public/New-ASM.ps1
|
Function New-ASMPolicy { <# .SYNOPSIS Creates a new ASM policy. .PARAMETER name The new name of the ASM policy .EXAMPLE New-ASMPolicy -name Test_ASM Creates a new ASM policy named Test_ASM .EXAMPLE .NOTES Requires F5-LTM modules from github #> [cmdletBinding()] param( [Alias("acl Name")] [Parameter(Mandatory=$true)] [string[]]$policyname='' ) begin { if( $F5Session.WebSession.Headers.'Token-Expiration' -lt (date) ){ Write-Warning "F5 Session Token is Expired. Please re-connect to the F5 device." break } #Test that the F5 session is in a valid format Test-F5Session($F5Session) #if statement below adds acl order if param is present or blank if false } process { foreach ($name in $policyname) { $JSONBody = @" { "commands": [ { "uri": "/mgmt/tm/asm/policies", "body": { "type": "security", "name": "$policyname", "caseInsensitive": false, "protocolIndependent": false, "partition": "Common", "applicationLanguage": "utf-8", "enforcementMode": "blocking", "policy-builder": { "learningMode": "automatic" }, "signature-settings": { "signatureStaging": true }, "general": { "enforcementReadinessPeriod": 7 }, "templateReference": { "link": "/mgmt/tm/asm/policy-templates/KGO8Jk0HA4ipQRG8Bfd_Dw" } }, "method": "POST" } ] } "@ $uri = $F5Session.BaseURL.Replace('/ltm/','/asm/tasks/bulk') try{ $response = Invoke-RestMethodOverride -Method Post -Uri $URI -Body $JSONBody -ContentType 'application/json' -WebSession $F5Session.WebSession Write-Verbose "New AMS policy creation task started..." } catch { Write-Warning "Error creating ASM policy task." $_.ErrorDetails.Message break } #set uri to asm task iD $uri = $F5Session.BaseURL.Replace('/ltm/',"/asm/tasks/bulk/$($response.id)") $taskStatus = $false Write-Verbose "Checking Task..." #check until completed while( $taskStatus -eq $false ){ try{ $response = Invoke-RestMethodOverride -Method GET -Uri $URI -ContentType 'application/json' -WebSession $F5Session.WebSession Write-Verbose " [Status] $($response.status)" if ( $response.status -eq "FAILURE" ){ Write-Warning $response.errors; break; } if ( $response.status -eq "COMPLETED" ) { $taskStatus = $true } Sleep -Seconds 5 } catch { Write-Warning "Error checking ASM policy task." $response.errors break } }#while # required to check for error due to the way break cmd works if ( $response.status -eq "FAILURE" ){ break } #set uri to filer for newly create policy id $uri = $F5Session.BaseURL.Replace('/ltm/',"/asm/policies?`$filter=fullPath+eq+%27%2FCommon%2F$policyname%27&`$select=id") try{ $response = Invoke-RestMethodOverride -Method GET -Uri $URI -ContentType 'application/json' -WebSession $F5Session.WebSession $id = $response.items.id } catch { Write-Warning "Error Getting ASM policy ID." $_.ErrorDetails.Message break } #set uri for adding whitlist Ips $uri = $F5Session.BaseURL.Replace('/ltm/',"/asm/policies/$id/whitelist-ips") $json1 = @" { "ipAddress": "128.229.4.2", "ipMask": "255.255.255.255", "description": "", "trustedByPolicyBuilder": true, "neverLearnRequests": false, "neverLogRequests": false, "ignoreAnomalies": false, "ignoreIpReputation": false, "blockRequests": "policy-default" } "@ $json2 = @" { "ipAddress": "156.80.4.2", "ipMask": "255.255.255.255", "description": "", "trustedByPolicyBuilder": true, "neverLearnRequests": false, "neverLogRequests": false, "ignoreAnomalies": false, "ignoreIpReputation": false, "blockRequests": "policy-default" } "@ $json3 = @" { "ipAddress": "54.225.156.133", "ipMask": "255.255.255.255", "description": "", "trustedByPolicyBuilder": false, "neverLearnRequests": false, "neverLogRequests": false, "ignoreAnomalies": false, "ignoreIpReputation": false, "blockRequests": "policy-default" } "@ try{ #add first exemption IP $response = Invoke-RestMethodOverride -Method POST -Uri $URI -ContentType 'application/json' -Body $json1 -WebSession $F5Session.WebSession Write-Verbose "`nAdded 128.229.4.2 to whitelist..." #add second exemption IP $response = Invoke-RestMethodOverride -Method POST -Uri $URI -ContentType 'application/json' -Body $json2 -WebSession $F5Session.WebSession Write-Verbose "Added 156.80.4.2 to whitelist..." $response = Invoke-RestMethodOverride -Method POST -Uri $URI -ContentType 'application/json' -Body $json3 -WebSession $F5Session.WebSession Write-Verbose "Added 54.225.156.133 with 'Don't Trust' to whitelist..." } catch { Write-Warning "Error Adding Whitelist IP to ASM policy." $_.ErrorDetails.Message break } #set uri for patching readyness state $uri = $F5Session.BaseURL.Replace('/ltm/',"/asm/policies/$id/general") $JSONBody = "{`"enforcementReadinessPeriod`":7}" try{ #patch readyness period $response = Invoke-RestMethodOverride -Method Patch -Uri $URI -ContentType 'application/json' -Body $JSONBody -WebSession $F5Session.WebSession } catch { Write-Warning "Error Adding updating readyness period." $_.ErrorDetails.Message break } #set uri for patching ismodified state $uri = $F5Session.BaseURL.Replace('/ltm/',"/asm/policies/$id") $JSONBody = "{`"isModified`":false}" try{ #patch ismodified state $response = Invoke-RestMethodOverride -Method Patch -Uri $URI -ContentType 'application/json' -Body $JSONBody -WebSession $F5Session.WebSession } catch { Write-Warning "Error Adding updating ismodified state." $_.ErrorDetails.Message break } #set uri for completed policy $uri = $F5Session.BaseURL.Replace('/ltm/',"/asm/policies/$id") try{ #get completed policy $response = Invoke-RestMethodOverride -Method GET -Uri $URI -ContentType 'application/json' -WebSession $F5Session.WebSession $response } catch { Write-Warning "Error Retrieving ASM Policy." $_.ErrorDetails.Message break } }#foreach loop }#proccess loop }#function close |