UniFiTooling

1.0.9

UseCases/UpdateUniFiWithLatestExchangeOnlineEndpoints.ps1

                                #requires -Version 3.0 -Modules UniFiTooling

<#

      .SYNOPSIS

      Update the UniFi with the latest Exchange Online Endpoints

      .DESCRIPTION

      Update existing UniFi Firewall Groups with the latest Exchange Online Endpoints. This script supports IPv4 and IPv6.

      .EXAMPLE

      PS C:\> .\UpdateUniFiWithLatestExchangeOnlineEndpoints.ps1

      Update the UniFi with the latest Exchange Online Endpoints

      .NOTES

      Just a use case demo

      This script updates the following USG Firewall Groups:

      - ExchangeOnline-Sumission-IPv6

      - ExchangeOnline-Sumission-IPv4

      - ExchangeOnline-SMTP-IPv6

      - ExchangeOnline-SMTP-IPv4

      The Groups are hardcoded in this sample script!

      The script use my Get-Office365Endpoints to get the latest Exchange Online Endpoints from Microsoft.

      .LINK

      Get-Office365Endpoints

#>

[CmdletBinding(ConfirmImpact = 'None')]

param ()

begin

{

   # Create new objects

   $NewExo587EndpointsIPv4 = @()

   $NewExo587EndpointsIPv6 = @()

   $NewExo25EndpointsIPv4 = @()

   $NewExo25EndpointsIPv6 = @()

   # Login

   $null = (Invoke-UniFiApiLogin)

   # Safe ProgressPreference and Setup SilentlyContinue for the function

   $ExistingProgressPreference = ($ProgressPreference)

   $ProgressPreference = 'SilentlyContinue'

}

process

{

   try

   {

      # If you like to enforce the update, set SkipVersionCheck to $true

      $paramGetOffice365Endpoints = @{

         Instance         = 'Worldwide'

         Services         = 'Exchange'

         SkipVersionCheck = $false

      }

      $NewOffice365Endpoints = ((Get-Office365Endpoints @paramGetOffice365Endpoints) | Where-Object -FilterScript {

            ($PSItem.required -eq $true) -and (($PSItem.tcpPorts -eq '587') -or ($PSItem.tcpPorts -eq '25')) -and ($PSItem.ip -ne $null)

      } | Select-Object -Property ip, tcpPorts)

      $NewExo587Endpoints = ($NewOffice365Endpoints | Where-Object -FilterScript {

            ($PSItem.tcpPorts -eq '587')

      } | Select-Object -Property ip)

      foreach ($item in $NewExo587Endpoints.ip)

      {

         # Split IPv6 and IPv4

         if ($item -match ':')

         {

            $NewExo587EndpointsIPv6 = $NewExo587EndpointsIPv6 + $item

         }

         elseif ($item -match '.')

         {

            $NewExo587EndpointsIPv4 = $NewExo587EndpointsIPv4 + $item

         }

      }

      # Create a Ubiquiti UniFi compatible IPv6 List

      $NewExo587EndpointsIPv6 = ($NewExo587EndpointsIPv6 | Sort-Object -Unique | Invoke-UniFiCidrWorkaround -6)

      # Modify the existing group

      $null = (Set-UnifiFirewallGroup -UnfiFirewallGroup 'ExchangeOnline-Sumission-IPv6' -UnifiCidrInput $NewExo587EndpointsIPv6)

      # Create a Ubiquiti UniFi compatible IPv4 List

      $NewExo587EndpointsIPv4 = ($NewExo587EndpointsIPv4 | Sort-Object -Unique | Invoke-UniFiCidrWorkaround)

      # Modify the existing group

      $null = (Set-UnifiFirewallGroup -UnfiFirewallGroup 'ExchangeOnline-Sumission-IPv4' -UnifiCidrInput $NewExo587EndpointsIPv4)

      $NewExo25Endpoints = ($NewOffice365Endpoints | Where-Object -FilterScript {

            ($PSItem.tcpPorts -eq '25')

      } |  Select-Object -Property ip)

      # Create new objects

      foreach ($item in $NewExo25Endpoints.ip)

      {

         # Split IPv6 and IPv4

         if ($item -match ':')

         {

            $NewExo25EndpointsIPv6 = $NewExo25EndpointsIPv6 + $item

         }

         elseif ($item -match '.')

         {

            $NewExo25EndpointsIPv4 = $NewExo25EndpointsIPv4 + $item

         }

      }

      # Create a Ubiquiti UniFi compatible IPv6 List

      $NewExo25EndpointsIPv6 = ($NewExo25EndpointsIPv6 | Sort-Object -Unique | Invoke-UniFiCidrWorkaround -6)

      # Modify the existing group

      $null = (Set-UnifiFirewallGroup -UnfiFirewallGroup 'ExchangeOnline-SMTP-IPv6' -UnifiCidrInput $NewExo25EndpointsIPv6)

      # Create a Ubiquiti UniFi compatible IPv4 List

      $NewExo25EndpointsIPv4 = ($NewExo25EndpointsIPv4 | Sort-Object -Unique | Invoke-UniFiCidrWorkaround)

      # Modify the existing group

      $null = (Set-UnifiFirewallGroup -UnfiFirewallGroup 'ExchangeOnline-SMTP-IPv4' -UnifiCidrInput $NewExo25EndpointsIPv4)

   }

   catch

   {

      # get error record

      [Management.Automation.ErrorRecord]$e = $_

      # retrieve information about runtime error

      $info = [PSCustomObject]@{

         Exception = $e.Exception.Message

         Reason    = $e.CategoryInfo.Reason

         Target    = $e.CategoryInfo.TargetName

         Script    = $e.InvocationInfo.ScriptName

         Line      = $e.InvocationInfo.ScriptLineNumber

         Column    = $e.InvocationInfo.OffsetInLine

      }

      # output information. Post-process collected info, and log info (optional)

      Write-Warning -Message $info

   }

}

end

{

   # Logoff

   $null = (Invoke-UniFiApiLogout)

   # Restore ProgressPreference

   $ProgressPreference = $ExistingProgressPreference

}