├── Get-ADCVServerConfig.ps1 └── README.md /Get-ADCVServerConfig.ps1: -------------------------------------------------------------------------------- 1 | # NetScaler Configuration Extractor 2 | # Note: This script works on Windows 10, but the regex match group commands fail on Windows 7 3 | 4 | param ( 5 | # Full path to source config file saved from NetScaler (System > Diagnostics > Running Configuration) 6 | # If set to "", then the script will prompt for the file. 7 | [string]$configFile = "", 8 | #$configFile = "$env:userprofile\Downloads\nsrunning.conf" 9 | 10 | # Name of vServer - or VIP - case insensitive 11 | # Partial match supported - if more than one match, the script will prompt for a selection. Set it to "" to list all vServers. 12 | # If vserver name is exact match for one vserver, that vserver will be used, even if it's a substring match for another vserver 13 | [string]$vserver = "", 14 | 15 | # Optional filename to save output - file will be overwritten 16 | # If you intend to batch import to NetScaler, then no spaces or capital letters in the file name. 17 | # If set to "screen", then output will go to screen. 18 | # If set to "", then the script will prompt for a file. Clicking cancel will output to the screen. 19 | #[string]$outputFile = "", 20 | #[string]$outputFile = "screen", 21 | [string]$outputFile = "$env:userprofile\Downloads\nsconfig.conf", 22 | #[string]$outputFile = "$env:HOME/Downloads/nsconfig.conf", 23 | 24 | # Optional text editor to open saved output file - text editor should handle UNIX line endings (e.g. Wordpad or Notepad++) 25 | [string]$textEditor = "notepad++.exe", 26 | 27 | # Optional get CSW vserver Binds for selected LB and/or VPN virtual server 28 | [switch]$cswBind, 29 | 30 | # Max # of nFactor Next Factors to extract 31 | [int]$nFactorNestingLevel = 5 32 | ) 33 | 34 | # Change Log 35 | # ---------- 36 | # 2024 Sep 25 - added "add monitor" instead of "add lb monitor" 37 | # 2023 June 30 - added port numbers to VIP list; bug fixes 38 | # 2022 Sep 20 - added bot management 39 | # 2022 July 10 - added support for * in object names (e.g., *.corp.com) 40 | # 2021 Nov 4 - performance improvements 41 | # 2021 Oct 15 - output SAML SSO Actions; performance improvements 42 | # 2021 Jun 1 - added search "policy expressions" for other appexpert objects 43 | # 2021 May 27 - added messageactions to output 44 | # 2021 Apr 30 - fixed named expressions 45 | # 2021 Apr 30 - added: get variables from expressions; get variable assignments from responders 46 | # 2021 Apr 27 - fixed sorting of Backup vServers 47 | # 2021 Apr 20 - added DISABLED state to VIP selection screen 48 | # 2021 Feb 5 - fixed TACACS policies and Local Authentication Policies, including global 49 | # 2020 Dec 7 - added Captcha action and NoAuth action 50 | # 2020 Dec 7 - added parameter to set nFactor nesting level 51 | # 2020 Dec 7 - sorted authentication policylabels so NextFactors are created first 52 | # 2019 Jun 3 - added RNAT; added OTP Push Service; added partitions; added Azure Keys 53 | # 2019 Apr 22 - added vServer VIP extraction from other commands (e.g. LDAP Action) 54 | # 2019 Apr 15 - fixed server enumeration 55 | # 2019 Apr 7 - reordered Policy Expression output 56 | # 2019 Apr 1 - new "Sys" option to extract System Settings 57 | # 2019 Mar 6 - fixed Visualizer substring match, and added emailAction 58 | # 2018 Dec 27 - fix aaa tm trafficpolicy/action aaa kcdAccount output (BKF) 59 | # 2018 Dec 2 - added nFactor Visualizer for AAA vServers 60 | # 2018 Nov 19 - MacOS: added List Dialog to select vServers. fix: dialogfocus (BKF) 61 | # 2018 Nov 17 - changed vServer selection to Out-GridView (GUI) 62 | # 2018 Nov 16 - support for MacOS popups for nsconf and saveas. Switch for sort to Sort-object to support MacOs & Powershell core 6 63 | # 2018 Nov 5 - check text editor existince (h/t Bjørn-Kåre Flister) 64 | # 2018 Nov 5 - switch to extract CS vServer for selected LB/VPN/AAA vServer (h/t Bjørn-Kåre Flister) 65 | # 2018 Sep 19 - fixed SAML Policy and SAML Action 66 | # 2018 Sep 11 - parameterized the script, fixed specified vServer 67 | # 2018 July 22 - added ICA Parameters to VPN Global Settings 68 | # 2018 July 18 - added preauthentication policy, added AlwaysOn profile 69 | # 2018 July 12 - added two levels of nFactor NextFactor extraction 70 | # 2018 July 8 - added DNS configuration to every extraction 71 | # 2018 July 7 - added GSLB Sites and rpcNodes 72 | # 2018 July 4 - extract local LB VIPs from Session Action URLs (e.g. StoreFront URL to local LB VIP) 73 | # 2018 July 3 - extract DNS vServers from "set vpn parameter" and Session Actions 74 | # 2018 July 3 - added "*" to select all vServers 75 | # 2018 July 3 - updated for 12.1 (SSL Log Profile, IP Set, Analytics Profile) 76 | # 2018 Jan 23 - skip gobal cache settings if cache feature is not enabled 77 | # 2018 Jan 4 - Sirius' Mark Scott added code to browse to open and save files. Added kcdaccounts to extraction. 78 | 79 | 80 | 81 | # Start of script code 82 | cls 83 | 84 | # Function to prompt the user for a NetScaler config file. 85 | # The NetScaler config file can be found in the System > Diagnostics > Running Configuration location in the GUI 86 | Function Get-InputFile($initialDirectory) 87 | { 88 | if ($IsMacOS){ 89 | $filename = (('tell application "SystemUIServer"'+"`n"+'activate'+"`n"+'set fileName to POSIX path of (choose file with prompt "NetScaler documentation file")'+"`n"+'end tell' | osascript -s s) -split '"')[1] 90 | if ([String]::IsNullOrEmpty($filename)){break}else{$filename} 91 | }else{ 92 | [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") | Out-Null 93 | $OpenFileDialog = New-Object System.Windows.Forms.OpenFileDialog 94 | $OpenFileDialog.Title = "Open NetScaler Config" 95 | $OpenFileDialog.initialDirectory = $initialDirectory 96 | $OpenFileDialog.filter = "NetScaler Config (*.conf)| *.conf|All files (*.*)|*.*" 97 | $OpenFileDialog.ShowDialog() | Out-Null 98 | $OpenFileDialog.filename 99 | } 100 | } 101 | 102 | # Function to prompt the user to save the output file 103 | Function Get-OutputFile($initialDirectory) 104 | { 105 | if ($IsMacOS){ 106 | $DefaultName = 'default name "nsconfig.conf"' 107 | if ($initialDirectory){ 108 | $DefaultLocation = 'default location "'+$initialDirectory+'"' 109 | } 110 | $filename = (('tell application "SystemUIServer"'+"`n"+'activate'+"`n"+'set theName to POSIX path of (choose file name '+$($DefaultName)+' '+$($DefaultLocation)+' with prompt "Save NetScaler documentation file as")'+"`n"+'end tell' | osascript -s s) -split '"')[1] 111 | $filename 112 | }else{ 113 | [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") | Out-Null 114 | $SaveFileDialog = New-Object System.Windows.Forms.SaveFileDialog 115 | $SaveFileDialog.Title = "Save Extracted Config" 116 | $SaveFileDialog.initialDirectory = $initialDirectory 117 | $SaveFileDialog.filter = "NetScaler Config File (*.conf)| *.conf|All files (*.*)|*.*" 118 | $SaveFileDialog.ShowDialog() | Out-Null 119 | $SaveFileDialog.filename 120 | } 121 | } 122 | 123 | 124 | # Run the Get-InputFile function to ask the user for the NetScaler config file 125 | if (!$configFile) { 126 | $configFile = Get-InputFile $inputfile 127 | } 128 | if (!$configFile) { exit } 129 | 130 | "Loading config file $configFile ...`n" 131 | 132 | $config = "" 133 | $config = Get-Content $configFile -ErrorAction Stop 134 | 135 | function printProgress ($origObjects, $NSObjectType) { 136 | # Check if anything was added and display 137 | $newObjects = @() 138 | if (-not $origObjects) { 139 | $newObjects = $nsObjects.$NSObjectType 140 | } else { 141 | $newObjects = (Compare-Object $origObjects $nsObjects.$NSObjectType).InputObject 142 | } 143 | if ($newObjects) 144 | { 145 | foreach ($newObject in $newObjects) { 146 | write-host (("Found {0,-25} " -f $NSObjectType) + $newObject) 147 | } 148 | } 149 | return $newObjects 150 | } 151 | 152 | # returns a regex clause with multiple objects or'd to speed up regex matching 153 | function getMatchExpression ($Objects) { 154 | # returns a regex clause with multiple objects or'd to speed up regex matching 155 | $matchExpression = "(" 156 | foreach ($uniqueObject in $Objects) { 157 | $uniqueObjectDots = $uniqueObject -replace "\.", "\." 158 | $uniqueObjectDots = $uniqueObjectDots -replace "\*", "\*" 159 | $matchExpression += $uniqueObjectDots + "|" 160 | } 161 | $matchExpression = $matchExpression.Substring(0,$matchExpression.length - 1) + ")" 162 | return $matchExpression 163 | } 164 | 165 | # searches matches for other objects (e.g., pattern set) 166 | # then adds all matches to the main matches hash table 167 | function addNSObject ($NSObjectType, $NSObjectName) { 168 | if (!$NSObjectName) { return } 169 | # write-host $NSObjectType $NSObjectName #Debug 170 | if (!$nsObjects.$NSObjectType) { $nsObjects.$NSObjectType = @()} 171 | $origObjects = $nsObjects.$NSObjectType 172 | $nsObjects.$NSObjectType += $NSObjectName 173 | $nsObjects.$NSObjectType = @($nsObjects.$NSObjectType | Select-Object -Unique) 174 | 175 | $newObjects = printProgress $origObjects $NSObjectType 176 | if (!$newObjects) {return} 177 | 178 | # Get Filtered Config for the object being added to check for policy sub-objects 179 | # Don't match "-" to prevent "add serviceGroup -netProfile" 180 | # Ensure there's whitespace before match to prevent substring matches (e.g. server matching MyServer) 181 | 182 | $filteredConfig = "" 183 | 184 | $matchExpression = getMatchExpression $newObjects 185 | $filteredConfig = $config -match "[^-\S]" + $NSObjectType + " " + $matchExpression + "[^\S]" 186 | if (!$filteredConfig) {$filteredConfig = $uniqueObject} 187 | 188 | # Look in expressions for other objects 189 | if ($filteredConfig -match '["|(]' ) { 190 | # Look for Pattern Sets 191 | $foundObjects = getNSObjects $filteredConfig "policy patset" 192 | if ($foundObjects) { 193 | $origObjects = $nsObjects."policy patset" 194 | $nsObjects."policy patset" += $foundObjects 195 | $nsObjects."policy patset" = @($nsObjects."policy patset" | Select-Object -Unique) 196 | $newObjects = printProgress $origObjects "policy patset" 197 | } 198 | 199 | # Look for Data Sets 200 | $foundObjects = getNSObjects $filteredConfig "policy dataset" 201 | if ($foundObjects) { 202 | $nsObjects."policy dataset" += $foundObjects 203 | $nsObjects."policy dataset" = @($nsObjects."policy dataset" | Select-Object -Unique) 204 | } 205 | 206 | # Look for String Maps 207 | $foundObjects = getNSObjects $filteredConfig "policy stringmap" 208 | if ($foundObjects) { 209 | $nsObjects."policy stringmap" += $foundObjects 210 | $nsObjects."policy stringmap" = @($nsObjects."policy stringmap" | Select-Object -Unique) 211 | } 212 | 213 | # Look for URL Sets 214 | $foundObjects = getNSObjects $filteredConfig "policy urlset" 215 | if ($foundObjects) { 216 | $nsObjects."policy urlset" += $foundObjects 217 | $nsObjects."policy urlset" = @($nsObjects."policy urlset" | Select-Object -Unique) 218 | } 219 | 220 | # Look for Expressions 221 | $foundObjects = getNSObjects $filteredConfig "policy expression" 222 | if ($foundObjects) { 223 | addNsObject "policy expression" $foundObjects 224 | #$nsObjects."policy expression" += $foundObjects 225 | #$nsObjects."policy expression" = @($nsObjects."policy expression" | Select-Object -Unique) 226 | } 227 | 228 | # Look for Variables 229 | $foundObjects = getNSObjects $filteredConfig "ns variable" 230 | if ($foundObjects) { 231 | $nsObjects."ns variable" += $foundObjects 232 | $nsObjects."ns variable" = @($nsObjects."ns variable" | Select-Object -Unique) 233 | } 234 | 235 | # Look for Policy Maps 236 | $foundObjects = getNSObjects $filteredConfig "policy map" 237 | if ($foundObjects) { 238 | $nsObjects."policy map" += $foundObjects 239 | $nsObjects."policy map" = @($nsObjects."policy map" | Select-Object -Unique) 240 | } 241 | 242 | # Look for Limit Identifiers 243 | $foundObjects = getNSObjects $filteredConfig "ns limitIdentifier" 244 | if ($foundObjects) { 245 | $nsObjects."ns limitIdentifier" += $foundObjects 246 | $nsObjects."ns limitIdentifier" = @($nsObjects."ns limitIdentifier" | Select-Object -Unique) 247 | } 248 | 249 | # Look for Stream Identifiers 250 | $foundObjects = getNSObjects $filteredConfig "stream identifier" 251 | if ($foundObjects) { 252 | $nsObjects."stream identifier" += $foundObjects 253 | $nsObjects."stream identifier" = @($nsObjects."stream identifier" | Select-Object -Unique) 254 | } 255 | 256 | # Look for Policy Extensions 257 | $foundObjects = getNSObjects $filteredConfig "ns extension" 258 | if ($foundObjects) { 259 | $origObjects = $nsObjects."ns extension" 260 | $nsObjects."ns extension" += $foundObjects 261 | $nsObjects."ns extension" = @($nsObjects."ns extension" | Select-Object -Unique) 262 | printProgress $origObjects "ns extension" 263 | } 264 | 265 | # Look for Callouts 266 | if ($filteredConfig -match "CALLOUT") { 267 | if (!$nsObjects."policy httpCallout") { $nsObjects."policy httpCallout" = @()} 268 | $nsObjects."policy httpCallout" += getNSObjects $filteredConfig "policy httpCallout" 269 | $nsObjects."policy httpCallout" = @($nsObjects."policy httpCallout" | Select-Object -Unique) 270 | } 271 | 272 | # Look for DNS Records 273 | $foundObjects = getNSObjects $filteredConfig "dns addRec" 274 | if ($foundObjects) 275 | { 276 | $nsObjects."dns addRec" += $foundObjects 277 | $nsObjects."dns addRec" = @($nsObjects."dns addRec" | Select-Object -Unique) 278 | } 279 | $foundObjects = getNSObjects $filteredConfig "dns nsRec" 280 | if ($foundObjects) 281 | { 282 | $nsObjects."dns nsRec" += $foundObjects 283 | $nsObjects."dns nsRec" = @($nsObjects."dns nsRec" | Select-Object -Unique) 284 | } 285 | 286 | # Look for vServer VIPs 287 | if ($filteredConfig -match "\d+\.\d+\.\d+\.\d+" -and $NSObjectType -notmatch " vserver") { 288 | $objectsToAdd = getNSObjects $filteredConfig "lb vserver" 289 | if ($objectsToAdd) { 290 | if (!$nsObjects."lb vserver") { $nsObjects."lb vserver" = @()} 291 | $nsObjects."lb vserver" += getNSObjects $filteredConfig "lb vserver" 292 | $nsObjects."lb vserver" = @($nsObjects."lb vserver" | Select-Object -Unique) 293 | GetLBvServerBindings $objectsToAdd 294 | } 295 | 296 | $objectsToAdd = getNSObjects $filteredConfig "cs vserver" 297 | if ($objectsToAdd) { 298 | if (!$nsObjects."cs vserver") { $nsObjects."cs vserver" = @()} 299 | $nsObjects."cs vserver" += getNSObjects $filteredConfig "cs vserver" 300 | $nsObjects."cs vserver" = @($nsObjects."cs vserver" | Select-Object -Unique) 301 | } 302 | 303 | $objectsToAdd = getNSObjects $filteredConfig "vpn vserver" 304 | if ($objectsToAdd) { 305 | if (!$nsObjects."vpn vserver") { $nsObjects."vpn vserver" = @()} 306 | $nsObjects."vpn vserver" += getNSObjects $filteredConfig "vpn vserver" 307 | $nsObjects."vpn vserver" = @($nsObjects."vpn vserver" | Select-Object -Unique) 308 | } 309 | } 310 | } 311 | 312 | } 313 | 314 | 315 | # Search for objects of type bound to selected vservers 316 | function getNSObjects ($matchConfig, $NSObjectType, $paramName, $position) { 317 | if ($paramName -and !($matchConfig -match $paramName)) { 318 | return 319 | } 320 | 321 | # Read all objects of type from from full config 322 | # Cache objects to speed up multiple iterations of this function 323 | if ($nsObjectsCache.$NSObjectType) { 324 | $objectsAll = $nsObjectsCache.$NSObjectType 325 | } else { 326 | $objectsAll = $config | select-string -Pattern ('^(add|set|bind) ' + $NSObjectType + ' (".*?"|[^-"]\S+)($| )') | ForEach-Object {$_.Matches.Groups[2].value} 327 | $objectsAll = $objectsAll | Where-Object { $nsObjects.$NSObjectType -notcontains $_ } 328 | $objectsAll = $objectsAll | sort-object -Unique 329 | $nsObjectsCache.$NSObjectType = $objectsAll 330 | } 331 | 332 | if ($objectsAll.length -eq 0) {return} 333 | 334 | # if looking for matching vServers, also match on VIPs 335 | if ($NSObjectType -match " vserver") { 336 | $VIPsAll = $config | select-string -Pattern ('^add ' + $NSObjectType + ' (".*?"|[^-"]\S+) \S+ (\d+\.\d+\.\d+\.\d+) (\d+)') | ForEach-Object { 337 | @{ 338 | VIP = $_.Matches.Groups[2].value 339 | Name = $_.Matches.Groups[1].value 340 | Port = $_.Matches.Groups[3].value 341 | } 342 | } 343 | $VIPsAll = $VIPsAll | Where-Object {$_.VIP -ne "0.0.0.0"} 344 | } 345 | 346 | # if ($NSObjectType -match "ssl certKey") 347 | # { write-host $objectCandidate} 348 | 349 | # Strip Comments 350 | $matchConfig = $matchConfig | ForEach-Object {$_ -replace '-comment ".*?"' } 351 | 352 | # Build Position matching string - match objectCandidate after the # of positions - avoids Action name matching Policy name 353 | if ($position) { 354 | $positionString = "" 355 | 1..($position) | ForEach-Object { 356 | $positionString += '(".*?"|[^"]\S+) ' 357 | } 358 | $positionString += ".* " 359 | } 360 | 361 | # Match objects to matchConfig 362 | # optional searchHint helps prevent too many matches (e.g. "tcp") 363 | $objectMatches = @() 364 | foreach ($objectCandidate in $objectsAll) { 365 | 366 | # For regex, replace dots with escaped dots and escaped * 367 | $objectCandidateDots = $objectCandidate -replace "\.", "\." 368 | $objectCandidateDots = $objectCandidateDots -replace "\*", "\*" 369 | 370 | 371 | # Trying to avoid substring matches 372 | if ($paramName) { 373 | # Compare candidate to term immediately following parameter name 374 | if (($matchConfig -match ($paramName + " " + $objectCandidateDots + "$" )) -or ($matchConfig -match ($paramName + " " + $objectCandidateDots + " "))) { 375 | $objectMatches += $objectCandidate 376 | } 377 | } elseif ($position) { 378 | # Compare candidate to all terms after the specified position # - avoids action name matching policy name 379 | if (($matchConfig -match ($positionString + $objectCandidateDots + "$")) -or ($matchConfig -match ($positionString + $objectCandidateDots + " "))) { 380 | $objectMatches += $objectCandidate 381 | # if ($objectCandidate -match "storefront") { write-host $objectCandidate;write-host ($matchConfig);read-host} 382 | } 383 | } elseif (($matchConfig -match (" " + $objectCandidateDots + "$")) -or ($matchConfig -match (" " + $objectCandidateDots + " "))) { 384 | # Look for candidate at end of string, or with spaces surrounding it - avoids substring matches 385 | 386 | $objectMatches += $objectCandidate 387 | } elseif (($matchConfig -match ('"' + $objectCandidateDots + '\\"')) -or ($matchConfig -match ('\(' + $objectCandidateDots + '\)"'))) { 388 | # Look for AppExpert objects (e.g. policy sets, callouts) in policy expressions that don't have spaces around it 389 | 390 | $objectMatches += $objectCandidate 391 | } elseif (($matchConfig -match ('//' + $objectCandidateDots)) -or ($matchConfig -match ($objectCandidateDots + ':'))) { 392 | # Look in URLs for DNS records 393 | 394 | $objectMatches += $objectCandidate 395 | } elseif (($matchConfig -match ('\.' + $objectCandidateDots + '(\.