Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 1852 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Switch Networkrule Enable/Disable trough API

Gotschek

Hi,

i want to switch (Enable/Disable) a Networkrule with powershell.

A call with browser is working but i want it directly (the browser-cache is anoying).


$firewall = "firewall-fqdn:4444"

$request = @"
     <Login><UserName>api-admin</UserName>
     <Password passwordform=""encrypt"">api-key</Password></Login>
        <Set operation=""update"">
            <SecurityPolicy transactionid="""">
                <Name>Lucy -> Any ALL (TEMP)</Name>
                <Description/>
                <IPFamily>IPv4</IPFamily>
                <Status>Enable</Status>
                <Position>After</Position>
                <PolicyType>Network</PolicyType>
                <After>
                    <Name>Tiger2 ANY -> Internet</Name>
                </After>
                <SourceZones>
                    <Zone>LAN</Zone>
                </SourceZones>
                <Schedule>All The Time</Schedule>
                <Action>Accept</Action>
                <LogTraffic>Enable</LogTraffic>
                <MatchIdentity>Disable</MatchIdentity>
                <SourceNetworks>
                    <Network>Lucy</Network>
                </SourceNetworks>
                <DSCPMarking>-1</DSCPMarking>
                <ApplicationControl>None</ApplicationControl>
                <ApplicationBaseQoSPolicy>Revoke</ApplicationBaseQoSPolicy>
                <WebFilter>None</WebFilter>
                <WebCategoryBaseQoSPolicy>Revoke</WebCategoryBaseQoSPolicy>
                <IntrusionPrevention>None</IntrusionPrevention>
                <TrafficShappingPolicy>None</TrafficShappingPolicy>
                <ApplyNAT>CustomNatPolicy</ApplyNAT>
                <OverrideGatewayDefaultNATPolicy>Disable</OverrideGatewayDefaultNATPolicy>
                <PrimaryGateway/>
                <OutboundAddress>MASQ</OutboundAddress>
                <BackupGateway/>
                <ScanHTTP>Disable</ScanHTTP>
                <ScanHTTPS>Disable</ScanHTTPS>
                <Sandstorm>Disable</Sandstorm>
                <BlockQuickQuic>Disable</BlockQuickQuic>
                <ScanFTP>Disable</ScanFTP>
                <SourceSecurityHeartbeat>Disable</SourceSecurityHeartbeat>
                <MinimumSourceHBPermitted>No Restriction</MinimumSourceHBPermitted>
                <DestSecurityHeartbeat>Disable</DestSecurityHeartbeat>
                <MinimumDestinationHBPermitted>No Restriction</MinimumDestinationHBPermitted>
            </SecurityPolicy>
        </Set>
"@

start "https://$firewall/webconsole/APIController?reqxml=<Request>$request</Request>"



The thing is i have no clue how the command has to be (Invert-WebRequest i think).
Later i want to expand it with variables for adding URLs to web-exceptions.
Can someone help?

Best regards.



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FormerMember

    Hi H_Patel,

    sure.
    I googled many sites and youtube videos.

    But everytime i try i get the following error:

     

    PS D:\Scripts> .\Enable-Lucy-Any_Webrequest.ps1


    StatusCode        : 200
    StatusDescription : OK
    Content           : <?xml version="1.0" encoding="UTF-8"?>
                        <Response>
                          <Status code="529">Input request file is Invalid</Status>
                        </Response>

    RawContent        : HTTP/1.1 200 OK
                        X-Frame-Options: SAMEORIGIN
                        Strict-Transport-Security: max-age=31536000
                        X-Content-Type-Options: nosniff
                        Keep-Alive: timeout=5, max=100
                        Connection: Keep-Alive
                        Transfer-Encoding: c...
    Forms             : {}
    Headers           : {[X-Frame-Options, SAMEORIGIN], [Strict-Transport-Security, max-age=31536000], [X-Content-Type-Options, nosniff], [Keep-Alive, timeout=5,
                        max=100]...}
    Images            : {}
    InputFields       : {}
    Links             : {}
    ParsedHtml        : mshtml.HTMLDocumentClass
    RawContentLength  : 122

     
    The Powershell-Scipt is this:
     
    $firewall = "https://firewall:4444"
    $APIcall = "/webconsole/APIController?reqxml="
    $XMLfile = [XML] (Get-Content -Path ("D:\Scripts\XML-Files\Enable-Lucy-Any.txt"))

    $REQUEST = "$firewall$APIcall$XMLfile"

    Invoke-WebRequest -Uri $REQUEST
     
    XML-File:
     
