Classes/Main/PaSecurityPolicy.Class.ps1
|
class PaSecurityPolicy { # General [int]$Number [string]$Name [string]$RuleType = 'universal' [string]$Description [string[]]$Tags # Source [string[]]$SourceZone [string[]]$SourceAddress = 'any' # User [string[]]$SourceUser = 'any' [string[]]$HipProfile = 'any' # Destination [string[]]$DestinationZone [string[]]$DestinationAddress = 'any' # Application [string[]]$Application = 'any' # Service/Url Category [string[]]$Service = 'application-default' [string[]]$UrlCategory = 'any' # Actions ## Action Setting [string]$Action = 'allow' [bool]$SendIcmpUnreachable ## Profile Setting [string]$ProfileType [string]$GroupProfile [string]$Antivirus [string]$VulnerabilityProtection [string]$AntiSpyware [string]$UrlFiltering [string]$FileBlocking [string]$DataFiltering [string]$WildFireAnalysis ## Log Setting [bool]$LogAtSessionStart [bool]$LogAtSessionEnd [string]$LogForwarding ## Other Settings [string]$Schedule [string]$QosType [string]$QosMarking [bool]$Dsri ###################################### Methods ####################################### # ToXml [Xml] ToXml() { [xml]$Doc = New-Object System.Xml.XmlDocument $root = $Doc.CreateNode("element","rules",$null) # Start Entry Node $EntryNode = $Doc.CreateNode("element","entry",$null) $EntryNode.SetAttribute("name",$this.Name) ########################################## # General # RuleType $PropertyNode = $Doc.CreateNode("element",'rule-type',$null) $PropertyNode.InnerText = $this.RuleType $EntryNode.AppendChild($PropertyNode) # Description if ($this.Description) { $PropertyNode = $Doc.CreateNode("element",'description',$null) $PropertyNode.InnerText = $this.Description $EntryNode.AppendChild($PropertyNode) } # Tags if ($this.Tags) { # Tag Members $MembersNode = $Doc.CreateNode("element",'tag',$null) foreach ($member in $this.Tags) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) } ########################################## # Source # SourceZone $MembersNode = $Doc.CreateNode("element",'from',$null) foreach ($member in $this.SourceZone) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) # SourceAddress $MembersNode = $Doc.CreateNode("element",'source',$null) foreach ($member in $this.SourceAddress) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) ########################################## # User # SourceUser $MembersNode = $Doc.CreateNode("element",'source-user',$null) foreach ($member in $this.SourceUser) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) # HipProfile $MembersNode = $Doc.CreateNode("element",'hip-profiles',$null) foreach ($member in $this.HipProfile) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) ########################################## # Destination # DestinationZone $MembersNode = $Doc.CreateNode("element",'to',$null) foreach ($member in $this.DestinationZone) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) # DestinationAddress $MembersNode = $Doc.CreateNode("element",'destination',$null) foreach ($member in $this.DestinationAddress) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) ########################################## # Application # Application $MembersNode = $Doc.CreateNode("element",'application',$null) foreach ($member in $this.Application) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) ########################################## # Service/Url # Service $MembersNode = $Doc.CreateNode("element",'service',$null) foreach ($member in $this.Service) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) # UrlCategory $MembersNode = $Doc.CreateNode("element",'category',$null) foreach ($member in $this.UrlCategory) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $EntryNode.AppendChild($MembersNode) ########################################## # Actions ################ # Action Setting # Action $PropertyNode = $Doc.CreateNode("element",'action',$null) $PropertyNode.InnerText = $this.Action $EntryNode.AppendChild($PropertyNode) # SendIcmpUnreachable $PropertyNode = $Doc.CreateNode("element",'icmp-unreachable',$null) $PropertyNode.InnerText = [HelperApi]::TranslateBoolToPa($this.SendIcmpUnreachable) $EntryNode.AppendChild($PropertyNode) ################ # Profile Setting # add profile-setting