|"|\(| )'))) { 396 | # Look in Policy Expressions for Policy Extensions - .extension. or .extension" or .extension( or .extension 397 | 398 | $objectMatches += $objectCandidate 399 | } elseif (($NSObjectType -match "variable") -and ($matchConfig -match ('\$' + $objectCandidateDots))) { 400 | # Look for variables 401 | 402 | $objectMatches += $objectCandidate 403 | } elseif (($NSObjectType -match "expression") -and (($matchConfig -match ($objectCandidateDots + "\.") -or ($matchConfig -match ($objectCandidateDots + '\"'))))) { 404 | # Look for named expressions that have dot operators after it 405 | 406 | $objectMatches += $objectCandidate 407 | } 408 | 409 | } 410 | 411 | foreach ($VIP in $VIPsAll) { 412 | 413 | # For regex, replace dots with escaped dots 414 | $VIPDots = $VIP.VIP -replace "\.", "\." 415 | 416 | # Trying to avoid substring matches 417 | if ($paramName) { 418 | # Compare candidate to term immediately following parameter name 419 | if (($matchConfig -match ($paramName + " " + $VIPDots + "$" )) -or ($matchConfig -match ($paramName + " " + $VIPDots + " "))) { 420 | if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } 421 | } 422 | } elseif ($position) { 423 | # Compare candidate to all terms after the specified position # - avoids action name matching policy name 424 | if (($matchConfig -match ($positionString + $VIPDots + "$")) -or ($matchConfig -match ($positionString + $VIPDots + " "))) { 425 | if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } 426 | } 427 | } elseif (($matchConfig -match (" " + $VIPDots + "$")) -or ($matchConfig -match (" " + $VIPDots + " "))) { 428 | # Look for candidate at end of string, or with spaces surrounding it - avoids substring matches 429 | 430 | if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } 431 | } elseif (($matchConfig -match ('"' + $VIPDots + '\\"')) -or ($matchConfig -match ('\(' + $VIPDots + '\)"'))) { 432 | # Look for AppExpert objects (e.g. policy sets, callouts) in policy expressions that don't have spaces around it 433 | 434 | if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } 435 | } elseif (($matchConfig -match ('//' + $VIPDots)) -or ($matchConfig -match ($VIPDots + ':'))) { 436 | # Look in URLs for DNS records 437 | 438 | if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } 439 | } elseif (($matchConfig -match ('\.' + $VIPDots + '(\.|"|\(| )'))) { 440 | # Look in Policy Expressions for Policy Extensions - .extension. or .extension" or .extension( or .extension 441 | 442 | if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } 443 | } 444 | 445 | } 446 | 447 | return $objectMatches 448 | } 449 | 450 | 451 | function GetLBvServerBindings ($objectsList) { 452 | 453 | $matchExpression = getMatchExpression $objectsList 454 | #foreach ($lbvserver in $objectsList) { 455 | $vserverConfig = $config -match " lb vserver $matchExpression " 456 | addNSObject "service" (getNSObjects $vserverConfig "service") 457 | if ($NSObjects.service) { 458 | $serviceMatchExpression = getMatchExpression $NSObjects.service 459 | #foreach ($service in $NSObjects.service) { 460 | # wrap config matches in spaces to avoid substring matches 461 | $serviceConfig = $config -match " service $serviceMatchExpression " 462 | addNSObject "monitor" (getNSObjects $serviceConfig "lb monitor" "-monitorName") 463 | addNSObject "monitor" (getNSObjects $serviceConfig "monitor" "-monitorName") 464 | addNSObject "server" (getNSObjects $serviceConfig "server") 465 | addNSObject "ssl profile" (getNSObjects $serviceConfig "ssl profile") 466 | addNSObject "netProfile" (getNSObjects $serviceConfig "netProfile" "-netProfile") 467 | addNSObject "ns trafficDomain" (getNSObjects $serviceConfig "ns trafficDomain" "-td") 468 | addNSObject "ns httpProfile" (getNSObjects $serviceConfig "ns httpProfile" "-httpProfileName") 469 | addNSObject "ssl cipher" (getNSObjects $serviceConfig "ssl cipher") 470 | addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-certkeyName") 471 | addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-cacert") 472 | #} 473 | } 474 | addNSObject "serviceGroup" (getNSObjects $vserverConfig "serviceGroup") 475 | if ($NSObjects.serviceGroup) { 476 | $serviceGrouMatchExpression = getMatchExpression $NSObjects.serviceGroup 477 | #foreach ($serviceGroup in $NSObjects.serviceGroup) { 478 | $serviceConfig = $config -match " serviceGroup $serviceGrouMatchExpression " 479 | addNSObject "monitor" (getNSObjects $serviceConfig "lb monitor" "-monitorName") 480 | addNSObject "monitor" (getNSObjects $serviceConfig "monitor" "-monitorName") 481 | addNSObject "server" (getNSObjects $serviceConfig "server") 482 | addNSObject "ssl profile" (getNSObjects $serviceConfig "ssl profile") 483 | addNSObject "netProfile" (getNSObjects $serviceConfig "netProfile" "-netProfile") 484 | addNSObject "ns trafficDomain" (getNSObjects $serviceConfig "ns trafficDomain" "-td") 485 | addNSObject "ns httpProfile" (getNSObjects $serviceConfig "ns httpProfile" "-httpProfileName") 486 | addNSObject "ssl cipher" (getNSObjects $serviceConfig "ssl cipher") 487 | addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-certkeyName") 488 | addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-cacert") 489 | #} 490 | } 491 | addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile") 492 | addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") 493 | addNSObject "authentication vserver" (getNSObjects $vserverConfig "authentication vserver" "-authnVsName") 494 | addNSObject "authentication authnProfile" (getNSObjects $vserverConfig "authentication authnProfile" "-authnProfile") 495 | addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel") 496 | addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policyName") 497 | addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName") 498 | addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher" "-cipherName") 499 | addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") 500 | addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName") 501 | addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-cacert") 502 | addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $matchExpression ") "ssl vserver") 503 | addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName") 504 | addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") 505 | addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName") 506 | addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") 507 | addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName") 508 | addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel") 509 | addNSObject "cmp policy" (getNSObjects $vserverConfig "cmp policy" "-policyName") 510 | addNSObject "cmp policylabel" (getNSObjects $vserverConfig "cmp policylabel" "policylabel") 511 | addNSObject "appqoe policy" (getNSObjects $vserverConfig "appqoe policy" "-policyName") 512 | addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policyName") 513 | addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel") 514 | addNSObject "appfw policy" (getNSObjects $vserverConfig "appfw policy" "-policyName") 515 | addNSObject "appfw policylabel" (getNSObjects $vserverConfig "appfw policylabel" "policylabel") 516 | addNSObject "filter policy" (getNSObjects $vserverConfig "filter policy" "-policyName") 517 | addNSObject "bot policy" (getNSObjects $vserverConfig "bot policy") 518 | addNSObject "transform policy" (getNSObjects $vserverConfig "transform policy" "-policyName") 519 | addNSObject "transform policylabel" (getNSObjects $vserverConfig "transform policylabel") 520 | addNSObject "tm trafficPolicy" (getNSObjects $vserverConfig "tm trafficPolicy" "-policyName") 521 | addNSObject "feo policy" (getNSObjects $vserverConfig "feo policy" "-policyName") 522 | addNSObject "spillover policy" (getNSObjects $vserverConfig "spillover policy" "-policyName") 523 | addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policyName") 524 | addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policyName") 525 | addNSObject "bot policy" (getNSObjects $vserverConfig "bot policy") 526 | addNSObject "dns profile" (getNSObjects $vserverConfig "dns profile" "-dnsProfileName" ) 527 | addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile" "-tcpProfileName") 528 | addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName") 529 | addNSObject "db dbProfile" (getNSObjects $vserverConfig "db dbProfile" "-dbProfileName") 530 | addNSObject "lb profile" (getNSObjects $vserverConfig "lb profile" "-lbprofilename") 531 | addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset") 532 | addNSObject "authentication adfsProxyProfile" (getNSObjects $vserverConfig "authentication adfsProxyProfile" "-adfsProxyProfile") 533 | #} 534 | 535 | } 536 | 537 | function getHttpVServer ($matchConfig) { 538 | # Matches local LB/CS vServer VIPs in URLs (e.g. StoreFront URL) - No FQDN support 539 | 540 | # Read all LB/CS objects of protocol HTTP/SSL from from full config. Extract Name, IP, and Port 541 | if ($matchConfig -match "http://") 542 | { 543 | $objectsAll = $config | select-string -Pattern '^add (lb|cs) vserver (".*?"|[^-"]\S+) HTTP (\d+\.\d+.\d+\.\d+) (\d+) ' | ForEach-Object { New-Object PSObject -property @{ 544 | Name = $_.Matches.Groups[2].value 545 | IP = $_.Matches.Groups[3].value 546 | Port = $_.Matches.Groups[4].value 547 | } 548 | } 549 | } 550 | elseif ($matchConfig -match "https://") 551 | { 552 | $objectsAll = $config | select-string -Pattern '^add (lb|cs) vserver (".*?"|[^-"]\S+) SSL (\d+\.\d+.\d+\.\d+) (\d+)' | ForEach-Object { New-Object PSObject -property @{ 553 | Name = $_.Matches.Groups[2].value 554 | IP = $_.Matches.Groups[3].value 555 | Port = $_.Matches.Groups[4].value 556 | } 557 | } 558 | } 559 | 560 | # Check URL for matching VIP and/or Port number 561 | $objectMatches = @() 562 | foreach ($objectCandidate in $objectsAll) 563 | { 564 | if ($matchConfig -match $objectCandidate.IP) 565 | { 566 | if ($matchConfig -match ":\d+/") 567 | { 568 | if ($matchConfig -match (":" + $objectCandidate.Port + "/")) 569 | { 570 | $objectMatches += $objectCandidate.Name 571 | } 572 | } 573 | elseif ($objectCandidate.Port -eq "80" -or $objectCandidate.Port -eq "443") 574 | { 575 | $objectMatches += $objectCandidate.Name 576 | } 577 | } 578 | } 579 | 580 | return $objectMatches 581 | } 582 | 583 | 584 | 585 | function outputnFactorPolicies ($bindingType, $indent) { 586 | $matchedConfig = @() 587 | $loginSchemaProfile = $config | select-string -Pattern ('^add ' + $bindingType + ' -loginSchema (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 588 | if ($loginSchemaProfile) { 589 | $matchedConfig += $linePrefix + ($spacing * ($indent)) + "Login Schema Profile = " + $loginSchemaProfile 590 | $loginSchemaProfile = $config -match '^add authentication loginSchema ' + $loginSchemaProfile + " " 591 | $loginSchemaXML = $loginSchemaProfile | select-string -Pattern ('-authenticationSchema (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 592 | if ($loginSchemaXML) { 593 | $matchedConfig += $linePrefix + ($spacing * ($indent)) + "Login Schema XML = " + $loginSchemaXML 594 | } 595 | } 596 | $policies = $config | select-string -Pattern ('^bind ' + $bindingType + ' -(policy|policyName|loginSchema) (".*?"|[^-"]\S+)($| )') | ForEach-Object {$_.Matches.Groups[2].value} 597 | foreach ($policy in $policies) { 598 | $policyBinding = $config -match ('^bind ' + $bindingType + " -(policy|policyName|loginSchema) " + $policy + " ") 599 | $priority = $policyBinding | select-string -Pattern ('-priority (\d+)') | ForEach-Object {$_.Matches.Groups[1].value} 600 | $goto = $policyBinding | select-string -Pattern ('-gotoPriorityExpression (\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 601 | $loginSchemaPolicy = $config -match '^add authentication loginSchemaPolicy ' + $policy + " " 602 | if ($loginSchemaPolicy) { 603 | $loginSchemaAction = $loginSchemaPolicy | select-string -Pattern ('-action (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 604 | $rule = $loginSchemaPolicy | select-string -Pattern ('-rule (.*?) -action') | ForEach-Object {$_.Matches.Groups[1].value} 605 | $matchedConfig += $linePrefix + ($spacing * $indent) + "Login Schema Policy = " + $policy 606 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Priority = " + $priority 607 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Rule = " + $rule 608 | $loginSchemaProfile = $config -match '^add authentication loginSchema ' + $loginSchemaAction + " " 609 | if ($loginSchemaProfile) { 610 | $loginSchemaXML = $loginSchemaProfile | select-string -Pattern ('-authenticationSchema (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 611 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Login Schema XML = " + $loginSchemaXML 612 | } 613 | } 614 | $authPolicy = $config -match '^add authentication Policy ' + $policy + ' ' 615 | if ($authPolicy) { 616 | $authAction = $authPolicy | select-string -Pattern ('-action (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 617 | $authActionConfig = $config -match '^add authentication \w+?Action ' + $authAction + " " 618 | $AAAGroup = $authActionConfig | select-string -Pattern ('-defaultAuthenticationGroup (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 619 | $authType = $authActionConfig | select-string -Pattern ('^add authentication (\w+?Action)') | ForEach-Object {$_.Matches.Groups[1].value} 620 | $rule = $authPolicy | select-string -Pattern ('-rule (.*?) -action') | ForEach-Object {$_.Matches.Groups[1].value} 621 | $nextFactor = $policyBinding | select-string -Pattern ('-nextFactor (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 622 | $matchedConfig += $linePrefix + ($spacing * $indent) + "Adv Authn Policy = " + $policy 623 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Priority = " + $priority 624 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Rule = " + $rule 625 | if ($authType) { 626 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Action = " + $authType + " named " + $authAction 627 | } else { 628 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Action = " + $authAction 629 | } 630 | if ($AAAGroup) { 631 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "AAA Group = " + $AAAGroup 632 | } 633 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Goto if failed = " + $goto 634 | if ($nextFactor) { 635 | $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Next Factor if Success = " + $nextFactor 636 | $matchedConfig += outputnFactorPolicies ('authentication policylabel ' + $nextFactor) ($indent + 2) 637 | } 638 | } 639 | } 640 | return $matchedConfig 641 | } 642 | 643 | function outputObjectConfig ($header, $NSObjectKey, $NSObjectType, $explainText) { 644 | $uniqueObjects = $NSObjects.$NSObjectKey | Select-Object -Unique 645 | 646 | # Build header line 647 | $output = "# " + $header + "`n# " 648 | 1..$header.length | ForEach-Object {$output += "-"} 649 | $output += "`n" 650 | 651 | $matchedConfig = @() 652 | if ($NSObjectType -eq "raw") { 653 | # Print actual Object Values. Don't get output from filtered config. 654 | $matchedConfig = $NSObjects.$NSObjectKey + "`n" 655 | } else { 656 | foreach ($uniqueObject in $uniqueObjects) { 657 | 658 | # For regex, replace dots with escaped dots and escaped * 659 | $uniqueObject = $uniqueObject -replace "\.", "\." 660 | $uniqueObject = $uniqueObject -replace "\*", "\*" 661 | 662 | # Don't match "-" to prevent "add serviceGroup -netProfile" 663 | # Ensure there's whitespace before match to prevent substring matches (e.g. MyServer matching server) 664 | if ($NSObjectType) { 665 | # Optional $NSObjectType overrides $NSObjectKey if they don't match (e.g. CA Cert doesn't match certKey) 666 | $matchedConfig += $config -match "[^-\S]" + $NSObjectType + " " + $uniqueObject + "$" 667 | $matchedConfig += $config -match "[^-\S]" + $NSObjectType + " " + $uniqueObject + "[^\S]" 668 | } else { 669 | $matchedConfig += $config -match "[^-\S]" + $NSObjectKey + " " + $uniqueObject + "$" 670 | $matchedConfig += $config -match "[^-\S]" + $NSObjectKey + " " + $uniqueObject + "[^\S]" 671 | } 672 | # if ($uniqueObject -eq "NO_RW_192\.168\.192\.242") {write-host $uniqueObject $matchedConfig} 673 | 674 | $matchedConfig += "`n" 675 | } 676 | } 677 | 678 | if ($explainText) { 679 | $explainText = @($explainText -split "`n") 680 | $explainText | ForEach-Object { 681 | $matchedConfig += "# *** " + $_ 682 | } 683 | $matchedConfig += "`n" 684 | } 685 | 686 | # nFactor Visualizer 687 | if ($NSObjectKey -eq "authentication vserver") { 688 | $linePrefix = "# ** " 689 | $spacing = " " 690 | foreach ($aaavServer in $uniqueObjects) { 691 | $indent = 0 692 | $matchedConfig += $linePrefix + "nFactor Visualizer " 693 | $matchedConfig += $linePrefix + "------------------ " 694 | $matchedConfig += $linePrefix + ($spacing * $indent) + "AAA vserver: " + $aaavServer 695 | $matchedConfig += outputnFactorPolicies ("authentication vserver " + $aaavServer) 1 696 | $matchedConfig += "`n" 697 | } 698 | } 699 | 700 | # Add line endings to output 701 | $SSLVServerName = "" 702 | foreach ($line in $matchedConfig) { 703 | 704 | # if binding new cipher group, remove old ciphers first 705 | # only add unbind line once per SSL object 706 | $SSLvserverNameMatch = $line | select-string -Pattern ('^bind ssl (vserver|service|serviceGroup|monitor) (.*) -cipherName') | ForEach-Object {$_.Matches.Groups[2].value} 707 | if ($SSLvserverNameMatch -and ($SSLVServerName -ne $SSLvserverNameMatch)) { 708 | $SSLVServerName = $SSLvserverNameMatch 709 | $output += ($line -replace "bind (.*) -cipherName .*", "unbind `$1 -cipherName DEFAULT`n") 710 | } 711 | 712 | # handle one blank line between mutliple objects of same type 713 | if ($line -ne "`n") { 714 | $output += $line + "`n" 715 | } else { 716 | $output += "`n" 717 | } 718 | } 719 | 720 | # Output to file or screen 721 | if ($outputFile -and ($outputFile -ne "screen")) { 722 | $output | out-file $outputFile -Append 723 | } else { 724 | $output 725 | } 726 | } 727 | 728 | ## Start main script 729 | 730 | # Clear configuration from last run 731 | $nsObjects = @{} 732 | $nsObjectsCache = @{} 733 | 734 | $selectionDone =$false 735 | $firstLoop = $true 736 | 737 | 738 | do { 739 | # Get matching vServer Names. If more than one, prompt for selection. 740 | # This loop allows users to change the vServer filter text 741 | 742 | if ($vserver -match " ") { 743 | $vserver = [char]34 + $vserver + [char]34 744 | } 745 | $vservers = $config -match "$vserver" | select-string -Pattern ('^add \w+ vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 746 | if (!$vservers) { 747 | # Try substring matches without quotes 748 | if ($vserver -match " ") { $vserver = $vserver -replace [char]34 } 749 | $vservers = $config -match "$vserver" | select-string -Pattern ('^add \w+ vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 750 | } 751 | 752 | # Make sure it's an array, even if only one match 753 | $vservers = @($vservers) 754 | 755 | # FirstLoop flag enables running script without prompting. 756 | # If second loop, then user must have changed the filter and wants to see results even if only one (or none). 