Scribd
Upload
6 views5 pages

Get DFW Rules

Uploaded by

itquiz27

Copyright:

© All Rights Reserved
Download as TXT, PDF, TXT or read online from Scribd
Download as txt, pdf, or txt

Get DFW Rules

Uploaded by

itquiz27
6 views5 pages

Original Title

get dfw rules

Copyright

© © All Rights Reserved

Available Formats

TXT, PDF, TXT or read online from Scribd

Did you find this document useful?

Is this content inappropriate?

Copyright:

© All Rights Reserved
Download as TXT, PDF, TXT or read online from Scribd
Download as txt, pdf, or txt
6 views5 pages

Get DFW Rules

Uploaded by

itquiz27

Copyright:

© All Rights Reserved
Download as TXT, PDF, TXT or read online from Scribd
Download as txt, pdf, or txt
You are on page 1/ 5

Function GET-DFW-Rules{

param(
[Parameter(Mandatory = $true)]
[String]$Server,
[Parameter(Mandatory = $true)]
[String]$Username,
[PSCustomObject]$ApiValues,
[boolean]$PSVersion = $false,
[int]$ApiRate = 10
)
begin{
$SecuredPassword = Read-Host "Password" -AsSecureString
$Password =
[System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropSe
rvices.Marshal]::SecureStringToBSTR($SecuredPassword))
$credPair = "$($Username):$($Password)"
if((-not $global:defaultNsxtServers.isConnected) -and
($PSVersionTable.PSVersion.Major -ge 7)){
try{
Write-Host "Establishing connection to NSX-T manager:"
$Server "for user:" $Username
Connect-NsxtServer -Server $Server -User $Username -
Password $Password
$PSVersion = $true
}
catch{
throw "Unable to establish the connection to NSX-T manager:
" + $Server + " for user: " + $Username
}
}
elseif((-not $global:defaultNsxServers.isConnected) -and
($PSVersionTable.PSVersion.Major -le 5)){
try{
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate
certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-
Object TrustAllCertsPolicy
Write-Host "Establishing connection to NSX-T manager:"
$Server "for user:" $Username
Connect-NsxtServer -Server $Server -User $Username -
Password $Password
}
catch{
throw "Unable to establish the connection to NSX-T manager:
" + $Server + " for user: " + $Username
}
}
else{
try{
Connect-NsxtServer -Menu -ErrorAction Stop
}
catch{
throw "Could not connect to an NSX-T Manager, please try again"
}
}
$ApiValues = [PSCustomObject]@{
"Server" = $Server
"Credentials" =
[Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($credPair))
"ApiRate" = $ApiRate
"PSversion" = $PSversion
}
$API_Result = Get-API-Results -ApiValues $ApiValues -Uri
"/api/v1/node/services/http"
$ApiRate =
[math]::ceiling(1000/$API_Result.service_properties.client_api_rate_limit)

class FW_Rule{
[String]$Policy_id
[String]$Policy_name
[String]$Category
[String]$Rule_id
[String]$Id
[String]$Name
[String]$Description
[String]$Sources_name_type
[String]$Destinations_name_type
[String]$Services_name_type
[String]$Service_entries
[String]$Profiles
[String]$Applied_tos_name_type
[String]$Action
[String]$Disabled
[String]$Direction
[String]$Ip_protocol
}
}
process{
# Get the list of DFW policies gateways
$scriptDirectory = $PSScriptRoot
$filePath = Join-Path -Path $scriptDirectory -ChildPath
"dfw_rules_table.csv"
$API_Result = Get-API-Results -ApiValues $ApiValues -Uri
"/policy/api/v1/infra/domains/default/security-policies"
$Result = @($API_Result.Results)
$dfw_rules = @()
foreach($Policy in $Result){
$API_Result = Get-API-Results -ApiValues $ApiValues -Uri
$("/policy/api/v1/infra/domains/default/security-policies/" + $Policy.id +
"/rules")
foreach($Rule in $API_Result.Results){
$FW_New_Rule = [FW_Rule]::new()
$FW_New_Rule.Policy_id = $Policy.id
$FW_New_Rule.Policy_name = $Policy.display_name
$FW_New_Rule.Category = $Policy.category
$FW_New_Rule.Rule_id = $Rule.rule_id
$FW_New_Rule.Id = $Rule.id
$FW_New_Rule.Name = $Rule.display_name
$FW_New_Rule.Description = $Rule.tag
$FW_New_Rule.Action = $Rule.action
$FW_New_Rule.Disabled = $Rule.disabled
$FW_New_Rule.Direction = $Rule.direction
$FW_New_Rule.Ip_protocol = $Rule.ip_protocol

