I needed to add a *large* list of IP addresses to an installation of Microsoft's Forefront Threat Management Gateway. I was going to try and do this through the GUI, but soon came to find out that I was not able to load ips from a file, and would need to type every IP range in MANUALLY. No thanks.....
Once again, it seems its Powershell to the rescue (at least when it comes to Micro$oft products). Powershell has a COM object that allows FTMG to be configured from powershell using various methods/arrays/objects.
There is not much (in fact, barely any) documentation on this, but I found some very useful info and examples from this site http://merddyn.wordpress.com/2009/05/05/managing-isa-with-powershell-primer/.
For this particular example, I was using a massive list from http://www.countryipblocks.net/ in the "IP Range Format". I just copied those addresses to a file on my machine.
/* Note: IF you choose to do a different format for the IP addresses other than
"192.168.5.1 - 192.168.5.255", this script will not work for you. You will have to do some editing to get yours working properly.*/
Here is the script I ended up with. I put #placeholders# for variables that you will need to fill in for your particular scenario.
$rootobject = New-object -com FPC.root
$array = $rootobject.getcontainingarray()
$file = "#ipfile.txt#"
$fileclean = cat $file | foreach-object {$_.split("-")} |
foreach-object {$_.trim()}
$networkname = "#networknamegoeshere#"
$i=1
$array.networkconfiguration.networks.add($networkname)
$fileclean | foreach-object {
if ($i -eq 1){
$ip1 = $_
}
if ($i -eq 2){
$ip2 = $_
$array.networkconfiguration.Networks.item($networkname).IpRangeSet.add($ip1,$ip2)
}
$i++; if ($i -eq 3) {$i = 1}
}
$array.networkconfiguration.save()
$array.applychanges()
No comments:
Post a Comment