757 | if (($vservers.length -eq 1 -and $firstLoop) -or $vservers -contains $vserver) { 758 | # Get vServer Type 759 | $vserverType = $config -match " $vservers " | select-string -Pattern ('^add (\w+) vserver') | ForEach-Object {$_.Matches.Groups[1].value} 760 | addNSObject ($vserverType + " vserver") $vservers 761 | $selectionDone = $true 762 | } else { 763 | # Prompt for vServer selection 764 | 765 | # Prepend System option 766 | $vservers = @("System Settings") + $vservers 767 | 768 | # Get vServer Type for each vServer name - later display to user 769 | $vserverTypes = @("") * ($vservers.length) 770 | $vserverTypes[0] = "sys" 771 | 772 | if ($vserver) { 773 | $vserverConfig = $config -match "$vserver" 774 | } else { 775 | $vserverConfig = $config -match "add (\w+) vserver" 776 | } 777 | 778 | for ($x = 1; $x -lt $vservers.length; $x++) { 779 | $vserverTypes[$x] = $vserverConfig | select-string -Pattern ('^add (\w+) vserver ' + $vservers[$x] + " ") | ForEach-Object {$_.Matches.Groups[1].value} 780 | } 781 | 782 | # Change "authentication" to "aaa" so it fits within 4 char column 783 | $vserverTypes = $vserverTypes -replace "authentication", "aaa" 784 | 785 | # Get VIPs for each vServer so they can be displayed to the user 786 | $VIPs = @("") * ($vservers.length) 787 | for ($x = 1; $x -lt $vservers.length; $x++) { 788 | $VIPs[$x] = $vserverConfig | select-string -Pattern ('^add \w+ vserver ' + $vservers[$x] + ' \w+ (\d+\.\d+\.\d+\.\d+)') | ForEach-Object {$_.Matches.Groups[1].value} 789 | } 790 | 791 | # Get Ports for each vServer so they can be displayed to the user 792 | $Ports = @("") * ($vservers.length) 793 | for ($x = 1; $x -lt $vservers.length; $x++) { 794 | $Ports[$x] = $vserverConfig | select-string -Pattern ('^add \w+ vserver ' + $vservers[$x] + ' \w+ \d+\.\d+\.\d+\.\d+ (\d+)') | ForEach-Object {$_.Matches.Groups[1].value} 795 | } 796 | 797 | # Get Enabled/Disabled State for each vServer so they can be displayed to the user 798 | $States = @("") * ($vservers.length) 799 | for ($x = 1; $x -lt $vservers.length; $x++) { 800 | $States[$x] = $vserverConfig | select-string -Pattern ('^add \w+ vserver ' + $vservers[$x] + ' .*? -state (\w+)') | ForEach-Object {$_.Matches.Groups[1].value} 801 | } 802 | 803 | $selected = @("") * ($vservers.length) 804 | 805 | # Grid View 806 | $vserverObjects = @() 807 | $vserverObjects = for ($x = 0; $x -lt $vservers.length; $x++) { 808 | [PSCustomObject] @{ 809 | Type = $vserverTypes[$x] 810 | Name = $vservers[$x] 811 | VIP = $VIPs[$x] 812 | Port = $Ports[$x] 813 | State = $States[$x] 814 | } 815 | } 816 | if ($IsMacOS){ 817 | "Use Listbox window to select Virtual Servers`n" 818 | $vserverlist = $vservers | Foreach-object{,($_.trim('"') )} 819 | $vserverlist = (('tell application "SystemUIServer"'+"`n"+'activate'+"`n"+'set vserver to (choose from list {"'+($vserverlist -join '","')+'"} with prompt "Command+Select Multiple Virtual Servers to extract" with multiple selections allowed)'+"`n"+'end tell' | osascript -s s) -replace ', ',',') 820 | $vserverObjects = @() 821 | [regex]::Matches($vserverlist, '(?:([\w\s]+))') | ForEach-Object { 822 | if ($_.value -match ' '){$vservername = '"'+$_.value+'"'} 823 | else {$vservername = $_.value} 824 | $x = $vservers.IndexOf($vservername) 825 | $vserverObjects += [PSCustomObject] @{ 826 | Type = $vserverTypes[$x] 827 | Name = $vservers[$x] 828 | } 829 | } 830 | } else { 831 | "Use Grid View window to select Virtual Servers`n" 832 | $vserverObjects = $vserverObjects | Out-GridView -Title "Ctrl+Select Multiple Virtual Servers to extract" -PassThru 833 | } 834 | if (!$vserverObjects) { exit } 835 | $vservers = @() 836 | foreach ($vserverObject in $vserverObjects) { 837 | if ($vserverObject.Type -eq "aaa") { 838 | $vserverObject.Type = "authentication" 839 | } 840 | if ($vserverObject.Type -eq "sys") { 841 | addNSObject ("sys") $vserverObject.Name 842 | $vservers += "System Settings" 843 | } else { 844 | addNSObject ($vserverObject.Type + " vserver") $vserverObject.Name 845 | $vservers += $vserverObject.Name 846 | } 847 | } 848 | $selectionDone = $true 849 | 850 | # CLI Menu Selection 851 | <# do { 852 | $count = 1 853 | cls 854 | $promptString = "Select one or more of the following Virtual Servers for configuration extraction:`n`n" 855 | $promptString += "Virtual Server Filter = $vserver`n`n" 856 | $promptString += " Num Type VIP Name`n" 857 | $maxLength = ($vservers | sort-object length -desc | select -first 1).length 858 | $promptString += " ----- ---- " + ("-" * 15) + " " + ("-" * $maxLength) + "`n" 859 | write-host $promptString 860 | foreach ($vserverOption in $vservers) { 861 | $promptString = "{0,1} {1,4}: {2,4} {3,15} $vserverOption" -f $selected[$count-1], $count, $vserverTypes[$count-1], $VIPs[$count-1] 862 | if ($selected[$count-1] -eq "*") { 863 | write-host -foregroundcolor yellow $promptString 864 | } else { 865 | write-host $promptString 866 | } 867 | $count++ 868 | } 869 | write-host "" 870 | $entry = read-host "Enter Number to select/deselect, * for all, 0 for new filter string, or to begin extraction" 871 | if (!$entry -or $entry -eq "") { $selectionDone = $true; break } 872 | if ($entry -eq "*") 873 | { 874 | for ($x = 0; $x -lt $selected.length; $x++) { 875 | if ($selected[$x] -eq "*") { 876 | $selected[$x] = "" 877 | } else 878 | { 879 | $selected[$x] = "*" 880 | } 881 | } 882 | } else 883 | { 884 | try 885 | { 886 | $entry = [int]$entry 887 | if ($entry -lt 0 -or $entry -gt $count) 888 | { 889 | write-host "`nInvalid entry. Press Enter to try again. ";read-host 890 | $entry = "retry" 891 | } elseif ($entry -ge 1 -and $entry -le $count) 892 | { 893 | # Swap select status 894 | if ($selected[$entry -1] -eq "*") 895 | { 896 | $selected[$entry-1] = "" 897 | } else 898 | { 899 | $selected[$entry-1] = "*" 900 | } 901 | } elseif ($entry -eq 0) 902 | { 903 | $newFilter = read-host "Enter new filter string" 904 | $vserver = $newFilter 905 | $entry = "" 906 | $selected = "" 907 | } 908 | } catch 909 | { 910 | write-host "`nInvalid entry. Press Enter to try again. ";read-host 911 | $entry = "retry" 912 | } 913 | } 914 | } while ($entry -and $entry -ne "") 915 | 916 | $vserversSelected = @() 917 | for ($x = 0; $x -lt ($selected.length); $x++) { 918 | $vserverTypes = $vserverTypes -replace "aaa", "authentication" 919 | if ($selected[$x] -eq "*") { 920 | addNSObject ($vserverTypes[$x] + " vserver") $vservers[$x] 921 | $vserversSelected += $vservers[$x] 922 | $selectionDone = $true 923 | } 924 | } 925 | 926 | $vservers = $vserversSelected #> 927 | } 928 | $firstLoop = $false 929 | } while (!$selectionDone) 930 | 931 | if (!$vservers) { exit } 932 | 933 | 934 | # Run the Get-Output function to ask the user where to save the NetScaler documentation file 935 | if (!$outputFile) { $outputFile = Get-OutputFile $outputfile } 936 | 937 | 938 | "`nLooking for objects associated with selected vServers: `n" + ($vservers -join "`n") + "`n" 939 | 940 | $Timer = [system.diagnostics.stopwatch]::StartNew() 941 | 942 | # Get System Objects 943 | if ($nsObjects."sys") { 944 | addNSObject "ns partition" (getNSObjects ($config -match "add ns partition") "ns partition") 945 | addNSObject "dns nameServer" (getNSObjects ($config -match "add dns nameServer") "dns nameServer") 946 | if ($nsObjects."dns nameServer") 947 | { 948 | foreach ($nameserver in $nsObjects."dns nameServer") { 949 | $nameServerConfig = $config -match "lb vserver $nameserver " 950 | addNSObject "lb vserver" (getNSObjects $nameServerConfig "lb vserver") 951 | } 952 | } 953 | addNSObject "ns feature" ($config -match "ns feature") 954 | addNSObject "ns mode" ($config -match "ns mode") 955 | addNSObject "system parameter" ($config -match "system parameter") 956 | addNSObject "ns encryptionParams" ($config -match "set ns encryptionParams") 957 | addNSObject "ssl cipher" (getNSObjects $config "ssl cipher" "-cipherName") 958 | 959 | # Get Networking Settings 960 | addNSObject "ns config" ($config -match "ns config") 961 | addNSObject "ns hostName" ($config -match "ns hostName") 962 | addNSObject "interface" ($config -match " interface ") 963 | addNSObject "channel" ($config -match " channel ") 964 | addNSObject "vlan" (getNSObjects ($config -match " vlan ") "vlan") 965 | addNSObject "vrid" (getNSObjects ($config -match "vrid") "vrid") 966 | addNSObject "ns ip" (getNSObjects ($config -match "ns ip") "ns ip") 967 | addNSObject "route" ($config -match " route ") 968 | addNSObject "ns pbr" ($config -match " ns pbr") 969 | addNSObject "mgmt ssl service" (getNSObjects ($config -match " ssl service ns(krpcs|https|rpcs|rnatsip)-") "ssl service") 970 | 971 | # Get SNMP 972 | addNSObject "snmp community" ($config -match " snmp community") 973 | addNSObject "snmp manager" ($config -match " snmp manager") 974 | addNSObject "snmp trap" ($config -match " snmp trap") 975 | addNSObject "snmp alarm" ($config -match " snmp alarm") 976 | 977 | # Get HA settings 978 | addNSObject "ha node" ($config -match "HA node") 979 | addNSObject "ha rpcNode" (getNSObjects ($config -match "set ns config") "ns rpcNode") 980 | addNSObject "ha rpcNode" (getNSObjects ($config -match "HA node") "ns rpcNode") 981 | 982 | # Get System Global Bindings - authentication, syslog 983 | addNSObject "system global" ($config -match "system global") 984 | addNSObject "authentication Policy" (getNSObjects ($config -match "system global") "authentication Policy") 985 | addNSObject "authentication ldapPolicy" (getNSObjects ($config -match "system global") "authentication ldapPolicy") 986 | addNSObject "authentication radiusPolicy" (getNSObjects ($config -match "system global") "authentication radiusPolicy") 987 | addNSObject "authentication tacacsPolicy" (getNSObjects ($config -match "system global") "authentication tacacsPolicy") 988 | addNSObject "authentication localPolicy" (getNSObjects ($config -match "system global") "authentication localPolicy") 989 | addNSObject "audit syslogPolicy" (getNSObjects ($config -match "bind system global") "audit syslogPolicy") 990 | addNSObject "audit syslogPolicy" (getNSObjects ($config -match "bind audit syslogGlobal") "audit syslogPolicy") 991 | addNSObject "audit nslogPolicy" (getNSObjects ($config -match "bind system global") "audit nslogPolicy") 992 | addNSObject "system user" (getNSObjects ($config -match "system user") "system user") 993 | addNSObject "system group" (getNSObjects ($config -match "system group") "system group") 994 | 995 | } 996 | 997 | # If $cswBind switch is true, look for CS vServers that the LB, AAA, and/or VPN vServers are bound to. 998 | if ($cswBind){ 999 | $cswBindType = @{lb='lbvserver';vpn='vserver';authentication='vserver'} 1000 | foreach ($vsrvType in 'lb','vpn','authentication' ) { 1001 | if ($nsObjects."$vsrvType vserver") { 1002 | foreach ($vsrv in $nsObjects."$vsrvType vserver") 1003 | { 1004 | # CSW Default virtual server 1005 | if ($config -match "bind cs vserver .* -$($cswBindType.$vsrvType) $vsrv"){ 1006 | addNSObject "cs vserver" ($config -match "bind cs vserver .* -$($cswBindType.$vsrvType) $vsrv" | select-string -Pattern ('^bind cs vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) 1007 | } 1008 | # CSW Policy Bind -targetlbserver 1009 | if ($config -match "bind cs vserver .* -policyName .* -targetLBVserver $vsrv"){ 1010 | addNSObject "cs vserver" ($config -match "bind cs vserver .* -policyName .* -targetLBVserver $vsrv" | select-string -Pattern ('^bind cs vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) 1011 | } 1012 | # CSW Action -targetlbserver -targetvserver 1013 | if ($config -match "add cs action .* -target$($cswBindType.$vsrvType) $vsrv"){ 1014 | $csaction = ($config -match "add cs action .* -target$($cswBindType.$vsrvType) $vsrv" | select-string -Pattern ('^add cs action (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) 1015 | #CS Policy for CS Action 1016 | $cspolicy = ($config -match "add cs policy .* -action $csaction" | select-string -Pattern ('^add cs policy (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) 1017 | #CS vServer for CS Policy 1018 | addNSObject "cs vserver" ($config -match "bind cs vserver .* -policyName $cspolicy" | select-string -Pattern ('^bind cs vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) 1019 | } 1020 | } 1021 | } 1022 | } 1023 | } 1024 | 1025 | # Look for Backup CSW vServers and Linked LB vServers 1026 | if ($nsObjects."cs vserver") { 1027 | if ($config -match "enable ns feature.* CS") 1028 | { 1029 | $NSObjects."cs parameter" = @("enable ns feature CS") 1030 | } else { 1031 | $NSObjects."cs parameter" = @("# *** CS feature is not enabled") 1032 | } 1033 | 1034 | foreach ($csvserver in $nsObjects."cs vserver") { 1035 | $currentVServers = $nsObjects."cs vserver" 1036 | $nsObjects."cs vserver" = @() 1037 | $vserverConfig = $config -match " $csvserver " 1038 | # Backup VServers should be created before Active VServers 1039 | $backupVServers = getNSObjects ($vserverConfig) "cs vserver" "-backupVServer" 1040 | if ($backupVServers) { 1041 | addNSObject "cs vserver" ($backupVServers) 1042 | foreach ($vserver in $currentvservers) { 1043 | if ($backupVServers -notcontains $vserver) { 1044 | addNSObject "cs vserver" ($vserver) 1045 | } 1046 | } 1047 | } else { 1048 | $nsObjects."cs vserver" = $currentVServers 1049 | } 1050 | addNSObject "lb vserver" (getNSObjects $vserverconfig "lb vserver" "-targetLBVserver") 1051 | } 1052 | } 1053 | 1054 | 1055 | # Enumerate CSW vServer config for additional bound objects 1056 | if ($nsObjects."cs vserver") { 1057 | foreach ($csvserver in $nsObjects."cs vserver") { 1058 | $vserverConfig = $config -match "vserver $csvserver " 1059 | addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy" "-policyName") 1060 | addNSObject "cs policylabel" (getNSObjects $vserverConfig "cs policylabel" "policylabel") 1061 | addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-lbvserver") 1062 | addNSObject "gslb vserver" (getNSObjects $vserverConfig "gslb vserver" "-vserver") 1063 | addNSObject "vpn vserver" (getNSObjects $vserverConfig "vpn vserver" "-vserver") 1064 | addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile") 1065 | addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") 1066 | addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile" "-tcpProfileName") 1067 | addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName") 1068 | addNSObject "db dbProfile" (getNSObjects $vserverConfig "db dbProfile" "-dbProfileName") 1069 | addNSObject "dns profile" (getNSObjects $vserverConfig "dns profile" "-dnsProfileName") 1070 | addNSObject "authentication vserver" (getNSObjects $vserverConfig "authentication vserver" "-authnVsName") 1071 | addNSObject "authentication authnProfile" (getNSObjects $vserverConfig "authentication authnProfile" "-authnProfile") 1072 | addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel") 1073 | addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policyName") 1074 | addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policyName") 1075 | addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policyName") 1076 | addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName") 1077 | addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher" "-cipherName") 1078 | addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") 1079 | addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certKeyName") 1080 | addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $csvserver ") "ssl vserver") 1081 | addNSObject "cmp policy" (getNSObjects $vserverConfig "cmp policy" "-policyName") 1082 | addNSObject "cmp policylabel" (getNSObjects $vserverConfig "cmp policylabel" "policylabel") 1083 | addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName") 1084 | addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") 1085 | addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName") 1086 | addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") 1087 | addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policyName") 1088 | addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel") 1089 | addNSObject "appfw policy" (getNSObjects $vserverConfig "appfw policy" "-policyName") 1090 | addNSObject "appfw policylabel" (getNSObjects $vserverConfig "appfw policylabel" "policylabel") 1091 | addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName") 1092 | addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel") 1093 | addNSObject "transform policy" (getNSObjects $vserverConfig "transform policy" "-policyName") 1094 | addNSObject "transform policylabel" (getNSObjects $vserverConfig "transform policylabel") 1095 | addNSObject "tm trafficPolicy" (getNSObjects $vserverConfig "tm trafficPolicy" "-policyName") 1096 | addNSObject "feo policy" (getNSObjects $vserverConfig "feo policy" "-policyName") 1097 | addNSObject "spillover policy" (getNSObjects $vserverConfig "spillover policy" "-policyName") 1098 | addNSObject "appqoe policy" (getNSObjects $vserverConfig "appqoe policy" "-policyName") 1099 | addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset") 1100 | addNSObject "analytics profile" (getNSObjects $vserverConfig "analytics profile" "-analyticsProfile") 1101 | } 1102 | } 1103 | 1104 | # write-host ("cs objects: " + $timer.elapsed.TotalSeconds) 1105 | 1106 | # Get CSW Policies from CSW Policy Labels 1107 | if ($NSObjects."cs policylabel") { 1108 | foreach ($policy in $NSObjects."cs policylabel") { 1109 | addNSObject "cs policy" (getNSObjects ($config -match " $policy ") "cs policy") 1110 | } 1111 | } 1112 | 1113 | 1114 | # Get CSW Actions from CSW Policies 1115 | if ($NSObjects."cs policy") { 1116 | $matchExpression = getMatchExpression $NSObjects."cs policy" 1117 | addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action") 1118 | addNSObject "audit messageaction" (getNSObjects ($config -match "cr policy $matchExpression") "audit messageaction" "-logAction") 1119 | 1120 | # Get vServers linked to CSW Actions 1121 | if ($NSObjects."cs action") { 1122 | $matchExpression = getMatchExpression $NSObjects."cs action" 1123 | $filteredConfig = $config -match " $matchExpression " 1124 | addNSObject "lb vserver" (getNSObjects ($filteredConfig) "lb vserver" "-targetLBVserver") 1125 | addNSObject "vpn vserver" (getNSObjects ($filteredConfig) "vpn vserver" "-targetVserver") 1126 | addNSObject "authentication vserver" (getNSObjects ($filteredConfig) "authentication vserver" "-targetVserver") 1127 | addNSObject "gslb vserver" (getNSObjects ($filteredConfig) "gslb vserver" "-targetVserver") 1128 | } 1129 | } 1130 | 1131 | 1132 | # Look for Backup CR vServers 1133 | if ($nsObjects."cr vserver") { 1134 | foreach ($crvserver in $nsObjects."cr vserver") { 1135 | $currentVServers = $nsObjects."cr vserver" 1136 | $nsObjects."cr vserver" = @() 1137 | $vserverConfig = $config -match " $crvserver " 1138 | # Backup VServers should be created before Active VServers 1139 | $backupVServers = getNSObjects ($vserverConfig) "cr vserver" "-backupVServer" 1140 | if ($backupVServers) { 1141 | addNSObject "cr vserver" ($backupVServers) 1142 | foreach ($vserver in $currentvservers) { 1143 | if ($backupVServers -notcontains $vserver) { 1144 | addNSObject "cr vserver" ($vserver) 1145 | } 1146 | } 1147 | } else { 1148 | $nsObjects."cr vserver" = $currentVServers 1149 | } 1150 | } 1151 | } 1152 | 1153 | 1154 | # Enumerate CR vServer config for additional bound objects 1155 | if ($nsObjects."cr