Thursday, April 5, 2012

Forefront Threat Management Gateway: IP list with Powershell

I needed to add a *large* list of IP addresses to an installation of Microsoft's Forefront Threat Management Gateway. I was going to try and do this through the GUI, but soon came to find out that I was not able to load ips from a file, and would need to type every IP range in MANUALLY. No thanks.....

Once again, it seems its Powershell to the rescue (at least when it comes to Micro$oft products). Powershell has a COM object that allows FTMG to be configured from powershell using various methods/arrays/objects.

There is not much (in fact, barely any) documentation on this, but I found some very useful info and examples from this site

For this particular example, I was using a massive list from in the "IP Range Format". I just copied those addresses to a file on my machine.

/* Note: IF you choose to do a different format for the IP addresses other than
" -", this script will not work for you. You will have to do some editing to get yours working properly.*/

Here is the script I ended up with. I put #placeholders# for variables that you will need to fill in for your particular scenario.

$rootobject = New-object -com FPC.root
$array = $rootobject.getcontainingarray()
$file = "#ipfile.txt#"
$fileclean = cat $file | foreach-object {$_.split("-")} |
foreach-object {$_.trim()}
$networkname = "#networknamegoeshere#"
$fileclean | foreach-object {

           if ($i -eq 1){

                               $ip1 = $_

           if ($i -eq 2){
                               $ip2 = $_

       $i++; if ($i -eq 3) {$i = 1}


No comments:

Post a Comment