    <?xml version="1.0" encoding="UTF-8"?>
    <Request APIVersion="1702.1" IPS_CAT_VER="1">
        <Login>
            <Username>api-admin</Username>
            <Password passwordform="encrypt">api-encpass</Password>
        </Login>
            <Set operation="update">
                <SecurityPolicy>
                    <Name>Lucy -> Any ALL (TEMP)</Name>
                    <Description>Allow Lucy any</Description>
                    <IPFamily>IPv4</IPFamily>
                    <Status>Enable</Status>
                    <Position>After</Position>
                    <PolicyType>Network</PolicyType>
                    <After>
                        <Name>Tiger2 ANY -> Internet</Name>
                    </After>
                    <SourceZones>
                        <Zone>LAN</Zone>
                    </SourceZones>
                    <Schedule>All The Time</Schedule>
                    <Action>Accept</Action>
                    <LogTraffic>Enable</LogTraffic>
                    <MatchIdentity>Disable</MatchIdentity>
                    <SourceNetworks>
                        <Network>Lucy</Network>
                    </SourceNetworks>
                    <DSCPMarking>-1</DSCPMarking>
                    <ApplicationControl>None</ApplicationControl>
                    <ApplicationBaseQoSPolicy>Revoke</ApplicationBaseQoSPolicy>
                    <WebFilter>None</WebFilter>
                    <WebCategoryBaseQoSPolicy>Revoke</WebCategoryBaseQoSPolicy>
                    <IntrusionPrevention>None</IntrusionPrevention>
                    <TrafficShappingPolicy>None</TrafficShappingPolicy>
                    <ApplyNAT>CustomNatPolicy</ApplyNAT>
                    <OverrideGatewayDefaultNATPolicy>Disable</OverrideGatewayDefaultNATPolicy>
                    <PrimaryGateway/>
                    <OutboundAddress>MASQ</OutboundAddress>
                    <BackupGateway/>
                    <ScanHTTP>Disable</ScanHTTP>
                    <ScanHTTPS>Disable</ScanHTTPS>
                    <Sandstorm>Disable</Sandstorm>
                    <BlockQuickQuic>Disable</BlockQuickQuic>
                    <ScanFTP>Disable</ScanFTP>
                    <SourceSecurityHeartbeat>Disable</SourceSecurityHeartbeat>
                    <MinimumSourceHBPermitted>No Restriction</MinimumSourceHBPermitted>
                    <DestSecurityHeartbeat>Disable</DestSecurityHeartbeat>
                    <MinimumDestinationHBPermitted>No Restriction</MinimumDestinationHBPermitted>
                </SecurityPolicy>
            </Set>
    </Request>
     
     
    I think the XML is correct but i'm not sure. Maybe the double qoutes in the XML?
    But i get the error even if i try the whole request without an xml file i get the error.
     
  • 0 in reply to Gotschek

    I solved the Error myself (try and error)

    The Problem was the excaped double qoutes. (In "here-strings" escape isn't necessary)

     

     

     

    # Parameter

    $firewall = "https://firewall:4444"
    $APIcall = "/webconsole/APIController?reqxml="

    $xmlrequest = @"
    <Request APIVersion="1702.1" IPS_CAT_VER="1">
         <Login><UserName>api-admin</UserName>
         <Password passwordform="encrypt">api-encrypted-password</Password></Login>
            <Set operation="update">
                <SecurityPolicy transactionid="">
                    <Name>Lucy -> Any ALL (TEMP)</Name>
                    <Description/>
                    <IPFamily>IPv4</IPFamily>
                    <Status>Enable</Status>                                    <----- Here switch between Enable/Disable
                    <Position>After</Position>
                    <PolicyType>Network</PolicyType>
                    <After>
                        <Name>Tiger2 ANY -> Internet</Name>
                    </After>
                    <SourceZones>
                        <Zone>LAN</Zone>
                    </SourceZones>
                    <Schedule>All The Time</Schedule>
                    <Action>Accept</Action>
                    <LogTraffic>Enable</LogTraffic>
                    <MatchIdentity>Disable</MatchIdentity>
                    <SourceNetworks>
                        <Network>Lucy</Network>
                    </SourceNetworks>
                    <DSCPMarking>-1</DSCPMarking>
                    <ApplicationControl>None</ApplicationControl>
                    <ApplicationBaseQoSPolicy>Revoke</ApplicationBaseQoSPolicy>
                    <WebFilter>None</WebFilter>
                    <WebCategoryBaseQoSPolicy>Revoke</WebCategoryBaseQoSPolicy>
                    <IntrusionPrevention>None</IntrusionPrevention>
                    <TrafficShappingPolicy>None</TrafficShappingPolicy>
                    <ApplyNAT>CustomNatPolicy</ApplyNAT>
                    <OverrideGatewayDefaultNATPolicy>Disable</OverrideGatewayDefaultNATPolicy>
                    <PrimaryGateway/>
                    <OutboundAddress>MASQ</OutboundAddress>
                    <BackupGateway/>
                    <ScanHTTP>Disable</ScanHTTP>
                    <ScanHTTPS>Disable</ScanHTTPS>
                    <Sandstorm>Disable</Sandstorm>
                    <BlockQuickQuic>Disable</BlockQuickQuic>
                    <ScanFTP>Disable</ScanFTP>
                    <SourceSecurityHeartbeat>Disable</SourceSecurityHeartbeat>
                    <MinimumSourceHBPermitted>No Restriction</MinimumSourceHBPermitted>
                    <DestSecurityHeartbeat>Disable</DestSecurityHeartbeat>
                    <MinimumDestinationHBPermitted>No Restriction</MinimumDestinationHBPermitted>
                </SecurityPolicy>
            </Set>
        </Request>
    "@

    $REQUEST = "$firewall$APIcall$xmlrequest"

    Invoke-WebRequest -Uri $REQUEST