vserver") { 1156 | foreach ($crvserver in $nsObjects."cr vserver") { 1157 | $vserverConfig = $config -match " $crvserver " 1158 | addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy") 1159 | addNSObject "cs policylabel" (getNSObjects $vserverConfig "cs policylabel" "policylabel") 1160 | addNSObject "cr policy" (getNSObjects $vserverConfig "cr policy") 1161 | addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-lbvserver") 1162 | addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-dnsVserverName") 1163 | addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile") 1164 | addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") 1165 | addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile" "-tcpProfileName") 1166 | addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName") 1167 | addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName") 1168 | addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher") 1169 | addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") 1170 | addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certKeyName") 1171 | addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $crvserver ") "ssl vserver") 1172 | addNSObject "cmp policy" (getNSObjects $vserverConfig "cmp policy" "-policyName") 1173 | addNSObject "cmp policylabel" (getNSObjects $vserverConfig "cmp policylabel" "policylabel") 1174 | addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName") 1175 | addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") 1176 | addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName") 1177 | addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") 1178 | addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policyName") 1179 | addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel") 1180 | addNSObject "appfw policy" (getNSObjects $vserverConfig "appfw policy" "-policyName") 1181 | addNSObject "appfw policylabel" (getNSObjects $vserverConfig "appfw policylabel" "policylabel") 1182 | addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName") 1183 | addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel") 1184 | addNSObject "feo policy" (getNSObjects $vserverConfig "feo policy" "-policyName") 1185 | addNSObject "spillover policy" (getNSObjects $vserverConfig "spillover policy" "-policyName") 1186 | addNSObject "appqoe policy" (getNSObjects $vserverConfig "appqoe policy" "-policyName") 1187 | addNSObject "ica policy" (getNSObjects $vserverConfig "ica policy" "-policyName") 1188 | addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset") 1189 | addNSObject "analytics profile" (getNSObjects $vserverConfig "analytics profile" "-analyticsProfile") 1190 | } 1191 | } 1192 | 1193 | # Get Message Actions from CR Policies 1194 | if ($NSObjects."cr policy") { 1195 | foreach ($policy in $NSObjects."cr policy") { 1196 | addNSObject "audit messageaction" (getNSObjects ($config -match "cr policy $policy") "audit messageaction" "-logAction") 1197 | } 1198 | } 1199 | 1200 | 1201 | # Get CSW Policies from CSW Policy Labels 1202 | if ($NSObjects."cs policylabel") { 1203 | foreach ($policy in $NSObjects."cs policylabel") { 1204 | addNSObject "cs policy" (getNSObjects ($config -match " $policy ") "cs policy") 1205 | } 1206 | } 1207 | 1208 | 1209 | # Get CSW Actions from CSW Policies 1210 | if ($NSObjects."cs policy") { 1211 | $matchExpression = getMatchExpression $NSObjects."cs policy" 1212 | addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action") 1213 | addNSObject "audit messageaction" (getNSObjects ($config -match "cs policy $matchExpression") "audit messageaction" "-logAction") 1214 | 1215 | # Get vServers linked to CSW Actions 1216 | if ($NSObjects."cs action") { 1217 | $matchExpression = getMatchExpression $NSObjects."cs action" 1218 | $filteredConfig = $config -match " $matchExpression " 1219 | foreach ($action in $NSObjects."cs action") { 1220 | addNSObject "lb vserver" (getNSObjects ( $filteredConfig) "lb vserver" "-targetLBVserver") 1221 | addNSObject "vpn vserver" (getNSObjects ( $filteredConfig) "vpn vserver" "-targetVserver") 1222 | addNSObject "gslb vserver" (getNSObjects ( $filteredConfig) "gslb vserver" "-targetVserver") 1223 | } 1224 | } 1225 | } 1226 | 1227 | # Look for Backup GSLB vServers 1228 | if ($nsObjects."gslb vserver") { 1229 | foreach ($gslbvserver in $nsObjects."gslb vserver") { 1230 | # $currentVServers = $nsObjects."gslb vserver" 1231 | # $nsObjects."gslb vserver" = @() 1232 | $vserverConfig = $config -match " $gslbvserver " 1233 | # Backup VServers should be created before Active VServers 1234 | $backupVServers = getNSObjects ($vserverConfig) "gslb vserver" "-backupVServer" 1235 | if ($backupVServers) { 1236 | addNSObject "gslb vserver" ($backupVServers) 1237 | # foreach ($vserver in $currentvservers) { 1238 | # if ($backupVServers -notcontains $vserver) { 1239 | # addNSObject "gslb vserver" ($vserver) 1240 | # } 1241 | # } 1242 | # } else { 1243 | # $nsObjects."gslb vserver" = $currentVServers 1244 | } 1245 | } 1246 | } 1247 | 1248 | 1249 | # Enumerate GSLB vServer config for additional bound objects 1250 | if ($nsObjects."gslb vserver") { 1251 | if ($config -match "enable ns feature.* GSLB") { 1252 | $NSObjects."gslb parameter" = @("enable ns feature gslb") 1253 | } else { 1254 | $NSObjects."gslb parameter" = @("# *** GSLB feature is not enabled") 1255 | } 1256 | foreach ($gslbvserver in $nsObjects."gslb vserver") { 1257 | $vserverConfig = $config -match " $gslbvserver " 1258 | addNSObject "gslb service" (getNSObjects $vserverConfig "gslb service" "-serviceName") 1259 | addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $gslbvserver ") "ssl vserver") 1260 | addNSObject "dns soaRec" (getNSObjects $vserverConfig "dns soaRec") 1261 | addNSObject "dns nsRec" (getNSObjects $vserverConfig "dns nsRec") 1262 | } 1263 | 1264 | if ($NSObjects."gslb service") 1265 | { 1266 | foreach ($service in $NSObjects."gslb service") 1267 | { 1268 | # wrap config matches in spaces to avoid substring matches 1269 | $serviceConfig = $config -match " gslb service $service " 1270 | addNSObject "monitor" (getNSObjects $serviceConfig "lb monitor" "-monitorName") 1271 | addNSObject "monitor" (getNSObjects $serviceConfig "monitor" "-monitorName") 1272 | addNSObject "server" (getNSObjects $serviceConfig "server") 1273 | addNSObject "ssl profile" (getNSObjects $serviceConfig "ssl profile") 1274 | addNSObject "netProfile" (getNSObjects $serviceConfig "netProfile" "-netProfile") 1275 | addNSObject "ns trafficDomain" (getNSObjects $serviceConfig "ns trafficDomain" "-td") 1276 | addNSObject "dns view" (getNSObjects $serviceConfig "dns view" "-viewName") 1277 | addNSObject "gslb site" (getNSObjects $serviceConfig "gslb site" "-siteName") 1278 | } 1279 | } 1280 | 1281 | if ($NSObjects."gslb site") 1282 | { 1283 | foreach ($site in $NSObjects."gslb site") 1284 | { 1285 | $siteConfig = $config -match "add gslb site $site " 1286 | addNSObject "ns rpcNode" (getNSObjects $siteConfig "ns rpcNode") 1287 | } 1288 | } 1289 | 1290 | addNSObject "dns cnameRec" (getNSObjects ($config -match "^add dns cnameRec ") "dns cnameRec") 1291 | addNSObject "dns addRec" (getNSObjects ($config | select-string -Pattern "^add dns addRec" | select-string -NotMatch -Pattern ".root-servers.net") "dns addRec") 1292 | addNSObject "gslb location" ($config -match "^set locationParameter") "gslb location" 1293 | addNSObject "gslb location" ($config -match " locationFile ") "gslb location" 1294 | addNSObject "gslb location" ($config -match "^add location ") "gslb location" 1295 | addNSObject "gslb parameter" ($config -match "^set gslb parameter ") "gslb parameter" 1296 | addNSObject "gslb parameter" ($config -match "^set dns parameter") "gslb parameter" 1297 | # Get all global DNS Responder policies in case they affect GSLB DNS traffic 1298 | addNSObject "responder policy" (getNSObjects ($config -match "^bind responder global .*? -type DNS_REQ_") "responder policy") 1299 | # Get all global DNS Policy bindings in case they affect ADNS traffic? 1300 | addNSObject "dns policy" (getNSObjects ($config -match "^bind dns global") "dns policy") 1301 | addNSObject "adns service" ($config -match '^add service (".*?"|[^-"]\S+) \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} ADNS') "adns service" 1302 | # Get all DNS LB vServers in case they are used for DNS Queries? 1303 | addNSObject "lb vserver" (getNSObjects ($config -match '^add lb vserver (".*?"|[^-"]\S+) DNS') "lb vserver") 1304 | } 1305 | 1306 | 1307 | # Get DNS Actions and DNS Polices from DNS Views 1308 | if ($nsObjects."dns view") { 1309 | foreach ($view in $nsObjects."dns view") { 1310 | addNSObject "dns action" (getNSObjects ($config -match "dns action .*? -viewName $view") "dns action") 1311 | } 1312 | foreach ($action in $nsObjects."dns action") { 1313 | addNSObject "dns policy" (getNSObjects ($config -match "dns policy .*? $action") "dns policy" ) 1314 | } 1315 | } 1316 | 1317 | 1318 | if ($nsObjects."dns policy") { 1319 | # Get DNS Actions for global DNS policies discovered earlier 1320 | foreach ($policy in $nsObjects."dns policy") { 1321 | addNSObject "dns action" (getNSObjects ($config -match "dns policy $policy") "dns action") 1322 | addNSObject "audit messageaction" (getNSObjects ($config -match "dns policy $policy") "audit messageaction" "-logAction") 1323 | } 1324 | # Get DNS Profiles linked to DNS Actions 1325 | foreach ($action in $nsObjects."dns action") { 1326 | addNSObject "dns profile" (getNSObjects ($config -match "dns action $action") "dns profile" "-dnsProfileName" ) 1327 | } 1328 | # Get DNS Views linked to DNS Actions 1329 | foreach ($action in $nsObjects."dns action") { 1330 | addNSObject "dns view" (getNSObjects ($config -match "dns action $action") "dns view" "-viewName" ) 1331 | } 1332 | addNSObject "dns global" ($config -match "bind dns global ") "dns global" 1333 | } 1334 | 1335 | 1336 | 1337 | # Enumerate VPN vServer config for additional bound objects 1338 | if ($nsObjects."vpn vserver") { 1339 | if ($config -match "enable ns feature.* SSLVPN") { 1340 | $NSObjects."vpn parameter" = @("enable ns feature SSLVPN") 1341 | } else { 1342 | $NSObjects."vpn parameter" = @("# *** Citrix Gateway feature is not enabled") 1343 | } 1344 | addNSObject "vpn parameter" ($config -match "vpn parameter") "vpn parameter" 1345 | addNSObject "vpn parameter" ($config -match "ica parameter") "vpn parameter" 1346 | addNSObject "vpn parameter" ($config -match "aaa parameter") "vpn parameter" 1347 | addNSObject "vpn parameter" ($config -match "dns suffix") "vpn parameter" 1348 | addNSObject "clientless domains" ($config -match "ns_cvpn_default_inet_domains") "clientless domains" 1349 | foreach ($vpnvserver in $nsObjects."vpn vserver") { 1350 | $vserverConfig = $config -match " $vpnvserver " 1351 | addNSObject "cs policylabel" (getNSObjects $vserverConfig "cs policylabel") 1352 | addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy") 1353 | addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile") 1354 | addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile") 1355 | addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName") 1356 | addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") 1357 | addNSObject "authentication authnProfile" (getNSObjects $vserverConfig "authentication authnProfile" "-authnProfile") 1358 | addNSObject "vpn pcoipVserverProfile" (getNSObjects $vserverConfig "vpn pcoipVserverProfile" "-pcoipVserverProfileName") 1359 | addNSObject "vpn intranetApplication" (getNSObjects $vserverConfig "vpn intranetApplication" "-intranetApplication") 1360 | addNSObject "vpn portaltheme" (getNSObjects $vserverConfig "vpn portaltheme" "-portaltheme") 1361 | addNSObject "vpn eula" (getNSObjects $vserverConfig "vpn eula" "-eula") 1362 | addNSObject "vpn nextHopServer" (getNSObjects $vserverConfig "vpn nextHopServer" "-nextHopServer") 1363 | addNSObject "authentication ldapPolicy" (getNSObjects $vserverConfig "authentication ldapPolicy" "-policy") 1364 | addNSObject "authentication radiusPolicy" (getNSObjects $vserverConfig "authentication radiusPolicy" "-policy") 1365 | addNSObject "authentication samlIdPPolicy" (getNSObjects $vserverConfig "authentication samlIdPPolicy") 1366 | addNSObject "authentication samlPolicy" (getNSObjects $vserverConfig "authentication samlPolicy") 1367 | addNSObject "authentication certPolicy" (getNSObjects $vserverConfig "authentication certPolicy") 1368 | addNSObject "authentication dfaPolicy" (getNSObjects $vserverConfig "authentication dfaPolicy") 1369 | addNSObject "authentication localPolicy" (getNSObjects $vserverConfig "authentication localPolicy") 1370 | addNSObject "authentication negotiatePolicy" (getNSObjects $vserverConfig "authentication negotiatePolicy") 1371 | addNSObject "authentication tacacsPolicy" (getNSObjects $vserverConfig "authentication tacacsPolicy") 1372 | addNSObject "authentication webAuthPolicy" (getNSObjects $vserverConfig "authentication webAuthPolicy") 1373 | addNSObject "aaa preauthenticationpolicy" (getNSObjects $vserverConfig "aaa preauthenticationpolicy" "-policy") 1374 | addNSObject "vpn sessionPolicy" (getNSObjects $vserverConfig "vpn sessionPolicy" "-policy") 1375 | addNSObject "vpn trafficPolicy" (getNSObjects $vserverConfig "vpn trafficPolicy" "-policy") 1376 | addNSObject "vpn clientlessAccessPolicy" (getNSObjects $vserverConfig "vpn clientlessAccessPolicy" "-policy") 1377 | addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel") 1378 | addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policy") 1379 | addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policy") 1380 | addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") 1381 | addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policy") 1382 | addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") 1383 | addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policy") 1384 | addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel") 1385 | addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policy") 1386 | addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel") 1387 | addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policy") 1388 | addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policy") 1389 | addNSObject "ica policy" (getNSObjects $vserverConfig "ica policy" "-policy") 1390 | addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policy") 1391 | addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher") 1392 | addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") 1393 | addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName") 1394 | addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $vpnvserver ") "ssl vserver") 1395 | addNSObject "vpn url" (getNSObjects $vserverConfig "vpn url" "-urlName") 1396 | addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset") 1397 | addNSObject "analytics profile" (getNSObjects $vserverConfig "analytics profile" "-analyticsProfile") 1398 | } 1399 | addNSObject "aaa group" (getNSObjects ($config -match "add aaa group") "aaa group") 1400 | addNSObject "vpn global" ($config -match "bind vpn global ") "vpn global" 1401 | } 1402 | 1403 | 1404 | # Get CSW Policies from CSW Policy Labels 1405 | if ($NSObjects."cs policylabel") { 1406 | foreach ($policy in $NSObjects."cs policylabel") { 1407 | addNSObject "cs policy" (getNSObjects ($config -match " $policy ") "cs policy") 1408 | } 1409 | } 1410 | 1411 | 1412 | # Get CSW Actions from CSW Policies 1413 | if ($NSObjects."cs policy") { 1414 | $matchExpression = GetMatchExpression $NSObjects."cs policy" 1415 | addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action") 1416 | addNSObject "audit messageaction" (getNSObjects ($config -match "cs policy $matchExpression") "audit messageaction" "-logAction") 1417 | 1418 | # Get vServers linked to CSW Actions 1419 | if ($NSObjects."cs action") { 1420 | $matchExpression = GetMatchExpression $NSObjects."cs action" 1421 | $filteredConfig = $config -match " $matchExpression " 1422 | addNSObject "lb vserver" (getNSObjects ($filteredConfig) "lb vserver" "-targetLBVserver") 1423 | addNSObject "vpn vserver" (getNSObjects ($filteredConfig) "vpn vserver" "-targetVserver") 1424 | addNSObject "gslb vserver" (getNSObjects ($filteredConfig) "gslb vserver" "-targetVserver") 1425 | } 1426 | } 1427 | 1428 | 1429 | # Get objects bound to VPN Global 1430 | if ($nsObjects."vpn global") { 1431 | $vserverConfig = $config -match "bind vpn global " 1432 | addNSObject "vpn intranetApplication" (getNSObjects $vserverConfig "vpn intranetApplication" "-intranetApplication") 1433 | addNSObject "vpn portaltheme" (getNSObjects $vserverConfig "vpn portaltheme" "-portaltheme") 1434 | addNSObject "vpn eula" (getNSObjects $vserverConfig "vpn eula" "-eula") 1435 | addNSObject "vpn nextHopServer" (getNSObjects $vserverConfig "vpn nextHopServer" "-nextHopServer") 1436 | addNSObject "authentication ldapPolicy" (getNSObjects $vserverConfig "authentication ldapPolicy" "-policyName") 1437 | addNSObject "authentication radiusPolicy" (getNSObjects $vserverConfig "authentication radiusPolicy" "-policyName") 1438 | addNSObject "authentication samlIdPPolicy" (getNSObjects $vserverConfig "authentication samlIdPPolicy") 1439 | addNSObject "authentication samlPolicy" (getNSObjects $vserverConfig "authentication samlPolicy") 1440 | addNSObject "authentication certPolicy" (getNSObjects $vserverConfig "authentication certPolicy") 1441 | addNSObject "authentication dfaPolicy" (getNSObjects $vserverConfig "authentication dfaPolicy") 1442 | addNSObject "authentication localPolicy" (getNSObjects $vserverConfig "authentication localPolicy") 1443 | addNSObject "authentication negotiatePolicy" (getNSObjects $vserverConfig "authentication negotiatePolicy") 1444 | addNSObject "authentication tacacsPolicy" (getNSObjects $vserverConfig "authentication tacacsPolicy") 1445 | addNSObject "authentication webAuthPolicy" (getNSObjects $vserverConfig "authentication webAuthPolicy") 1446 | addNSObject "vpn sessionPolicy" (getNSObjects $vserverConfig "vpn sessionPolicy" "-policyName") 1447 | addNSObject "vpn trafficPolicy" (getNSObjects $vserverConfig "vpn trafficPolicy" "-policyName") 1448 | addNSObject "vpn clientlessAccessPolicy" (getNSObjects $vserverConfig "vpn clientlessAccessPolicy" "-policyName") 1449 | addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel" "policylabel") 1450 | addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policyName") 1451 | addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName") 1452 | addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") 1453 | addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName") 1454 | addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") 1455 | addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName") 1456 | addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel") 1457 | addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policyName") 1458 | addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policyName") 1459 | addNSObject "ica policy" (getNSObjects $vserverConfig "ica policy" "-policyName") 1460 | addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName") 1461 | addNSObject "vpn url" (getNSObjects $vserverConfig "vpn url" "-urlName") 1462 | addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName") 1463 | addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-cacert") 1464 | 1465 | $vserverConfig = $config -match "set vpn parameter " 1466 | addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-dnsVserverName") 1467 | addNSObject "vpn alwaysONProfile" (getNSObjects $vserverConfig "vpn alwaysONProfile" "-alwaysONProfileName") 1468 | addNSObject "aaa kcdAccount" (getNSObjects $vserverConfig "aaa kcdAccount" "-kcdAccount") 1469 | addNSObject "vpn pcoipProfile" (getNSObjects $vserverConfig "vpn pcoipProfile" "-pcoipProfileName") 1470 | addNSObject "rdp clientprofile" (getNSObjects $vserverConfig "rdp clientprofile" "-rdpClientProfileName") 1471 | } 1472 | 1473 | 1474 | # Look for LB Persistency Groups 1475 | if ($nsObjects."lb vserver") { 1476 | $matchExpression = getMatchExpression $nsObjects."lb vserver" 1477 | $vserverConfig = $config -match " $matchExpression$" 1478 | addNSObject "lb group" (getNSObjects ($vserverConfig) "lb group") 1479 | if ($nsObjects."lb group") { 1480 | foreach ($lbgroup in $NSObjects."lb group") { 1481 | addNSObject "lb vserver" (getNSObjects ($config -match "lb group " + $lbgroup) "lb vserver") 1482 | } 1483 | } 1484 | } 1485 | 1486 | 1487 | # Look for Backup LB vServers 1488 | if ($nsObjects."lb vserver") { 1489 | $matchExpression = getMatchExpression $nsObjects."lb vserver" 1490 | $currentVServers = $nsObjects."lb vserver" 1491 | $nsObjects."lb vserver" = @() 1492 | $vserverConfig = $config -match " $matchExpression " 1493 | # Backup VServers should be created before Active VServers 1494 | $backupVServers = getNSObjects ($vserverConfig) "lb vserver" "-backupVServer" 1495 | if ($backupVServers) { 1496 | addNSObject "lb vserver" ($backupVServers) 1497 | foreach ($vserver in $currentvservers) { 1498 | if ($backupVServers -notcontains $vserver) { 1499 | addNSObject "lb vserver" ($vserver) 1500 | } 1501 | } 1502 | } else { 1503 | $nsObjects."lb vserver" = $currentVServers 1504 | } 1505 | } 1506 | 1507 | 1508 | # Get objects linked to AAA Groups 1509 | if ($nsObjects."aaa group") { 1510 | foreach ($group in $nsObjects."aaa group") { 1511 | $groupConfig = $config -match " aaa group $group " 1512 | addNSObject "vpn intranetApplication" (getNSObjects $groupConfig "vpn intranetApplication" "-intranetApplication") 1513 | addNSObject "vpn sessionPolicy" (getNSObjects $groupConfig "vpn sessionPolicy" "-policy") 1514 | addNSObject "vpn trafficPolicy" (getNSObjects $groupConfig "vpn trafficPolicy" "-policy") 1515 | addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel") 1516 | addNSObject "authorization policy" (getNSObjects $groupConfig "authorization policy" "-policy") 1517 | addNSObject "vpn url" (getNSObjects $groupConfig "vpn url" "-urlName") 1518 | } 1519 | } 1520 | 1521 | 1522 | # Get Preauthentication Actions from Preauthentication Policies 1523 | if ($NSObjects."aaa preauthenticationpolicy") { 1524 | foreach ($policy in $NSObjects."aaa preauthenticationpolicy") { 1525 | addNSObject "aaa preauthenticationaction" (getNSObjects ($config -match "aaa preauthenticationpolicy $policy ") "aaa preauthenticationaction" -position 4) 1526 | } 1527 | } 1528 | 1529 | 1530 | # Get VPN Session Actions from VPN Session Policies 1531 | if ($NSObjects."vpn sessionPolicy") { 1532 | foreach ($policy in $NSObjects."vpn sessionPolicy") { 1533 | addNSObject "vpn sessionAction" (getNSObjects ($config -match "vpn sessionPolicy $policy ") "vpn sessionAction" -position 4) 1534 | } 1535 | } 1536 | 1537 | 1538 | # Get KCD Accounts and DNS LB vServers from VPN Session Actions 1539 | if ($NSObjects."vpn sessionAction") { 1540 | foreach ($profile in $NSObjects."vpn sessionAction") 1541 | { 1542 | $profileConfig = $config -match "vpn sessionAction $profile " 1543 | addNSObject "aaa kcdAccount" (getNSObjects $profileConfig "aaa kcdAccount" "-kcdAccount") 1544 | addNSObject "lb vserver" (getNSObjects $profileConfig "lb vserver" "-dnsVserverName") 1545 | if ($profileConfig -match "http://" -or $profileConfig -match "https://") 1546 | { 1547 | addNSObject "lb vserver" (getHttpVServer $profileConfig) 1548 | } 1549 | } 1550 | } 1551 | 1552 | 1553 | # Enumerate LB vServer config for additional bound objects 1554 | if ($nsObjects."lb vserver" -or $nsObjects."sys") { 1555 | if ($config -match "enable ns feature.* lb") { 1556 | $NSObjects."lb parameter" = @("enable ns feature lb") 1557 | } else { 1558 | $NSObjects."lb parameter" = @("# *** Load Balancing feature is not enabled") 1559 | } 1560 | addNSObject "lb parameter" ($config -match "ns mode") "lb parameter" 1561 | addNSObject "lb parameter" ($config -match "set lb parameter") "lb parameter" 1562 | addNSObject "lb parameter" ($config -match "set ns param") "lb parameter" 1563 | addNSObject "lb parameter" ($config -match "set dns parameter") "lb parameter" 1564 | addNSObject "lb parameter" ($config -match "set dns profile default-dns-profile") "lb parameter" 1565 | addNSObject "lb parameter" ($config -match "set ns tcpParam") "lb parameter" 1566 | addNSObject "lb parameter" ($config -match "set ns tcpProfile nstcp_default") "lb parameter" 1567 | addNSObject "lb parameter" ($config -match "set ns httpParam") "lb parameter" 1568 | addNSObject "lb parameter" ($config -match "set ns tcpbufParam") "lb parameter" 1569 | addNSObject "lb parameter" ($config -match "set ns timeout") "lb parameter" 1570 | GetLBvServerBindings $NSObjects."lb vserver" 1571 | } 1572 | 1573 | 1574 | # Get AAA VServers linked to Authentication Profiles 1575 | if ($NSObjects."authentication authnProfile") { 1576 | foreach ($profile in $NSObjects."authentication authnProfile") { 1577 | addNSObject "authentication vserver" (getNSObjects ($config -match "authentication authnProfile $profile ") "authentication vserver" "-authnVsName") 1578 | } 1579 | } 1580 | 1581 | 1582 | # Get Objects linked to Authentication vServers 1583 | if ($NSObjects."authentication vserver") { 1584 | if ($config -match "enable ns feature.* rewrite") { 1585 | $NSObjects."authentication param" = @("enable ns feature AAA") 1586 | } else { 1587 | $NSObjects."authentication param" = @("# *** AAA feature is not enabled") 1588 | } 1589 | $matchExpression = getMatchExpression $NSObjects."authentication vserver" 1590 | $vserverConfig = $config -match " $matchExpression " 1591 | addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") 1592 | addNSObject "authentication ldapPolicy" (getNSObjects $vserverConfig "authentication ldapPolicy") 1593 | addNSObject "authentication radiusPolicy" (getNSObjects $vserverConfig "authentication radiusPolicy") 1594 | addNSObject "authentication policy" (getNSObjects $vserverConfig "authentication policy") 1595 | addNSObject "authentication samlIdPPolicy" (getNSObjects $vserverConfig "authentication samlIdPPolicy") 1596 | addNSObject "authentication samlPolicy" (getNSObjects $vserverConfig "authentication samlPolicy") 1597 | addNSObject "authentication certPolicy" (getNSObjects $vserverConfig "authentication certPolicy") 1598 | addNSObject "authentication dfaPolicy" (getNSObjects $vserverConfig "authentication dfaPolicy") 1599 | addNSObject "authentication localPolicy" (getNSObjects $vserverConfig "authentication localPolicy") 1600 | addNSObject "authentication negotiatePolicy" (getNSObjects $vserverConfig "authentication negotiatePolicy") 1601 | addNSObject "authentication tacacsPolicy" (getNSObjects $vserverConfig "authentication tacacsPolicy") 1602 | addNSObject "authentication webAuthPolicy" (getNSObjects $vserverConfig "authentication webAuthPolicy") 1603 | addNSObject "tm sessionPolicy" (getNSObjects $vserverConfig "tm sessionPolicy") 1604 | addNSObject "vpn portaltheme" (getNSObjects $vserverConfig "vpn portaltheme" "-portaltheme") 1605 | addNSObject "authentication loginSchemaPolicy" (getNSObjects $vserverConfig "authentication loginSchemaPolicy") 1606 | addNSObject "authentication policylabel" (getNSObjects $vserverConfig "authentication policylabel" "-nextFactor") 1607 | addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policy") 1608 | addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policy") 1609 | addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy" "-policy") 1610 | addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policy") 1611 | addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher" "-cipherName") 1612 | addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") 1613 | addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName") 1614 | addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-cacert") 1615 | addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $authVServer ") "ssl vserver") 1616 | } 1617 | 1618 | 1619 | # Get CSW Actions from CSW Policies 1620 | if ($NSObjects."cs policy") { 1621 | $matchExpression = getMatchExpression $NSObjects."cs policy" 1622 | addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action") 1623 | addNSObject "audit messageaction" (getNSObjects ($config -match "cr policy $policy") "audit messageaction" "-logAction") 1624 | 1625 | # Get vServers linked to CSW Actions 1626 | if ($NSObjects."cs action") { 1627 | $matchExpression = getMatchExpression $NSObjects."cs action" 1628 | $filteredConfig = $config -match " $matchExpression " 1629 | addNSObject "lb vserver" (getNSObjects ($filteredConfig) "lb vserver" "-targetLBVserver") 1630 | addNSObject "vpn vserver" (getNSObjects ($filteredConfig) "vpn vserver" "-targetVserver") 1631 | addNSObject "gslb vserver" (getNSObjects ($filteredConfig) "gslb vserver" "-targetVserver") 1632 | } 1633 | } 1634 | 1635 | 1636 | 1637 | # Get Next Factors, Authentication Policies and Login Schemas from Authentication Policy Labels 1638 | if ($NSObjects."authentication policylabel") { 1639 | # Get Next Factors; repeat multiple times for Next Factor nesting level 1640 | for ($i=0;$i -le $nFactorNestingLevel; $i++) { 1641 | foreach ($policy in $NSObjects."authentication policylabel") { 1642 | addNSObject "authentication policylabel" (getNSObjects ($config -match " $policy ") "authentication policylabel" "-nextFactor") 1643 | } 1644 | } 1645 | 1646 | foreach ($policy in $NSObjects."authentication policylabel") { 1647 | addNSObject "authentication policy" (getNSObjects ($config -match " $policy ") "authentication policy") 1648 | addNSObject "authentication loginSchema" (getNSObjects ($config -match " $policy ") "authentication loginSchema") 1649 | } 1650 | } 1651 | 1652 | 1653 | # Sort the Policy Labels so Next Factors are created prior to policy bindings in earlier factors 1654 | if ($NSObjects."authentication policylabel") { 1655 | $policyLabelsSorted = @() 1656 | foreach ($policyLabel in $NSObjects."authentication policylabel") { 1657 | $policyBindings = $config -match ('^bind authentication policylabel ' + $policyLabel + " -(policy|policyName) ") 1658 | $nextFactors = $policyBindings | select-string -Pattern ('-nextFactor (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 1659 | if (-not $nextFactors) { 1660 | $policyLabelsSorted = ,$policyLabel + $policyLabelsSorted 1661 | } else { 1662 | foreach ($nextFactor in $nextFactors) { 1663 | if ($policyLabelsSorted -contains $nextFactor) { 1664 | $policyLabelsSorted = $policyLabelsSorted + ,$policyLabel 1665 | } 1666 | } 1667 | } 1668 | } 1669 | for ($i=0; $i -lt $nFactorNestingLevel; $i++) { 1670 | foreach ($policyLabel in $NSObjects."authentication policylabel") { 1671 | $policyBindings = $config -match ('^bind authentication policylabel ' + $policyLabel + " -(policy|policyName) ") 1672 | $nextFactors = $policyBindings | select-string -Pattern ('-nextFactor (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} 1673 | foreach ($nextFactor in $nextFactors) { 1674 | if ($policyLabelsSorted -contains $nextFactor) { 1675 | $policyLabelsSorted = $policyLabelsSorted + ,$policyLabel 1676 | } 1677 | } 1678 | } 1679 | } 1680 | $NSObjects."authentication policylabel" = $policyLabelsSorted 1681 | } 1682 | 1683 | 1684 | # Get Authentication Actions from Advanced Authentication Policies 1685 | if ($NSObjects."authentication policy") { 1686 | $matchExpression = getMatchExpression $NSObjects."authentication policy" 1687 | $filteredConfig = $config -match "authentication policy $matchExpression " 1688 | addNSObject "authentication ldapAction" (getNSObjects ($filteredConfig) "authentication ldapAction") 1689 | addNSObject "audit messageaction" (getNSObjects ($filteredConfig) "audit messageaction" "-logAction") 1690 | addNSObject "authentication radiusAction" (getNSObjects ($filteredConfig) "authentication radiusAction") 1691 | addNSObject "authentication samlAction" (getNSObjects ($filteredConfig) "authentication samlAction" -position 4) 1692 | addNSObject "authentication certAction" (getNSObjects ($filteredConfig) "authentication certAction") 1693 | addNSObject "authentication dfaAction" (getNSObjects ($filteredConfig) "authentication dfaAction") 1694 | addNSObject "authentication epaAction" (getNSObjects ($filteredConfig) "authentication epaAction") 1695 | addNSObject "authentication negotiateAction" (getNSObjects ($filteredConfig) "authentication negotiateAction") 1696 | addNSObject "authentication OAuthAction" (getNSObjects ($filteredConfig) "authentication OAuthAction") 1697 | addNSObject "authentication storefrontAuthAction" (getNSObjects ($filteredConfig) "authentication storefrontAuthAction") 1698 | addNSObject "authentication tacacsAction" (getNSObjects ($filteredConfig) "authentication tacacsAction") 1699 | addNSObject "authentication webAuthAction" (getNSObjects ($filteredConfig) "authentication webAuthAction") 1700 | addNSObject "authentication emailAction" (getNSObjects ($filteredConfig) "authentication emailAction") 1701 | addNSObject "authentication noAuthAction" (getNSObjects ($filteredConfig) "authentication noAuthAction") 1702 | addNSObject "authentication captchaAction" (getNSObjects ($filteredConfig) "authentication captchaAction") 1703 | } 1704 | 1705 | 1706 | # Get LDAP Actions from LDAP Policies 1707 | if ($NSObjects."authentication ldapPolicy") { 1708 | foreach ($policy in $NSObjects."authentication ldapPolicy") { 1709 | addNSObject "authentication ldapAction" (getNSObjects ($config -match "authentication ldapPolicy $policy ") "authentication ldapAction") 1710 | } 1711 | } 1712 | 1713 | 1714 | # Get RADIUS Actions from RADIUS Policies 1715 | if ($NSObjects."authentication radiusPolicy") { 1716 | foreach ($policy in $NSObjects."authentication radiusPolicy") { 1717 | addNSObject "authentication radiusAction" (getNSObjects ($config -match "authentication radiusPolicy $policy ") "authentication radiusAction" -position 4) 1718 | } 1719 | } 1720 | 1721 | 1722 | # Get Cert Actions from Cert Policies 1723 | if ($NSObjects."authentication certPolicy") { 1724 | foreach ($policy in $NSObjects."authentication certPolicy") { 1725 | addNSObject "authentication certAction" (getNSObjects ($config -match "authentication certPolicy $policy ") "authentication certAction" -position 4) 1726 | } 1727 | } 1728 | 1729 | 1730 | # Get DFA Actions from DFA Policies 1731 | if ($NSObjects."authentication dfaPolicy") { 1732 | foreach ($policy in $NSObjects."authentication dfaPolicy") { 1733 | addNSObject "authentication dfaAction" (getNSObjects ($config -match "authentication dfaPolicy $policy ") "authentication dfaAction") 1734 | } 1735 | } 1736 | 1737 | 1738 | # Get Negotiate Actions from Negotiate Policies 1739 | if ($NSObjects."authentication negotiatePolicy") { 1740 | foreach ($policy in $NSObjects."authentication negotiatePolicy") { 1741 | addNSObject "authentication negotiateAction" (getNSObjects ($config -match "authentication negotiatePolicy $policy ") "authentication negotiateAction") 1742 | } 1743 | } 1744 | 1745 | 1746 | # Get TACACS Actions from TACACS Policies 1747 | if ($NSObjects."authentication tacacsPolicy") { 1748 | foreach ($policy in $NSObjects."authentication tacacsPolicy") { 1749 | addNSObject "authentication tacacsAction" (getNSObjects ($config -match "authentication tacacsPolicy $policy ") "authentication tacacsAction") 1750 | } 1751 | } 1752 | 1753 | 1754 | # Get Web Auth Actions from Web Auth Policies 1755 | if ($NSObjects."authentication webAuthPolicy") { 1756 | foreach ($policy in $NSObjects."authentication webAuthPolicy") { 1757 | addNSObject "authentication webAuthAction" (getNSObjects ($config -match "authentication webAuthPolicy $policy ") "authentication webAuthAction") 1758 | } 1759 | } 1760 | 1761 | 1762 | # Get SAML iDP Profiles from SAML iDP Policies 1763 | if ($NSObjects."authentication samlIdPPolicy") { 1764 | foreach ($policy in $NSObjects."authentication samlIdPPolicy") { 1765 | addNSObject "authentication samlIdPProfile" (getNSObjects ($config -match "authentication samlIdPPolicy $policy ") "authentication samlIdPProfile" -position 4) 1766 | addNSObject "audit messageaction" (getNSObjects ($config -match "authentication samlIdPPolicy $policy") "audit messageaction" "-logAction") 1767 | } 1768 | 1769 | } 1770 | 1771 | 1772 | # Get SAML Actions from SAML Authentication Policies 1773 | if ($NSObjects."authentication samlPolicy") { 1774 | $matchExpression = GetMatchExpression $NSObjects."authentication samlPolicy" 1775 | addNSObject "authentication samlAction" (getNSObjects ($config -match "authentication samlPolicy $matchExpression ") "authentication samlAction" -position 4) 1776 | } 1777 | 1778 | 1779 | # Get SSL Certificates from SAML Actions, SAML Profiles, and ADFS Proxy Profiles 1780 | if ($NSObjects."authentication samlAction") { 1781 | $matchExpression = GetMatchExpression $NSObjects."authentication samlAction" 1782 | $filteredConfig = $config -match "authentication samlAction $matchExpression " 1783 | addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlIdPCertName") 1784 | addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlSigningCertName") 1785 | } 1786 | 1787 | if ($NSObjects."authentication samlIdPProfile") { 1788 | $matchExpression = GetMatchExpression $NSObjects."authentication samlIdPProfile" 1789 | $filteredConfig = $config -match "authentication samlIdPProfile $matchExpression " 1790 | addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlIdPCertName") 1791 | addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlSPCertName") 1792 | } 1793 | 1794 | foreach ($action in $NSObjects."authentication adfsProxyProfile") { 1795 | addNSObject "ssl certKey" (getNSObjects ($config -match "authentication adfsProxyProfile $action ") "ssl certKey" "-certKeyName") 1796 | } 1797 | 1798 | 1799 | 1800 | # Get Push Service from LDAP Actions 1801 | foreach ($action in $NSObjects."authentication ldapAction") { 1802 | addNSObject "authentication pushService" (getNSObjects ($config -match "authentication ldapAction $action ") "authentication pushService" "-pushService") 1803 | } 1804 | 1805 | 1806 | # Get Default AAA Groups from Authentication Actions 1807 | foreach ($action in $NSObjects."authentication certAction") { 1808 | addNSObject "aaa group" (getNSObjects ($config -match "authentication certAction $action ") "aaa group" "-defaultAuthenticationGroup") 1809 | } 1810 | foreach ($action in $NSObjects."authentication dfaAction") { 1811 | addNSObject "aaa group" (getNSObjects ($config -match "authentication dfaAction $action ") "aaa group" "-defaultAuthenticationGroup") 1812 | } 1813 | foreach ($action in $NSObjects."authentication epaAction") { 1814 | addNSObject "aaa group" (getNSObjects ($config -match "authentication epaAction $action ") "aaa group" "-defaultEPAGroup") 1815 | addNSObject "aaa group" (getNSObjects ($config -match "authentication epaAction $action ") "aaa group" "-quarantineGroup") 1816 | } 1817 | foreach ($action in $NSObjects."authentication ldapAction") { 1818 | addNSObject "aaa group" (getNSObjects ($config -match "authentication ldapAction $action ") "aaa group" "-defaultAuthenticationGroup") 1819 | } 1820 | foreach ($action in $NSObjects."authentication negotiateAction") { 1821 | addNSObject "aaa group" (getNSObjects ($config -match "authentication negotiateAction $action ") "aaa group" "-defaultAuthenticationGroup") 1822 | } 1823 | foreach ($action in $NSObjects."authentication OAuthAction") { 1824 | addNSObject "aaa group" (getNSObjects ($config -match "authentication OAuthAction $action ") "aaa group" "-defaultAuthenticationGroup") 1825 | } 1826 | foreach ($action in $NSObjects."authentication radiusAction") { 1827 | addNSObject "aaa group" (getNSObjects ($config -match "authentication radiusAction $action ") "aaa group" "-defaultAuthenticationGroup") 1828 | } 1829 | foreach ($action in $NSObjects."authentication samlAction") { 1830 | addNSObject "aaa group" (getNSObjects ($config -match "authentication samlAction $action ") "aaa group" "-defaultAuthenticationGroup") 1831 | } 1832 | foreach ($action in $NSObjects."authentication webAuthAction") { 1833 | addNSObject "aaa group" (getNSObjects ($config -match "authentication webAuthAction $action ") "aaa group" "-defaultAuthenticationGroup") 1834 | } 1835 | 1836 | 1837 | # Get SSL Objects from SSL vServers 1838 | if ($NSObjects."ssl vserver") { 1839 | $matchExpression = getMatchExpression $NSObjects."ssl vserver" 1840 | $filteredConfig = $config -match " ssl vserver $matchExpression " 1841 | addNSObject "ssl cipher" (getNSObjects ($filteredConfig) "ssl cipher" "-cipherName") 1842 | addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-certkeyName") 1843 | addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-cacert") 1844 | addNSObject "ssl logprofile" (getNSObjects ($filteredConfig) "ssl logprofile" "-ssllogprofile") 1845 | addNSObject "ssl profile" (getNSObjects ($filteredConfig) "ssl profile" "-sslProfile") 1846 | } 1847 | 1848 | 1849 | # Get objects linked to certKeys 1850 | if ($NSObjects."ssl certKey") { 1851 | foreach ($certKey in $NSObjects."ssl certKey") { 1852 | $certKey = $certKey -replace "\.", "\." 