Created
November 12, 2021 16:53
-
-
Save felixlindemann/ac65137d40cd5d46aa4101a0a10cab17 to your computer and use it in GitHub Desktop.
Sophos UTM IPSec Turn off and again
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ### 2019-08-13 ### | |
| <# .SYNOPSIS | |
| Reset of VPN-Tunnel per Powershel. | |
| .DESCRIPTION | |
| SOPHOS-API is used to Reset the IPSec VPN-Tunnel | |
| .NOTES | |
| Change the APi-Token from time to time in sophos. | |
| API Token can be added at https:// + $IP + :4444/ --> Verwaltung --> Webdamin --> Restfull API --> Token | |
| .COMPONENT | |
| to avoid certificate issues, certificate warnings are ignroed. #> | |
| param( | |
| [Parameter(Mandatory=$true)] | |
| [string]$IP, | |
| [Parameter(Mandatory=$true)] | |
| [string]$token, | |
| [Parameter(Mandatory=$false)] | |
| [int] $secondsToSleep = 8 # defines the timespan in seconds that is used to wait before turning the IPSecs on again. | |
| # This is to ensure, the IPSec really went down. | |
| ) | |
| # ignore certificate warnings | |
| add-type @" | |
| using System.Net; | |
| using System.Security.Cryptography.X509Certificates; | |
| public class TrustAllCertsPolicy : ICertificatePolicy { | |
| public bool CheckValidationResult( | |
| ServicePoint srvPoint, X509Certificate certificate, | |
| WebRequest request, int certificateProblem) { | |
| return true; | |
| } | |
| } | |
| "@ | |
| [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy | |
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Ssl3, [Net.SecurityProtocolType]::Tls, [Net.SecurityProtocolType]::Tls11, [Net.SecurityProtocolType]::Tls12 | |
| try | |
| { | |
| # convert token to Base64 | |
| $tokenBase64 = [Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes("token:" + $token)) | |
| # prepare Header | |
| $headers = @{} | |
| $headers.add("Authorization",'Basic ' + $tokenBase64) | |
| $headers.add("Content-Type", "application/json") | |
| $headers.add("Accept", "application/json") | |
| # prepare target URI | |
| # IP can be an URL as well | |
| $uri="https://" + $IP +":4444/api/objects/ipsec_connection/site_to_site/" | |
| # create a key-value pair with ref as key, name as value for each IPSec | |
| $tunnel= @{} | |
| $response = Invoke-RestMethod -Uri $uri -Method GET -Headers $headers | |
| for($i=0; $i -lt $response.length; $i++){ | |
| $x = $response[$i] | |
| $tunnel.add( $x._ref , $x.name ) | |
| } | |
| # Reset all IPSec on UTM | |
| $states = @( $false, $true ) # First turn off (=$false) then back on -(=$true) again | |
| for ($i=0; $i -lt $states.length; $i++){ | |
| # foreach Tunnel | |
| foreach($t in $tunnel.Keys){ | |
| # define endpoint for this specific tunnel | |
| $url = $uri + $t | |
| #define Json-Payload | |
| $ProfileBody = @{ | |
| "status" = $states[$i]; | |
| } | |
| # Perform API-Call | |
| $obj = Invoke-RestMethod -Uri $url -Method PATCH -Headers $headers -body (ConvertTo-Json $ProfileBody) | |
| # evalutate Result | |
| if($obj._ref -eq $t){ | |
| # success | |
| } else { | |
| throw "Error during Reset of IPSec." | |
| } | |
| } | |
| #wait before turning on againg / before exit | |
| Start-Sleep -s $secondsToSleep | |
| } | |
| } | |
| catch | |
| { | |
| Write-Host " Error..." | |
| Write-Host " ------------------------------------------------------------------------------------------------------------------- " | |
| Write-Host " ############################################ Error Description ################################################### " | |
| Write-Host " ------------------------------------------------------------------------------------------------------------------- " | |
| Write-Host "" | |
| Write-Host $PSItem.ToString() | |
| Write-Host "" | |
| Write-Host " ------------------------------------------------------------------------------------------------------------------- " | |
| Start-Sleep -s $secondsToSleep | |
| Write-Host " ------------------------------------------------------------------------------------------------------------------- " | |
| Start-Sleep -s $secondsToSleep | |
| Write-Host " ------------------------------------------------------------------------------------------------------------------- " | |
| Start-Sleep -s $secondsToSleep | |
| Write-Host " ------------------------------------------------------------------------------------------------------------------- " | |
| Start-Sleep -s $secondsToSleep | |
| Write-Host " ------------------------------------------------------------------------------------------------------------------- " | |
| Start-Sleep -s $secondsToSleep | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment