+{{if run}}
+wr mem
+{{endif}}
+
+{{if save_standby}}
+wr standby
+{{endif}}
+
+
diff --git a/src/res/configlets/fwsm_os/installer_commands_pre_config b/src/res/configlets/fwsm_os/installer_commands_pre_config
new file mode 100644
index 000000000..27decc1ae
--- /dev/null
+++ b/src/res/configlets/fwsm_os/installer_commands_pre_config
@@ -0,0 +1,19 @@
+## -*- mode: shell-script; -*- 
+##
+## Lines that start with "##" will be removed before this code is
+## added to the generated script.
+##
+## These are commands built-in policy installer runs on the firewall
+##
+##  Variables:
+##
+##  {{$rbtimeout}}  -- rollback timeout
+##  {{$test}}       -- doing installation in test mode
+##
+
+{{if schedule_rollback}}
+reload in {{$rbtimeout}}
+{{endif}}
+
+
+
diff --git a/src/res/configlets/fwsm_os/installer_commands_reg_user b/src/res/configlets/fwsm_os/installer_commands_reg_user
new file mode 100644
index 000000000..6f02d54ed
--- /dev/null
+++ b/src/res/configlets/fwsm_os/installer_commands_reg_user
@@ -0,0 +1,33 @@
+## -*- mode: shell-script; -*- 
+##
+## Lines that start with "##" will be removed before this code is
+## added to the generated script. Regular shell comments can be added
+## using single "#", these will appear in the script.
+##
+## These are commands built-in policy installer runs on the firewall
+##
+##  Variables:
+##
+##  {{$fwbprompt}}     -- "magic" prompt that installer uses to detect when it is
+##                        logged in
+##  {{$fwdir}}         -- directory on the firewall (in case of PIX, "flash:" or
+##                        similar)
+##  {{$fwscript}}      -- script name on the firewall
+##  {{$firewall_name}} -- the name of the firewall object
+##
+
+{{if using_scp}}
+changeto context {{$firewall_name}}
+copy /noconfirm {{$fwdir}}/{{$fwscript}} running-config
+changeto system
+delete /noconfirm {{$fwdir}}/{{$fwscript}}
+exit
+{{endif}}
+
+{{if not_using_scp}}
+config term
+terminal width 256
+{{$fwbuilder_generated_configuration_lines}}
+exit
+{{endif}}
+