1853 | $certKey = $certKey -replace "\*", "\*" 1854 | 1855 | # Get FIPS Keys from SSL Certs 1856 | addNSObject "ssl fipsKey" (getNSObjects ($config -match "add ssl certKey $certKey ") "ssl fipsKey" "-fipsKey") 1857 | 1858 | # Get HSM Keys from SSL Certs 1859 | addNSObject "ssl hsmKey" (getNSObjects ($config -match "add ssl certKey $certKey ") "ssl hsmKey" "-hsmKey") 1860 | 1861 | # Put Server Cerficates in different bucket than CA Certificates 1862 | addNSObject "ssl cert" ($config -match "add ssl certKey $certKey") "ssl certKey" 1863 | 1864 | # CA Certs are seperate section so they can be outputted before server certs 1865 | $CACert = getNSObjects ($config -match "link ssl certKey $certKey ") "ssl certKey" 1866 | foreach ($cert in $CACert) { if ($cert -notmatch $certKey) {$CACert = $cert} } 1867 | if ($CACert) { 1868 | addNSObject "ssl cert" ($config -match "add ssl certKey $CACert") "ssl certKey" 1869 | addNSObject "ssl link" ($config -match "link ssl certKey $certKey") "ssl certKey" 1870 | $certKey = $CACert 1871 | } 1872 | 1873 | # Intermediate certs are sometimes linked to other intermediates 1874 | $CACert = getNSObjects ($config -match "link ssl certKey $CACert ") "ssl certKey" 1875 | foreach ($cert in $CACert) { if ($cert -notmatch $certKey) {$CACert = $cert} } 1876 | if ($CACert) { 1877 | addNSObject "ssl cert" ($config -match "add ssl certKey $CACert") "ssl certKey" 1878 | addNSObject "ssl link" ($config -match "link ssl certKey $certKey") "ssl certKey" 1879 | $certKey = $CACert 1880 | } 1881 | 1882 | 1883 | # Intermedicate certs are sometimes linked to root certs 1884 | $CACert = getNSObjects ($config -match "link ssl certKey $CACert ") "ssl certKey" 1885 | foreach ($cert in $CACert) { if ($cert -notmatch $certKey) {$CACert = $cert} } 1886 | if ($CACert) { 1887 | addNSObject "ssl cert" ($config -match "add ssl certKey $CACert") "ssl certKey" 1888 | addNSObject "ssl link" ($config -match "link ssl certKey $certKey") "ssl certKey" 1889 | } 1890 | 1891 | } 1892 | } 1893 | 1894 | 1895 | # Get Azure Key Vaults from HSM Keys 1896 | if ($NSObjects."ssl hmsKey") { 1897 | foreach ($hmsKey in $NSObjects."ssl hmsKey") { 1898 | addNSObject "azure keyvault" (getNSObjects ($config -match "add ssl hsmKey $hsmKey ") "azure keyvault" "-keystore") 1899 | } 1900 | 1901 | # Get callout root certificates 1902 | addNSObject "ssl cert" ($config -match "bind ssl cacertGroup ns_callout_certs ") "ssl certKey" 1903 | } 1904 | 1905 | 1906 | # Get Azure Applications from Azure Key Vaults 1907 | if ($NSObjects."azure keyvault") { 1908 | foreach ($vault in $NSObjects."azure keyVault") { 1909 | addNSObject "azure application" (getNSObjects ($config -match "add azure keyVault $vault ") "azure application" "-azureApplication") 1910 | } 1911 | } 1912 | 1913 | 1914 | # Get Objects linked to Monitors 1915 | if ($NSObjects.monitor) { 1916 | foreach ($monitor in $NSObjects.monitor) { 1917 | $monitorConfig = $config -match " monitor $monitor " 1918 | addNSObject "netProfile" (getNSObjects $monitorConfig "netProfile" "-netProfile") 1919 | addNSObject "ns trafficDomain" (getNSObjects $monitorConfig "ns trafficDomain" "-td") 1920 | addNSObject "aaa kcdAccount" (getNSObjects $monitorConfig "aaa kcdAccount" "-kcdAccount") 1921 | addNSObject "ssl profile" (getNSObjects $monitorConfig "ssl profile" "-sslProfile") 1922 | addNSObject "lb metricTable" (getNSObjects $monitorConfig "lb metricTable" "-metricTable") 1923 | } 1924 | } 1925 | 1926 | 1927 | # Get VPN Clientless Profiles from VPN Clientless Policies 1928 | if ($NSObjects."vpn clientlessAccessPolicy") { 1929 | foreach ($policy in $NSObjects."vpn clientlessAccessPolicy") { 1930 | addNSObject "vpn clientlessAccessProfile" (getNSObjects ($config -match " vpn clientlessAccessPolicy $policy ") "vpn clientlessAccessProfile" -position 4) 1931 | } 1932 | } 1933 | 1934 | 1935 | # Get Rewrite PolicyLabels from VPN Clientless Profiles 1936 | if ($NSObjects."vpn clientlessAccessProfile") { 1937 | foreach ($Profile in $NSObjects."vpn clientlessAccessProfile") { 1938 | addNSObject "rewrite policylabel" (getNSObjects ($config -match " vpn clientlessAccessProfile $Profile ") "rewrite policylabel" -position 4) 1939 | } 1940 | } 1941 | 1942 | 1943 | # Get global filter bindings, filter actions, and forwarding services 1944 | 1945 | if ($config -match "enable ns feature.* CF") { 1946 | addNSObject "filter policy" (getNSObjects ($config -match "bind filter global ") "filter policy") 1947 | if ($NSObjects."filter policy") { 1948 | # Get Filter Actions from Filter Policies 1949 | foreach ($policy in $NSObjects."filter policy") { 1950 | addNSObject "filter action" (getNSObjects ($config -match "filter policy $policy ") "filter action") 1951 | } 1952 | # Get Forwarding Services from Filter Actions 1953 | foreach ($action in $NSObjects."filter action") { 1954 | addNSObject "service" (getNSObjects ($config -match "filter action $action ") "service" "forward") 1955 | } 1956 | } 1957 | } 1958 | 1959 | if ($config -match "enable ns feature.* IC") { 1960 | $NSObjects."cache parameter" = @("enable ns feature IC") 1961 | # Get Cache Policies from Global Cache Bindings 1962 | addNSObject "cache policylabel" (getNSObjects ($config -match "bind cache global ") "cache policylabel") 1963 | addNSObject "cache Policy" (getNSObjects ($config -match "bind cache global ") "cache Policy") 1964 | addNSObject "cache parameter" ($config -match "set cache parameter ") "cache parameter" 1965 | addNSObject "cache global" ($config -match "bind cache global ") "cache global" 1966 | } else { 1967 | $NSObjects."cache parameter" = @("# *** Integrated Caching feature is not enabled. Cache Global bindings skipped.") 1968 | } 1969 | 1970 | 1971 | 1972 | # Get Cache Policies from Cache Policy Labels 1973 | if ($NSObjects."cache policylabel") { 1974 | foreach ($policy in $NSObjects."cache policylabel") { 1975 | addNSObject "cache Policy" (getNSObjects ($config -match " $policy ") "cache Policy") 1976 | } 1977 | } 1978 | 1979 | 1980 | # Get Cache Content Groups from Cache Policies 1981 | if ($NSObjects."cache policy") { 1982 | foreach ($policy in $NSObjects."cache policy") { 1983 | addNSObject "cache contentGroup" (getNSObjects ($config -match " $policy ") "cache contentGroup") 1984 | } 1985 | } 1986 | 1987 | 1988 | # Get Cache Selectors from Cache Content Groups 1989 | if ($NSObjects."cache contentGroup") { 1990 | foreach ($policy in $NSObjects."cache contentGroup") { 1991 | addNSObject "cache selector" (getNSObjects ($config -match " $policy ") "cache selector") 1992 | } 1993 | } 1994 | 1995 | 1996 | # Get Global Responder Bindings 1997 | addNSObject "responder policy" (getNSObjects ($config -match "bind responder global ") "responder policy") 1998 | addNSObject "responder policylabel" (getNSObjects ($config -match "bind responder global ") "responder policylabel") 1999 | 2000 | 2001 | # Get Responder Policies from Responder Policy Labels 2002 | if ($NSObjects."responder policylabel") { 2003 | foreach ($policy in $NSObjects."responder policylabel") { 2004 | addNSObject "responder Policy" (getNSObjects ($config -match " $policy ") "responder Policy") 2005 | } 2006 | } 2007 | 2008 | 2009 | # Get Responder Actions and Responder Global Settings 2010 | if ($NSObjects."responder policy") { 2011 | $matchExpression = getMatchExpression $NSObjects."responder policy" 2012 | $filteredConfig = $config -match " responder policy $matchExpression " 2013 | addNSObject "responder action" (getNSObjects ($filteredConfig) "responder action") 2014 | addNSObject "audit messageaction" (getNSObjects ($filteredConfig) "audit messageaction" "-logAction") 2015 | addNSObject "ns assignment" (getNSObjects ($filteredConfig) "ns assignment") 2016 | if ($config -match "enable ns feature.* RESPONDER") { 2017 | $NSObjects."responder param" = @("enable ns feature RESPONDER") 2018 | } else { 2019 | $NSObjects."responder param" = @("# *** Responder feature is not enabled") 2020 | } 2021 | addNSObject "responder param" ($config -match "set responder param ") "responder param" 2022 | addNSObject "responder global" ($config -match "bind responder global ") "responder global" 2023 | 2024 | } 2025 | 2026 | 2027 | # Get Rewrite Policies from Global Rewrite Bindings 2028 | addNSObject "rewrite policy" (getNSObjects ($config -match "bind rewrite global ") "rewrite policy") 2029 | addNSObject "rewrite policylabel" (getNSObjects ($config -match "bind rewrite global ") "rewrite policylabel") 2030 | 2031 | 2032 | # Get Rewrite Policies from Rewrite Policy Labels 2033 | if ($NSObjects."rewrite policylabel") { 2034 | $matchExpression = getMatchExpression $NSObjects."rewrite policylabel" 2035 | addNSObject "rewrite Policy" (getNSObjects ($config -match " $matchExpression ") "rewrite Policy") 2036 | } 2037 | 2038 | 2039 | # Get Rewrite Actions and Rewrite Global Settings 2040 | if ($NSObjects."rewrite policy") { 2041 | $matchExpression = getMatchExpression $NSObjects."rewrite policy" 2042 | $filteredConfig = $config -match "rewrite policy $matchExpression " 2043 | addNSObject "rewrite action" (getNSObjects ($filteredConfig) "rewrite action") 2044 | addNSObject "audit messageaction" (getNSObjects ($filteredConfig) "audit messageaction" "-logAction") 2045 | 2046 | if ($config -match "enable ns feature.* rewrite") { 2047 | $NSObjects."rewrite param" = @("enable ns feature rewrite") 2048 | } else { 2049 | $NSObjects."rewrite param" = @("# *** Rewrite feature is not enabled") 2050 | } 2051 | addNSObject "rewrite param" ($config -match "set rewrite param ") "rewrite param" 2052 | addNSObject "rewrite global" ($config -match "bind rewrite global ") "rewrite global" 2053 | } 2054 | 2055 | 2056 | # Get Compression Policies from Global Compression Bindings 2057 | addNSObject "cmp policy" (getNSObjects ($config -match "bind cmp global ") "cmp policy") 2058 | addNSObject "cmp policylabel" (getNSObjects ($config -match "bind cmp global ") "cmp policylabel") 2059 | 2060 | 2061 | # Get Compression Policies from Compression Policy Labels 2062 | if ($NSObjects."cmp policylabel") { 2063 | foreach ($policy in $NSObjects."cmp policylabel") { 2064 | addNSObject "cmp policy" (getNSObjects ($config -match "cmp policylabel $policy ") "cmp policy") 2065 | } 2066 | } 2067 | 2068 | 2069 | # Get Compression Actions and Compression Global Settings 2070 | if ($NSObjects."cmp policy") { 2071 | foreach ($policy in $NSObjects."cmp policy") { 2072 | addNSObject "cmp action" (getNSObjects ($config -match "cmp policy $Pplicy ") "cmp action") 2073 | addNSObject "audit messageaction" (getNSObjects ($config -match "cmp policy $policy") "audit messageaction" "-logAction") 2074 | } 2075 | if ($config -match "enable ns feature.* cmp") { 2076 | $NSObjects."cmp parameter" = @("enable ns feature cmp") 2077 | } else { 2078 | $NSObjects."cmp parameter" = @("# *** Compression feature is not enabled") 2079 | } 2080 | addNSObject "cmp parameter" ($config -match "set cmp parameter ") "cmp parameter" 2081 | addNSObject "cmp global" ($config -match "bind cmp global ") "cmp global" 2082 | } 2083 | 2084 | 2085 | # Get global bound Traffic Management Policies 2086 | $filteredConfig = $config -match "bind tm global" 2087 | addNSObject "tm trafficPolicy" (getNSObjects ($filteredConfig) "tm trafficPolicy") 2088 | addNSObject "tm sessionPolicy" (getNSObjects ($filteredConfig) "tm sessionPolicy") 2089 | addNSObject "audit syslogPolicy" (getNSObjects ($filteredConfig) "audit syslogPolicy") 2090 | addNSObject "audit nslogPolicy" (getNSObjects ($filteredConfig) "audit nslogPolicy") 2091 | addNSObject "tm global" ($filteredConfig) "tm global" 2092 | 2093 | 2094 | # Get AAA Traffic Actions from AAA Traffic Policies 2095 | if ($NSObjects."tm trafficPolicy") { 2096 | $matchExpression = getMatchExpression $NSObjects."tm trafficPolicy" 2097 | addNSObject "tm trafficAction" (getNSObjects ($config -match " $matchExpression ") "tm trafficAction" -position 4) 2098 | } 2099 | 2100 | 2101 | # Get KCD Accounts and SSO Profiles from AAA Traffic Actions 2102 | if ($NSObjects."tm trafficAction") { 2103 | $matchExpression = getMatchExpression $NSObjects."tm trafficAction" 2104 | $filteredConfig = $config -match "tm trafficAction $matchExpression " 2105 | addNSObject "aaa kcdAccount" (getNSObjects ($filteredConfig) "aaa kcdAccount" "-kcdAccount") 2106 | addNSObject "tm formSSOAction" (getNSObjects ($filteredConfig) "tm formSSOAction" "-formSSOAction") 2107 | addNSObject "tm samlSSOProfile" (getNSObjects ($filteredConfig) "tm samlSSOProfile" "-samlSSOProfile") 2108 | } 2109 | 2110 | 2111 | # Get Authorization Policies from Authorization Policy Labels 2112 | if ($NSObjects."authorization policylabel") { 2113 | foreach ($policy in $NSObjects."authorization policylabel") { 2114 | addNSObject "authorization policy" (getNSObjects ($config -match "authorization policy $policy ") "authorization policy") 2115 | addNSObject "audit messageaction" (getNSObjects ($config -match "authorization policy $policy") "audit messageaction" "-logAction") 2116 | } 2117 | } 2118 | 2119 | 2120 | # Get SmartControl Actions from SmartControl Policies 2121 | if ($NSObjects."ica policy") { 2122 | foreach ($policy in $NSObjects."ica policy") { 2123 | addNSObject "ica action" (getNSObjects ($config -match "ica policy $policy ") "ica action" -position 4) 2124 | addNSObject "audit messageaction" (getNSObjects ($config -match "ica policy $policy") "audit messageaction" "-logAction") 2125 | 2126 | } 2127 | 2128 | # Get SmartControl Access Profiles from SmartControl Actions 2129 | if ($NSObjects."ica action") { 2130 | foreach ($policy in $NSObjects."ica action") { 2131 | addNSObject "ica accessprofile" (getNSObjects ($config -match " $policy ") "ica accessprofile" -position 4) 2132 | } 2133 | } 2134 | } 2135 | 2136 | 2137 | # Get VPN Traffic Actions from VPN Traffic Policies 2138 | if ($NSObjects."vpn trafficPolicy") { 2139 | foreach ($policy in $NSObjects."vpn trafficPolicy") { 2140 | addNSObject "vpn trafficAction" (getNSObjects ($config -match " $policy ") "vpn trafficAction" -position 4) 2141 | } 2142 | } 2143 | 2144 | 2145 | # Get KCD Accounts and SSO Profiles from VPN Traffic Actions 2146 | if ($NSObjects."vpn trafficAction") { 2147 | foreach ($profile in $NSObjects."vpn trafficAction") { 2148 | addNSObject "aaa kcdAccount" (getNSObjects ($config -match "vpn trafficAction $profile ") "aaa kcdAccount" "-kcdAccount") 2149 | addNSObject "vpn formSSOAction" (getNSObjects ($config -match "vpn trafficAction $profile ") "vpn formSSOAction" "-formSSOAction") 2150 | addNSObject "vpn samlSSOProfile" (getNSObjects ($config -match "vpn trafficAction $profile ") "vpn samlSSOProfile" "-samlSSOProfile") 2151 | } 2152 | } 2153 | 2154 | 2155 | # Get PCoIP and RDP Profiles, and AlwaysOn Profiles from VPN Session Actions 2156 | if ($NSObjects."vpn sessionAction") { 2157 | foreach ($policy in $NSObjects."vpn sessionAction") { 2158 | addNSObject "vpn pcoipProfile" (getNSObjects ($config -match " $policy ") "vpn pcoipProfile" -position 4) 2159 | addNSObject "rdp clientprofile" (getNSObjects ($config -match " $policy ") "rdp clientprofile" -position 4) 2160 | addNSObject "vpn alwaysONProfile" (getNSObjects ($config -match " $policy ") "vpn alwaysONProfile" "-alwaysONProfileName") 2161 | } 2162 | } 2163 | 2164 | 2165 | # Get AAA Session Actions 2166 | if ($NSObjects."tm sessionPolicy") { 2167 | foreach ($policy in $NSObjects."tm sessionPolicy") { 2168 | addNSObject "tm sessionAction" (getNSObjects ($config -match " $policy ") "tm sessionAction") 2169 | } 2170 | } 2171 | 2172 | 2173 | # Get KCD Accounts from AAA Session Actions 2174 | if ($NSObjects."tm sessionAction") { 2175 | foreach ($profile in $NSObjects."tm sessionAction") { 2176 | addNSObject "aaa kcdAccount" (getNSObjects ($config -match "tm sessionAction $profile ") "aaa kcdAccount" "-kcdAccount") 2177 | } 2178 | } 2179 | 2180 | 2181 | # Get Appflow Policies from Global Appflow Bindings 2182 | addNSObject "appflow policy" (getNSObjects ($config -match "bind appflow global ") "appflow policy") 2183 | addNSObject "appflow policylabel" (getNSObjects ($config -match "bind appflow global ") "appflow policylabel") 2184 | 2185 | 2186 | # Get Appflow Policies from Appflow Policy Labels 2187 | if ($NSObjects."appflow policylabel") { 2188 | foreach ($policy in $NSObjects."appflow policylabel") { 2189 | addNSObject "appflow Policy" (getNSObjects ($config -match " $policy ") "appflow Policy") 2190 | } 2191 | } 2192 | 2193 | 2194 | # Get Appflow Actions from AppFlow Policies 2195 | # Get AppFlow Global Settings 2196 | if ($NSObjects."appflow policy") { 2197 | foreach ($policy in $NSObjects."appflow policy") { 2198 | addNSObject "appflow action" (getNSObjects ($config -match " $policy ") "appflow action") 2199 | } 2200 | # Get AppFlow Collector 2201 | if ($NSObjects."appflow action") { 2202 | foreach ($action in $NSObjects."appflow action") { 2203 | addNSObject "appflow collector" (getNSObjects ($config -match " $action ") "appflow collector" "-collectors") 2204 | } 2205 | } 2206 | if ($config -match "enable ns feature.