node $PropertyNode = $Doc.CreateNode("element",'profile-setting',$null) switch ($this.ProfileType) { 'group' { # group node $MembersNode = $Doc.CreateNode("element",'group',$null) foreach ($member in $this.UrlCategory) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $PropertyNode.AppendChild($MembersNode) } 'profiles' { # profiles node $ProfilesNode = $Doc.CreateNode("element",'profiles',$null) # Antivirus $MembersNode = $Doc.CreateNode("element",'virus',$null) foreach ($member in $this.Antivirus) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $ProfilesNode.AppendChild($MembersNode) # VulnerabilityProtection $MembersNode = $Doc.CreateNode("element",'vulnerability',$null) foreach ($member in $this.VulnerabilityProtection) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $ProfilesNode.AppendChild($MembersNode) # AntiSpyware $MembersNode = $Doc.CreateNode("element",'spyware',$null) foreach ($member in $this.AntiSpyware) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $ProfilesNode.AppendChild($MembersNode) # UrlFiltering $MembersNode = $Doc.CreateNode("element",'url-filtering',$null) foreach ($member in $this.UrlFiltering) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $ProfilesNode.AppendChild($MembersNode) # FileBlocking $MembersNode = $Doc.CreateNode("element",'file-blocking',$null) foreach ($member in $this.FileBlocking) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $ProfilesNode.AppendChild($MembersNode) # DataFiltering $MembersNode = $Doc.CreateNode("element",'data-filtering',$null) foreach ($member in $this.DataFiltering) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $ProfilesNode.AppendChild($MembersNode) # WildFireAnalysis $MembersNode = $Doc.CreateNode("element",'wildfire-analysis',$null) foreach ($member in $this.WildFireAnalysis) { $MemberNode = $Doc.CreateNode("element",'member',$null) $MemberNode.InnerText = $member $MembersNode.AppendChild($MemberNode) } $ProfilesNode.AppendChild($MembersNode) # add to profile-setting node $PropertyNode.AppendChild($ProfilesNode) } } # add profile-settings node $EntryNode.AppendChild($PropertyNode) ################ # Log Setting # LogAtSessionStart $PropertyNode = $Doc.CreateNode("element",'log-start',$null) $PropertyNode.InnerText = [HelperApi]::TranslateBoolToPa($this.LogAtSessionStart) $EntryNode.AppendChild($PropertyNode) # LogAtSessionEnd $PropertyNode = $Doc.CreateNode("element",'log-end',$null) $PropertyNode.InnerText = [HelperApi]::TranslateBoolToPa($this.LogAtSessionEnd) $EntryNode.AppendChild($PropertyNode) # LogForwarding $PropertyNode = $Doc.CreateNode("element",'log-setting',$null) $PropertyNode.InnerText = $this.LogForwarding $EntryNode.AppendChild($PropertyNode) ################ # Other Settings # Schedule $PropertyNode = $Doc.CreateNode("element",'schedule',$null) $PropertyNode.InnerText = $this.Schedule $EntryNode.AppendChild($PropertyNode) # qos node $PropertyNode = $Doc.CreateNode("element",'qos',$null) # qos node $MarkingNode = $Doc.CreateNode("element",'qos',$null) switch ($this.QosType) { 'FollowC2S' { $QosTypeNode = $Doc.CreateNode("element",'follow-c2s-flow',$null) $MarkingNode.AppendChild($QosTypeNode) continue } 'IpDscp' { $QosTypeNode = $Doc.CreateNode("element",'ip-dscp',$null) $QosTypeNode.InnerText = $this.QosMarking $MarkingNode.AppendChild($QosTypeNode) continue } 'IpPrecedence' { $QosTypeNode = $Doc.CreateNode("element",'ip-precedence',$null) $QosTypeNode.InnerText = $this.QosMarking $MarkingNode.AppendChild($QosTypeNode) continue } } # add qos node $PropertyNode.AppendChild($MarkingNode) # add qos node $EntryNode.AppendChild($PropertyNode) # Dsri # option node $PropertyNode = $Doc.CreateNode("element",'option',$null) # DsriNode $DsriNode = $Doc.CreateNode("element",'disable-server-response-inspection',$null) $DsriNode.InnerText = [HelperApi]::TranslateBoolToPa($this.Dsri) $PropertyNode.AppendChild($DsriNode) # add option node $EntryNode.AppendChild($PropertyNode) # Append Entry to Root and Root to Doc $root.AppendChild($EntryNode) $Doc.AppendChild($root) return $Doc } ##################################### Initiators ##################################### # Initiator PaSecurityPolicy([string]$Name) { $this.Name = $Name } } |