foreach($Source in $Rule.source_groups){
if($Source -eq "ANY"){
$FW_New_Rule.Sources_name_type += "ANY`n"
continue
}

elseif($Source.Contains("/infra/domains/default/groups/")){
$API_Result = Get-API-Results -ApiValues
$ApiValues -Uri $("/policy/api/v1" + $Source)
$FW_New_Rule.Sources_name_type +=
$API_Result.display_name + " ; " + $API_Result.resource_type + "`n"
}
else{
$FW_New_Rule.Sources_name_type += $Source + " ;
IP Address`n"
}
}

foreach($Destination in $Rule.destination_groups){
if($Destination -eq "ANY"){
$FW_New_Rule.Destinations_name_type += "ANY`n"
continue
}

elseif($Destination.Contains("/infra/domains/default/groups/")){
$API_Result = Get-API-Results -ApiValues
$ApiValues -Uri $("/policy/api/v1" + $Destination)
$FW_New_Rule.Destinations_name_type +=
$API_Result.display_name + " ; " + $API_Result.resource_type + "`n"
}
else{
$FW_New_Rule.Destinations_name_type +=
$Destination + " ; IP Address`n"
}
}

foreach($Service in $Rule.services){
if($Service -eq "ANY"){
$FW_New_Rule.Services_name_type += "ANY`n"
continue
}
elseif($Service.Contains("/infra/services")){
$API_Result = Get-API-Results -ApiValues
$ApiValues -Uri $("/policy/api/v1" + $Service)
$FW_New_Rule.Services_name_type +=
$API_Result.display_name + " ; " + $API_Result.resource_type + "`n"
}
else{
$FW_New_Rule.Services_name_type += ""
}
}

if($Rule.PSObject.Properties["service_entries"]){
foreach($Entry in $Rule.service_entries){
$FW_New_Rule.Service_entries += $($Entry |
ConvertTo-Json) + "`n"
}
}
else{
$FW_New_Rule.Service_entries += ""
}

foreach($Profile in $Rule.profiles){
if($Profile -eq "ANY"){
$FW_New_Rule.Profiles += "NONE`n"
continue
}
elseif($Profile.Contains("/infra/context-profiles")){
$API_Result = Get-API-Results -ApiValues
$ApiValues -Uri $("/policy/api/v1" + $Profile)
$FW_New_Rule.Profiles +=
$API_Result.display_name + " ; " + $API_Result.resource_type + "`n"
}
}

foreach($Applied_to in $Rule.scope){
if($Applied_to -eq "ANY"){
$FW_New_Rule.Applied_tos_name_type += "ANY`n"
continue
}

elseif($Applied_to.Contains("/infra/domains/default/groups")){
$API_Result = Get-API-Results -ApiValues
$ApiValues -Uri $("/policy/api/v1" + $Applied_to)
$FW_New_Rule.Applied_tos_name_type +=
$API_Result.display_name + " ; " + $API_Result.resource_type + "`n"
}
else{
$FW_New_Rule.Applied_tos_name_type +=
$Applied_to + " ; IP Address`n"
}
}
$dfw_rules += $FW_New_Rule
}
}
$dfw_rules | Export-Csv -Path $filePath
}
}

function Get-API-Results{
param(
[Parameter(Mandatory = $true)]
[PSCustomObject]$ApiValues,
[Parameter(Mandatory = $true)]
[String]$Uri
)
process{
$Credentials = $ApiValues.Credentials
$Parameters = @{
Uri = "https://" + $ApiValues.Server + $Uri
Method = "GET"
Headers = @{ Authorization = "Basic $Credentials" }
ContentType = "application/json"
}
Start-Sleep -Milliseconds $ApiValues.ApiRate
if($ApiValues.PSVersion){
return $(Invoke-RestMethod @Parameters -SkipCertificateCheck)
}
else{
return $(Invoke-RestMethod @Parameters)
}
}
}

You might also like