* appflow") { 2207 | $NSObjects."appflow param" = @("enable ns feature appflow") 2208 | } else { 2209 | $NSObjects."appflow param" = @("# *** AppFlow feature is not enabled") 2210 | } 2211 | addNSObject "appflow param" ($config -match "set appflow param ") 2212 | addNSObject "appflow global" ($config -match "bind appflow global ") "appflow global" 2213 | } 2214 | 2215 | 2216 | # Get AppQoE Actions from AppQoE Policies 2217 | # Get AppQoE Global Settings 2218 | if ($NSObjects."appqoe policy") { 2219 | foreach ($policy in $NSObjects."appqoe policy") { 2220 | addNSObject "appqoe action" (getNSObjects ($config -match " $policy ") "appqoe action") 2221 | } 2222 | if ($config -match "enable ns feature.* appqoe") { 2223 | $NSObjects."appqoe parameter" = @("enable ns feature appqoe") 2224 | } else { 2225 | $NSObjects."appqoe parameter" = @("# *** AppQoE feature is not enabled") 2226 | } 2227 | addNSObject "appqoe parameter" ($config -match "appqoe parameter") "appqoe parameter" 2228 | addNSObject "appqoe parameter" ($config -match "set qos parameters") "appqoe parameter" 2229 | } 2230 | 2231 | 2232 | # Get AppFW Policies from Global AppFW Bindings 2233 | addNSObject "appfw policy" (getNSObjects ($config -match "bind appfw global ") "appfw Policy") 2234 | addNSObject "appfw policylabel" (getNSObjects ($config -match "bind appfw global ") "appfw policylabel") 2235 | 2236 | 2237 | # Get AppFW Policies from AppFW Policy Labels 2238 | if ($NSObjects."appfw policylabel") { 2239 | foreach ($policy in $NSObjects."appfw policylabel") { 2240 | addNSObject "appfw policy" (getNSObjects ($config -match " $policy ") "appfw policy") 2241 | } 2242 | } 2243 | 2244 | 2245 | # Get AppFW Profiles from AppFW Policies 2246 | if ($NSObjects."appfw policy") { 2247 | foreach ($policy in $NSObjects."appfw policy") { 2248 | addNSObject "appfw profile" (getNSObjects ($config -match "appfw policy $policy ") "appfw profile") 2249 | addNSObject "audit messageaction" (getNSObjects ($config -match "appfw policy $policy") "audit messageaction" "-logAction") 2250 | 2251 | } 2252 | if ($config -match "enable ns feature.* appfw") { 2253 | $NSObjects."appfw parameter" = @("enable ns feature appfw") 2254 | } else { 2255 | $NSObjects."appfw parameter" = @("# *** AppFW feature is not enabled") 2256 | } 2257 | addNSObject "appfw parameter" ($config -match "set appfw settings") "appfw parameter" 2258 | addNSObject "appfw global" ($config -match "bind appfw global ") "appfw global" 2259 | } 2260 | 2261 | 2262 | # Get Bot Policies from Global Bot Bindings 2263 | addNSObject "bot policy" (getNSObjects ($config -match "bind bot global ") "bot Policy") 2264 | addNSObject "bot policylabel" (getNSObjects ($config -match "bind bot global ") "bot policylabel") 2265 | 2266 | 2267 | # Get Bot Policies from Bot Policy Labels 2268 | if ($NSObjects."bot policylabel") { 2269 | foreach ($policy in $NSObjects."bot policylabel") { 2270 | addNSObject "bot policy" (getNSObjects ($config -match " $policy ") "bot policy") 2271 | } 2272 | } 2273 | 2274 | 2275 | # Get Bot Profiles from Bot Policies 2276 | if ($NSObjects."bot policy") { 2277 | foreach ($policy in $NSObjects."bot policy") { 2278 | addNSObject "bot profile" (getNSObjects ($config -match "bot policy $policy ") "bot profile") 2279 | addNSObject "audit messageaction" (getNSObjects ($config -match "bot policy $policy") "audit messageaction" "-logAction") 2280 | 2281 | } 2282 | if ($config -match "enable ns feature.* Bot") { 2283 | $NSObjects."bot parameter" = @("enable ns feature Bot") 2284 | } else { 2285 | $NSObjects."bot parameter" = @("# *** Bot Management feature is not enabled") 2286 | } 2287 | addNSObject "bot parameter" ($config -match "set appfw settings") "bot parameter" 2288 | addNSObject "bot global" ($config -match "bind appfw global ") "bot global" 2289 | } 2290 | 2291 | 2292 | # Get Login Schemas from Login Schema Policies 2293 | if ($NSObjects."authentication loginSchemaPolicy") { 2294 | foreach ($policy in $NSObjects."authentication loginSchemaPolicy") { 2295 | addNSObject "authentication loginSchema" (getNSObjects ($config -match "authentication loginSchemaPolicy $policy ") "authentication loginSchema") 2296 | addNSObject "audit messageaction" (getNSObjects ($config -match "authentication loginSchemaPolicy $policy") "audit messageaction" "-logAction") 2297 | 2298 | } 2299 | } 2300 | 2301 | 2302 | # Get KCD Accounts from Database Profiles 2303 | if ($NSObjects."db dbProfile") { 2304 | foreach ($profile in $NSObjects."db dbProfile") { 2305 | addNSObject "aaa kcdAccount" (getNSObjects ($config -match " db dbProfile $profile ") "aaa kcdAccount") 2306 | } 2307 | } 2308 | 2309 | 2310 | # Get Transform Policies from Global Transform Bindings 2311 | addNSObject "transform policy" (getNSObjects ($config -match "bind transform global ") "transform policy") 2312 | addNSObject "transform policylabel" (getNSObjects ($config -match "bind transform global ") "transform policylabel") 2313 | 2314 | 2315 | # Get Transform Policies from Transform Policy Labels 2316 | if ($NSObjects."transform policylabel") { 2317 | foreach ($policy in $NSObjects."transform policylabel") { 2318 | addNSObject "transform policy" (getNSObjects ($config -match " $policy ") "transform policy") 2319 | } 2320 | } 2321 | 2322 | 2323 | # Get Transform Actions and Profiles from Transform Policies 2324 | if ($NSObjects."transform policy") { 2325 | foreach ($policy in $NSObjects."transform policy") { 2326 | addNSObject "transform action" (getNSObjects ($config -match " transform policy $policy ") "transform action") 2327 | addNSObject "audit messageaction" (getNSObjects ($config -match "transform policy $policy") "audit messageaction" "-logAction") 2328 | } 2329 | foreach ($action in $NSObjects."transform action") { 2330 | addNSObject "transform profile" (getNSObjects ($config -match " transform action $action ") "transform profile") 2331 | } 2332 | addNSObject "transform global" ($config -match "bind transform global ") "transform global" 2333 | } 2334 | 2335 | 2336 | # If FEO feature is enabled, get global FEO settings 2337 | addNSObject "feo policy" (getNSObjects ($config -match "bind feo global ") "feo Policy") 2338 | 2339 | 2340 | # Get FEO Actions from FEO Policies 2341 | # Get FEO Global Settings 2342 | if ($NSObjects."feo policy") { 2343 | foreach ($policy in $NSObjects."feo policy") { 2344 | addNSObject "feo action" (getNSObjects ($config -match " feo policy $policy ") "feo action") 2345 | } 2346 | if ($config -match "enable ns feature.* feo") { 2347 | $NSObjects."feo parameter" = @("enable ns feature feo") 2348 | } else { 2349 | $NSObjects."feo parameter" = @("# feo feature is not enabled") 2350 | } 2351 | addNSObject "feo parameter" ($config -match "set feo param ") "feo parameter" 2352 | addNSObject "feo global" ($config -match "bind feo global ") "feo global" 2353 | } 2354 | 2355 | 2356 | # Get Spillover Actions from Spillover Policies 2357 | if ($NSObjects."spillover policy") { 2358 | foreach ($policy in $NSObjects."spillover policy") { 2359 | addNSObject "spillover action" (getNSObjects ($config -match " spillover policy $policy ") "spillover action") 2360 | } 2361 | } 2362 | 2363 | 2364 | 2365 | # Get Audit Syslog Actions from Audit Syslog Policies 2366 | if ($NSObjects."audit syslogpolicy") { 2367 | foreach ($policy in $NSObjects."audit syslogpolicy") { 2368 | addNSObject "audit syslogaction" (getNSObjects ($config -match " audit syslogpolicy $policy ") "audit syslogaction") 2369 | } 2370 | addNSObject "audit syslogactionglobal" ($config -match "audit syslogParams ") "audit syslogactionglobal" 2371 | addNSObject "audit syslogactionglobal" ($config -match "bind audit syslogactionglobal ") "audit syslogactionglobal" 2372 | addNSObject "audit syslogactionglobal" ($config -match "bind audit syslogGlobal ") "audit syslogactionglobal" 2373 | } 2374 | 2375 | 2376 | # Get Audit Nslog Policies from Global Audit Nslog Bindings 2377 | addNSObject "audit nslogpolicy" (getNSObjects ($config -match "bind audit nslogglobal ") "audit nslogpolicy") 2378 | 2379 | 2380 | # Get Audit Nslog Actions from Audit Nslog Policies 2381 | if ($NSObjects."audit nslogpolicy") { 2382 | foreach ($policy in $NSObjects."audit nslogpolicy") { 2383 | addNSObject "audit nslogaction" (getNSObjects ($config -match " audit nslogpolicy $policy ") "audit nslogaction") 2384 | } 2385 | addNSObject "audit nslogactionglobal" ($config -match "bind audit syslogactionglobal ") "audit nslogactionglobal" 2386 | } 2387 | 2388 | 2389 | # Get SSL Policies from Global SSL Bindings 2390 | addNSObject "ssl policy" (getNSObjects ($config -match "bind ssl global ") "ssl policy") 2391 | addNSObject "ssl policylabel" (getNSObjects ($config -match "bind ssl global ") "ssl policylabel") 2392 | 2393 | 2394 | # Get SSL Policies from SSL Policy Labels 2395 | if ($NSObjects."ssl policylabel") { 2396 | foreach ($policy in $NSObjects."ssl policylabel") { 2397 | addNSObject "ssl policy" (getNSObjects ($config -match " $policy ") "ssl policy") 2398 | } 2399 | } 2400 | 2401 | 2402 | # Get SSL Actions from SSL Policies 2403 | if ($NSObjects."ssl policy") { 2404 | foreach ($ssl in $NSObjects."ssl policy") { 2405 | addNSObject "ssl action" (getNSObjects ($config -match " $ssl ") "ssl action") 2406 | } 2407 | addNSObject "ssl global" ($config -match "bind ssl global ") "ssl global" 2408 | } 2409 | 2410 | 2411 | # Get SSL Log Profiles from SSL Actions 2412 | if ($NSObjects."ssl action") { 2413 | foreach ($ssl in $NSObjects."ssl action") { 2414 | addNSObject "ssl logprofile" (getNSObjects ($config -match " $ssl ") "ssl logprofile" "-ssllogprofile") 2415 | } 2416 | } 2417 | 2418 | 2419 | # Get SSL Global Settings 2420 | if ($config -match "enable ns feature.* ssl") { 2421 | $NSObjects."ssl parameter" = @("enable ns feature ssl") 2422 | } else { 2423 | $NSObjects."ssl parameter" = @("# ssl feature is not enabled") 2424 | } 2425 | addNSObject "ssl parameter" ($config -match "set ssl parameter") "ssl parameter" 2426 | addNSObject "ssl parameter" ($config -match "set ssl fips") "ssl parameter" 2427 | addNSObject "ssl parameter" ($config -match "set ssl profile ns_default_ssl_profile_backend") "ssl parameter" 2428 | 2429 | 2430 | # Get Ciphers from SSL profiles 2431 | if ($NSObjects."ssl profile") { 2432 | foreach ($ssl in $NSObjects."ssl profile") { 2433 | addNSObject "ssl cipher" (getNSObjects ($config -match "bind ssl profile $ssl ") "ssl cipher" "-cipherName") 2434 | } 2435 | } 2436 | 2437 | # Get Global Policy Parameters 2438 | addNSObject "policy param" ($config -match "set policy param") "policy param" 2439 | 2440 | 2441 | # Get ACLs and RNAT 2442 | addNSObject "ns acl" ($config -match "ns acl") "ns acl" 2443 | addNSObject "ns acl" ($config -match "ns simpleacl") "ns acl" 2444 | addNSObject "rnat" (getNSObjects ($config -match "rnat ") "rnat") 2445 | 2446 | 2447 | # Get Limit Selectors from Limit Identifiers 2448 | if ($NSObjects."ns limitIdentifier") { 2449 | foreach ($identifier in $NSObjects."ns limitIdentifier") { 2450 | addNSObject "ns limitSelector" (getNSObjects ($config -match "ns limitIdentifier $identifier ") "ns limitSelector" "-selectorName") 2451 | addNSObject "stream selector" (getNSObjects ($config -match "ns limitIdentifier $identifier ") "stream selector") 2452 | } 2453 | } 2454 | 2455 | 2456 | # Get Stream Selectors from Stream Identifiers 2457 | if ($NSObjects."stream identifier") { 2458 | foreach ($identifier in $NSObjects."ns limitIdentifier") { 2459 | addNSObject "ns limitSelector" (getNSObjects ($config -match "stream identifier $identifier ") "ns limitSelector") 2460 | addNSObject "stream selector" (getNSObjects ($config -match "stream identifier $identifier ") "stream selector") 2461 | } 2462 | } 2463 | 2464 | 2465 | # Output Extracted Config 2466 | 2467 | 2468 | #cls 2469 | "`nExtracted Objects" 2470 | $NSObjects.GetEnumerator() | sort-object -Property Name 2471 | 2472 | write-host "`nBuilding Config...`n 2473 | " 2474 | if ($outputFile -and ($outputFile -ne "screen")) { 2475 | "# Extracted Config for: " + ($vservers -join ", ") + "`n`n" | out-file $outputFile 2476 | } else { 2477 | "# Extracted Config for: " + ($vservers -join ", ") + "`n`n" 2478 | } 2479 | 2480 | 2481 | # System Settings 2482 | if ($NSObjects."ns config" ) { outputObjectConfig "NSIP" "ns config" "raw"} 2483 | if ($NSObjects."ns hostName" ) { outputObjectConfig "Hostname" "ns hostName" "raw"} 2484 | if ($NSObjects."ha node" ) { outputObjectConfig "High Availability Nodes" "HA node" "raw"} 2485 | if ($NSObjects."ha rpcNode" ) { outputObjectConfig "High Availability RPC Nodes" "ha rpcNode" "ns rpcNode"} 2486 | if ($NSObjects."ns feature" ) { outputObjectConfig "Enabled Features" "ns feature" "raw"} 2487 | if ($NSObjects."ns mode" ) { outputObjectConfig "Enabled Modes" "ns mode" "raw"} 2488 | if ($NSObjects."system parameter" ) { outputObjectConfig "CEIP" "system parameter" "raw"} 2489 | if ($NSObjects."ns encryptionParams" ) { outputObjectConfig "System Encryption Parameters" "ns encryptionParams" "raw"} 2490 | if ($NSObjects."system user" ) { outputObjectConfig "System Users" "system user"} 2491 | if ($NSObjects."system group" ) { outputObjectConfig "System Groups" "system group"} 2492 | if ($NSObjects."interface" ) { outputObjectConfig "Interfaces" "interface" "raw"} 2493 | if ($NSObjects."channel" ) { outputObjectConfig "Channels" "channel" "raw"} 2494 | if ($NSObjects."ns ip" ) { outputObjectConfig "IP Addresses" "ns ip"} 2495 | if ($NSObjects."vlan" ) { outputObjectConfig "VLANs" "vlan"} 2496 | if ($NSObjects."vrid" ) { outputObjectConfig "VMACs" "vrid"} 2497 | if ($NSObjects."ns partition" ) { outputObjectConfig "Partitions" "ns partition" -explainText "Partition configs are in /nsconfig/partitions" } 2498 | if ($NSObjects."ns pbr" ) { outputObjectConfig "Policy Based Routes (PBRs)" "ns pbr" "raw"} 2499 | if ($NSObjects."route" ) { outputObjectConfig "Routes" "route" "raw"} 2500 | if ($NSObjects."mgmt ssl service" ) { outputObjectConfig "Internal Management Services SSL Settings" "mgmt ssl service" "ssl service"} 2501 | if ($NSObjects."snmp trap" ) { outputObjectConfig "SNMP Traps" "snmp trap" "raw"} 2502 | if ($NSObjects."snmp community" ) { outputObjectConfig "SNMP Communities" "snmp community" "raw"} 2503 | if ($NSObjects."snmp manager" ) { outputObjectConfig "SNMP Managers" "snmp manager" "raw"} 2504 | if ($NSObjects."snmp alarm" ) { outputObjectConfig "SNMP Alarms" "snmp alarm" "raw"} 2505 | 2506 | 2507 | # Policy Expression Components and Profiles Output 2508 | if ($NSObjects."ns acl" ) { outputObjectConfig "Global ACLs" "ns acl" "raw" } 2509 | if ($NSObjects."rnat" ) { outputObjectConfig "Global RNAT" "rnat" } 2510 | if ($NSObjects."ns variable" ) { outputObjectConfig "Variables" "ns variable" } 2511 | if ($NSObjects."ns assignment" ) { outputObjectConfig "Variable Assignments" "ns assignment" } 2512 | if ($NSObjects."ns limitSelector" ) { outputObjectConfig "Rate Limiting Selectors" "ns limitSelector" } 2513 | if ($NSObjects."ns limitIdentifier" ) { outputObjectConfig "Rate Limiting Identifiers" "ns limitIdentifier" } 2514 | if ($NSObjects."stream selector" ) { outputObjectConfig "Action Analytics Selectors" "stream selector" } 2515 | if ($NSObjects."stream identifier" ) { outputObjectConfig "Action Analytics Identifiers" "stream identifier" } 2516 | if ($NSObjects."policy param" ) { outputObjectConfig "Policy Global Params" "policy param" "raw" } 2517 | if ($NSObjects."policy patset" ) { outputObjectConfig "Policy Pattern Sets" "policy patset" } 2518 | if ($NSObjects."policy dataset" ) { outputObjectConfig "Policy Data Sets" "policy dataset" } 2519 | if ($NSObjects."policy map" ) { outputObjectConfig "Policy Maps" "policy map" } 2520 | if ($NSObjects."policy stringmap" ) { outputObjectConfig "Policy String Maps" "policy stringmap" } 2521 | if ($NSObjects."policy urlset" ) { outputObjectConfig "Policy URL Sets" "policy urlset" } 2522 | if ($NSObjects."policy httpCallout" ) { outputObjectConfig "HTTP Callouts" "policy httpCallout" } 2523 | if ($NSObjects."policy expression" ) { outputObjectConfig "Policy Expressions" "policy expression" } 2524 | if ($NSObjects."dns addRec" ) { outputObjectConfig "DNS Address Records" "dns addRec" } 2525 | if ($NSObjects."dns nsRec" ) { outputObjectConfig "DNS Name Server Records" "dns nsRec"} 2526 | if ($NSObjects."dns cnameRec" ) { outputObjectConfig "DNS CNAME Records" "dns cnameRec"} 2527 | if ($NSObjects."dns soaRec" ) { outputObjectConfig "DNS SOA Records" "dns soaRec"} 2528 | if ($NSObjects."ns tcpProfile" ) { outputObjectConfig "TCP Profiles" "ns tcpProfile" } 2529 | if ($NSObjects."ns httpProfile" ) { outputObjectConfig "HTTP Profiles" "ns httpProfile" } 2530 | if ($NSObjects."db dbProfile" ) { outputObjectConfig "Database Profiles" "db dbProfile" } 2531 | if ($NSObjects."netProfile" ) { outputObjectConfig "Net Profiles" "netProfile" } 2532 | if ($NSObjects."ns trafficDomain" ) { outputObjectConfig "Traffic Domains" "ns trafficDomain" } 2533 | if ($NSObjects."ipset" ) { outputObjectConfig "IP Sets" "ipset" } 2534 | if ($NSObjects."analytics profile" ) { outputObjectConfig "Analytics Profiles" "analytics profile" } 2535 | if ($NSObjects."audit messageaction" ) { outputObjectConfig "Log Messages" "audit messageaction" } 2536 | 2537 | 2538 | # Policies Output 2539 | if ($NSObjects."appflow param" ) { outputObjectConfig "Appflow Global Params" "appflow param" "raw" } 2540 | if ($NSObjects."appflow collector" ) { outputObjectConfig "Appflow Collectors" "appflow collector" } 2541 | if ($NSObjects."appflow action" ) { outputObjectConfig "Appflow Actions" "appflow action" } 2542 | if ($NSObjects."appflow policy" ) { outputObjectConfig "Appflow Policies" "appflow policy" } 2543 | if ($NSObjects."appflow policylabel" ) { outputObjectConfig "Appflow Policy Labels" "appflow policylabel" } 2544 | if ($NSObjects."appflow global" ) { outputObjectConfig "Appflow Global Bindings" "appflow global" "raw" } 2545 | 2546 | if ($NSObjects."rewrite param" ) { outputObjectConfig "Rewrite Global Parameters" "rewrite param" "raw" } 2547 | if ($NSObjects."rewrite action" ) { outputObjectConfig "Rewrite Actions" "rewrite action" } 2548 | if ($NSObjects."rewrite policy" ) { outputObjectConfig "Rewrite Policies" "rewrite policy" } 2549 | if ($NSObjects."rewrite policylabel" ) { outputObjectConfig "Rewrite Policy Labels" "rewrite policylabel" } 2550 | if ($NSObjects."rewrite global" ) { outputObjectConfig "Rewrite Global Bindings" "rewrite global" "raw" } 2551 | 2552 | if ($NSObjects."responder param" ) { outputObjectConfig "Responder Global Parameters" "responder param" "raw" } 2553 | if ($NSObjects."responder action" ) { outputObjectConfig "Responder Actions" "responder action" } 2554 | if ($NSObjects."responder policy" ) { outputObjectConfig "Responder Policies" "responder policy" } 2555 | if ($NSObjects."responder policylabel" ) { outputObjectConfig "Responder Policy Labels" "responder policylabel" } 2556 | if ($NSObjects."responder global" ) { outputObjectConfig "Responder Global Bindings" "responder global" "raw" } 2557 | 2558 | if ($NSObjects."appqoe parameter" ) { outputObjectConfig "AppQoE Global Parameters" "appqoe parameter" "raw"} 2559 | if ($NSObjects."appqoe action" ) { outputObjectConfig "AppQoE Actions" "appqoe action" } 2560 | if ($NSObjects."appqoe policy" ) { outputObjectConfig "AppQoE Policies" "appqoe policy" } 2561 | 2562 | if ($NSObjects."feo parameter" ) { outputObjectConfig "Front-End Optimization Global Parameters" "feo parameter" "raw"} 2563 | if ($NSObjects."feo action" ) { outputObjectConfig "Front-End Optimization Actions" "feo action" } 2564 | if ($NSObjects."feo policy" ) { outputObjectConfig "Front-End Optimization Policies" "feo policy" } 2565 | if ($NSObjects."feo global" ) { outputObjectConfig "Front-End Optimization Global Bindings" "feo global" } 2566 | 2567 | if ($NSObjects."cache parameter" ) { outputObjectConfig "Cache Global Parameters" "cache parameter" "raw" } 2568 | if ($NSObjects."cache selector" ) { outputObjectConfig "Cache Selectors" "cache selector" } 2569 | if ($NSObjects."cache contentGroup" ) { outputObjectConfig "Cache Content Groups" "cache contentGroup" } 2570 | if ($NSObjects."cache policy" ) { outputObjectConfig "Cache Policies" "cache policy" } 2571 | if ($NSObjects."cache policylabel" ) { outputObjectConfig "Cache Policy Labels" "cache policylabel" } 2572 | if ($NSObjects."cache global" ) { outputObjectConfig "Cache Global Bindings" "cache global" "raw" } 2573 | 2574 | if ($NSObjects."cmp parameter" ) { outputObjectConfig "Compression Global Parameters" "cmp parameter" "raw" } 2575 | if ($NSObjects."cmp policy" ) { outputObjectConfig "Compression Policies" "cmp policy" } 2576 | if ($NSObjects."cmp policylabel" ) { outputObjectConfig "Compression Policy Labels" "cmp policylabel" } 2577 | if ($NSObjects."cmp global" ) { outputObjectConfig "Compression Global Bindings" "cmp global" "raw" } 2578 | 2579 | if ($NSObjects."appfw parameter" ) { outputObjectConfig "AppFW Global Settings" "appfw parameter" "raw" } 2580 | if ($NSObjects."appfw profile" ) { outputObjectConfig "AppFW Profiles" "appfw profile" ` 2581 | -explainText ("Some portions of AppFw Profile are not in the config file.`nManually export/import Signatures Object" + ` 2582 | "`nManually export/import the AppFW Import Objects (e.g. HTML Error, XML Schema)") } 2583 | if ($NSObjects."appfw policy" ) { outputObjectConfig "AppFW Policies" "appfw policy" } 2584 | if ($NSObjects."appfw policylabel" ) { outputObjectConfig "AppFW Policy Labels" "appfw policylabel" } 2585 | if ($NSObjects."appfw global" ) { outputObjectConfig "AppFW Global Bindings" "appfw global" "raw" } 2586 | 2587 | if ($NSObjects."bot parameter" ) { outputObjectConfig "Bot Management Global Settings" "bot parameter" "raw" } 2588 | if ($NSObjects."bot profile" ) { outputObjectConfig "Bot Management Profiles" "bot profile" ` 2589 | -explainText ("Some portions of Bot Profiles are not in the config file.`nManually export/import Signatures Object") } 2590 | if ($NSObjects."bot policy" ) { outputObjectConfig "Bot Management Policies" "bot policy" } 2591 | if ($NSObjects."bot policylabel" ) { outputObjectConfig "Bot Management Policy Labels" "bot policylabel" } 2592 | if ($NSObjects."bot global" ) { outputObjectConfig "Bot Management Global Bindings" "bot global" "raw" } 2593 | 2594 | if ($NSObjects."transform profile" ) { outputObjectConfig "Transform Profiles" "transform profile" } 2595 | if ($NSObjects."transform action" ) { outputObjectConfig "Transform Actions" "transform action" } 2596 | if ($NSObjects."transform policy" ) { outputObjectConfig "Transform Policies" "transform policy" } 2597 | if ($NSObjects."transform policylabel" ) { outputObjectConfig "Transform Policy Labels" "transform policylabel" } 2598 | if ($NSObjects."transform global" ) { outputObjectConfig "Transform Global Bindings" "transform global" "raw" } 2599 | 2600 | if ($NSObjects."filter action" ) { outputObjectConfig "Filter Actions" "filter action" } 2601 | if ($NSObjects."filter policy" ) { outputObjectConfig "Filter Policies" "filter policy" } 2602 | if ($NSObjects."filter global" ) { outputObjectConfig "Filter Global Bindings" "filter global" "raw" } 2603 | 2604 | if ($NSObjects."audit syslogaction" ) { outputObjectConfig "Audit Syslog Actions" "audit syslogaction" } 2605 | if ($NSObjects."audit syslogpolicy" ) { outputObjectConfig "Audit Syslog Policies" "audit syslogpolicy" } 2606 | 2607 | if ($NSObjects."audit nslogaction" ) { outputObjectConfig "Audit NSLog Actions" "audit nslogaction" } 2608 | if ($NSObjects."audit nslogpolicy" ) { outputObjectConfig "Audit NSLog Policies" "audit nslogpolicy" } 2609 | 2610 | if ($NSObjects."audit syslogactionglobal" ) { outputObjectConfig "Global Audit Syslog Bindings" "audit syslogactionglobal" "raw" } 2611 | 2612 | 2613 | # SSL Output 2614 | if ($NSObjects."ssl parameter" ) { outputObjectConfig "SSL Global Parameters" "ssl parameter" "raw" } 2615 | if ($NSObjects."ssl cipher" ) { outputObjectConfig "SSL Cipher Groups" "ssl cipher" } 2616 | if ($NSObjects."ssl fipsKey" ) { outputObjectConfig "SSL FIPS Keys" "ssl fipsKey" } 2617 | if ($NSObjects."ssl cert" ) { outputObjectConfig "Certs" "ssl cert" "raw" ` 2618 | -explainText "Get certificate files from /nsconfig/ssl" } 2619 | if ($NSObjects."ssl link" ) { outputObjectConfig "Cert Links" "ssl link" "raw" } 2620 | if ($NSObjects."ssl profile" ) { outputObjectConfig "SSL Profiles" "ssl profile" } 2621 | if ($NSObjects."ssl logprofile" ) { outputObjectConfig "SSL Log Profiles" "ssl logprofile" } 2622 | if ($NSObjects."ssl action" ) { outputObjectConfig "SSL Actions" "ssl action" } 2623 | if ($NSObjects."ssl policy" ) { outputObjectConfig "SSL Policies" "ssl policy" } 2624 | 2625 | 2626 | # AAA Output 2627 | if ($NSObjects."vpn portaltheme" ) { outputObjectConfig "Portal Themes" "vpn portaltheme" ` 2628 | -explainText "Portal Theme customizations are not in the NetScaler config file and instead are stored in /var/netscaler/logon/themes/{ThemeName}" } 2629 | if ($NSObjects."authentication param" ) { outputObjectConfig "AAA Global Settings" "authentication param" "raw" } 2630 | if ($NSObjects."authorization policy" ) { outputObjectConfig "Authorization Policies" "authorization policy" } 2631 | if ($NSObjects."authorization policylabel" ) { outputObjectConfig "Authorization Policies" "authorization policylabel" } 2632 | if ($NSObjects."authentication pushService" ) { outputObjectConfig "OTP Push Service" "authentication pushService" } 2633 | if ($NSObjects."aaa kcdAccount" ) { outputObjectConfig "KCD Accounts" "aaa kcdAccount" } 2634 | if ($NSObjects."authentication ldapAction" ) { outputObjectConfig "LDAP Actions" "authentication ldapAction" ` 2635 | -explainText "LDAP certificate verification Root certificates are in /nsconfig/truststore" } 2636 | if ($NSObjects."authentication ldapPolicy" ) { outputObjectConfig "LDAP Policies" "authentication ldapPolicy" } 2637 | if ($NSObjects."authentication radiusAction" ) { outputObjectConfig "RADIUS Actions" "authentication radiusAction" } 2638 | if ($NSObjects."authentication radiusPolicy" ) { outputObjectConfig "RADIUS Policies" "authentication radiusPolicy" } 2639 | if ($NSObjects."authentication OAuthAction" ) { outputObjectConfig "OAuth Actions" "authentication OAuthAction" } 2640 | if ($NSObjects."authentication samlAction" ) { outputObjectConfig "SAML Actions" "authentication samlAction" } 2641 | if ($NSObjects."authentication samlIdPProfile" ) { outputObjectConfig "SAML IdP Profiles" "authentication samlIdPProfile" } 2642 | if ($NSObjects."authentication certAction" ) { outputObjectConfig "Cert Actions" "authentication certAction" } 2643 | if ($NSObjects."authentication dfaAction" ) { outputObjectConfig "Delegaged Forms Authentication Actions" "authentication dfaAction" } 2644 | if ($NSObjects."authentication epaAction" ) { outputObjectConfig "Endpoint Analysis Actions" "authentication epaAction" } 2645 | if ($NSObjects."authentication negotiateAction" ) { outputObjectConfig "Negotiate (Kerberos) Actions" "authentication negotiateAction" } 2646 | if ($NSObjects."authentication storefrontAuthAction" ) { outputObjectConfig "StorefrontAuth Actions" "authentication storefrontAuthAction" } 2647 | if ($NSObjects."authentication tacacsAction" ) { outputObjectConfig "TACACS Actions" "authentication tacacsAction" } 2648 | if ($NSObjects."authentication tacacsPolicy" ) { outputObjectConfig "TACACS Policies" "authentication tacacsPolicy" } 2649 | if ($NSObjects."authentication localPolicy" ) { outputObjectConfig "Local Authentication Policies" "authentication localPolicy" } 2650 | if ($NSObjects."authentication webAuthAction" ) { outputObjectConfig "Web Auth Actions" "authentication webAuthAction" } 2651 | if ($NSObjects."authentication emailAction" ) { outputObjectConfig "Email (SSPR) Actions" "authentication emailAction" } 2652 | if ($NSObjects."authentication noAuthAction" ) { outputObjectConfig "NoAuth Actions" "authentication noAuthAction" } 2653 | if ($NSObjects."authentication captchaAction" ) { outputObjectConfig "Captcha Actions" "authentication captchaAction" } 2654 | if ($NSObjects."authentication adfsProxyProfile" ) { outputObjectConfig "ADFS Proxy Profile" "authentication adfsProxyProfile" } 2655 | if ($NSObjects."authentication samlPolicy" ) { outputObjectConfig "SAML Authentication Policies" "authentication samlPolicy" } 2656 | if ($NSObjects."authentication policy" ) { outputObjectConfig "Advanced Authentication Policies" "authentication policy" } 2657 | if ($NSObjects."authentication loginSchema" ) { outputObjectConfig "Login Schemas" "authentication loginSchema" } 2658 | if ($NSObjects."authentication loginSchemaPolicy" ) { outputObjectConfig "Login Schema Policies" "authentication loginSchemaPolicy" } 2659 | if ($NSObjects."authentication policylabel" ) { outputObjectConfig "Authentication Policy Labels" "authentication policylabel" } 2660 | if ($NSObjects."tm sessionAction" ) { outputObjectConfig "AAA Session Profiles" "tm sessionAction" } 2661 | if ($NSObjects."tm sessionPolicy" ) { outputObjectConfig "AAA Session Policies" "tm sessionPolicy" } 2662 | if ($NSObjects."authentication vserver" ) { outputObjectConfig "Authentication Virtual Servers" "authentication vserver" } 2663 | if ($NSObjects."authentication authnProfile" ) { outputObjectConfig "Authentication Profiles" "authentication authnProfile" } 2664 | if ($NSObjects."tm formSSOAction" ) { outputObjectConfig "AAA Form SSO Profiles" "tm formSSOAction" } 2665 | if ($NSObjects."tm samlSSOProfile" ) { outputObjectConfig "AAA SAML SSO Profiles" "tm samlSSOProfile" } 2666 | if ($NSObjects."tm trafficAction" ) { outputObjectConfig "AAA Traffic Profiles" "tm trafficAction" } 2667 | if ($NSObjects."tm trafficPolicy" ) { outputObjectConfig "AAA Traffic Policies" "tm trafficPolicy" } 2668 | if ($NSObjects."tm global" ) { outputObjectConfig "AAA Global Bindings" "tm global" "raw" } 2669 | 2670 | # Load Balancing output 2671 | if ($NSObjects."lb parameter" ) { outputObjectConfig "Load Balancing Global Parameters" "lb parameter" "raw" } 2672 | if ($NSObjects."lb metricTable" ) { outputObjectConfig "Metric Tables" "lb metricTable" } 2673 | if ($NSObjects."lb profile" ) { outputObjectConfig "Load Balancing Profiles" "lb profile" } 2674 | if ($NSObjects."monitor" ) { outputObjectConfig "Monitors" "monitor" } 2675 | if ($NSObjects."server" ) { outputObjectConfig "Servers" "server" } 2676 | if ($NSObjects."service" ) { outputObjectConfig "Services" "service" } 2677 | if ($NSObjects."serviceGroup" ) { outputObjectConfig "Service Groups" "serviceGroup" } 2678 | if ($NSObjects."lb vserver" ) { outputObjectConfig "Load Balancing Virtual Servers" "lb vserver" } 2679 | if ($NSObjects."lb group" ) { outputObjectConfig "Persistency Group" "lb group" } 2680 | 2681 | 2682 | # Content Switching Output 2683 | if ($NSObjects."cs parameter" ) { outputObjectConfig "Content Switching Parameters" "cs parameter" "raw" } 2684 | if ($NSObjects."cs action" ) { outputObjectConfig "Content Switching Actions" "cs action" } 2685 | if ($NSObjects."cs policy" ) { outputObjectConfig "Content Switching Policies" "cs policy" } 2686 | if ($NSObjects."cs policylabel" ) { outputObjectConfig "Content Switching Policy Labels" "cs policylabel" } 2687 | 2688 | 2689 | # Citrix Gateway Output 2690 | if ($NSObjects."vpn intranetApplication" ) { outputObjectConfig "Citrix Gateway Intranet Applications" "vpn intranetApplication" } 2691 | if ($NSObjects."aaa preauthenticationaction" ) { outputObjectConfig "Preauthentication Profiles" "aaa preauthenticationaction" } 2692 | if ($NSObjects."aaa preauthenticationpolicy" ) { outputObjectConfig "Preauthentication Policies" "aaa preauthenticationpolicy" } 2693 | if ($NSObjects."vpn eula" ) { outputObjectConfig "Citrix Gateway EULA" "vpn eula" } 2694 | if ($NSObjects."vpn clientlessAccessProfile" ) { outputObjectConfig "Citrix Gateway Clientless Access Profiles" "vpn clientlessAccessProfile" } 2695 | if ($NSObjects."vpn clientlessAccessPolicy" ) { outputObjectConfig "Citrix Gateway Clientless Access Policies" "vpn clientlessAccessPolicy" } 2696 | if ($NSObjects."rdp clientprofile" ) { outputObjectConfig "Citrix Gateway RDP Profiles" "rdp clientprofile" } 2697 | if ($NSObjects."vpn pcoipProfile" ) { outputObjectConfig "Citrix Gateway PCoIP Profiles" "vpn pcoipProfile" } 2698 | if ($NSObjects."vpn pcoipVserverProfile" ) { outputObjectConfig "Citrix Gateway VServer PCoIP Profiles" "vpn pcoipVserverProfile" } 2699 | if ($NSObjects."vpn formSSOAction" ) { outputObjectConfig "Citrix Gateway Form SSO Profiles" "vpn formSSOAction" } 2700 | if ($NSObjects."vpn samlSSOProfile" ) { outputObjectConfig "Citrix Gateway SAML SSO Profiles" "vpn samlSSOProfile" } 2701 | if ($NSObjects."vpn trafficAction" ) { outputObjectConfig "Citrix Gateway Traffic Profiles" "vpn trafficAction" } 2702 | if ($NSObjects."vpn trafficPolicy" ) { outputObjectConfig "Citrix Gateway Traffic Policies" "vpn trafficPolicy" } 2703 | if ($NSObjects."vpn alwaysONProfile" ) { outputObjectConfig "Citrix Gateway AlwaysON Profiles" "vpn alwaysONProfile" } 2704 | if ($NSObjects."vpn sessionAction" ) { outputObjectConfig "Citrix Gateway Session Profiles" "vpn sessionAction" } 2705 | if ($NSObjects."vpn sessionPolicy" ) { outputObjectConfig "Citrix Gateway Session Policies" "vpn sessionPolicy" } 2706 | if ($NSObjects."ica accessprofile" ) { outputObjectConfig "Citrix Gateway SmartControl Access Profiles" "ica accessprofile" } 2707 | if ($NSObjects."ica action" ) { outputObjectConfig "Citrix Gateway SmartControl Actions" "ica action" } 2708 | if ($NSObjects."ica policy" ) { outputObjectConfig "Citrix Gateway SmartControl Policies" "ica policy" } 2709 | if ($NSObjects."vpn url" ) { outputObjectConfig "Citrix Gateway Bookmarks" "vpn url" } 2710 | if ($NSObjects."vpn parameter" ) { outputObjectConfig "Citrix Gateway Global Settings" "vpn parameter" "raw" } 2711 | if ($NSObjects."clientless domains" ) { outputObjectConfig "Citrix Gateway Clientless Domains" "clientless domains" "raw" } 2712 | if ($NSObjects."vpn nextHopServer" ) { outputObjectConfig "Citrix Gateway Next Hop Servers" "vpn nextHopServer" } 2713 | if ($NSObjects."vpn vserver" ) { outputObjectConfig "Citrix Gateway Virtual Servers" "vpn vserver" } 2714 | if ($NSObjects."vpn global" ) { outputObjectConfig "Citrix Gateway Global Bindings" "vpn global" "raw" } 2715 | if ($NSObjects."aaa group" ) { outputObjectConfig "AAA Groups" "aaa group" } 2716 | 2717 | 2718 | # GSLB Output 2719 | if ($NSObjects."adns service" ) { outputObjectConfig "ADNS Services" "adns service" "raw" } 2720 | if ($NSObjects."gslb site" ) { outputObjectConfig "GSLB Sites" "gslb site" } 2721 | if ($NSObjects."ns rpcNode" ) { outputObjectConfig "GSLB RPC Nodes" "ns rpcNode" } 2722 | if ($NSObjects."dns view" ) { outputObjectConfig "DNS Views" "dns view" } 2723 | if ($NSObjects."dns action" ) { outputObjectConfig "DNS Actions" "dns action" } 2724 | if ($NSObjects."dns policy" ) { outputObjectConfig "DNS Policies" "dns policy" } 2725 | if ($NSObjects."dns global" ) { outputObjectConfig "DNS Global Bindings" "dns global" "raw"} 2726 | if ($NSObjects."gslb location" ) { outputObjectConfig "GSLB Locations (Static Proximity)" "gslb location" "raw" } 2727 | if ($NSObjects."gslb parameter" ) { outputObjectConfig "GSLB Parameters" "gslb parameter" "raw" } 2728 | if ($NSObjects."gslb service" ) { outputObjectConfig "GSLB Services" "gslb service" } 2729 | if ($NSObjects."gslb vserver" ) { outputObjectConfig "GSLB Virtual Servers" "gslb vserver" } 2730 | 2731 | if ($NSObjects."cr policy" ) { outputObjectConfig "Cache Redirection Policies" "cr policy" } 2732 | if ($NSObjects."cr vserver" ) { outputObjectConfig "Cache Redirection Virtual Servers" "cr vserver" } 2733 | 2734 | if ($NSObjects."cs vserver" ) { outputObjectConfig "Content Switching Virtual Servers" "cs vserver" } 2735 | 2736 | if ($NSObjects."ssl vserver" ) { outputObjectConfig "SSL Virtual Servers" "ssl vserver" } 2737 | 2738 | # Global System Bindings - can't bind until objects are created 2739 | if ($NSObjects."system global" ) { outputObjectConfig "System Global Bindings" "system global" "raw"} 2740 | if ($NSObjects."dns nameServer" ) { outputObjectConfig "DNS Name Servers" "dns nameServer" } 2741 | 2742 | 2743 | if ($outputFile -and ($outputFile -ne "screen")) { 2744 | # Convert file EOLs to UNIX format so file can be batch imported to NetScaler 2745 | $text = [IO.File]::ReadAllText($outputFile) -replace "`r`n", "`n" 2746 | [IO.File]::WriteAllText($outputFile, $text) 2747 | } 2748 | 2749 | if ($textEditor -and ($outputFile -and ($outputFile -ne "screen"))) { 2750 | 2751 | # Open Text Editor 2752 | 2753 | #if (Test-Path $textEditor -PathType Leaf){ 2754 | 2755 | write-host "`nOpening Output file `"$outputFile`" using `"$textEditor`" ..." 2756 | 2757 | start-process -FilePath $textEditor -ArgumentList "`"$outputFile`"" 2758 | 2759 | <#} else { 2760 | write-host "`nText Editor not found: `"$textEditor`"" 2761 | write-host "`nCan't open output file: `"$outputFile`"" 2762 | }#> 2763 | 2764 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Get-ADCVServerConfig 2 | Citrix NetScaler ADC Virtual Server Configuration Extractor 3 | 4 | The PowerShell script reads an exported NetScaler ADC Configuration file, prompts you to select one or more Virtual Servers, and then extracts the CLI commands for that Virtual Server. 5 | 6 | More details at https://www.carlstalhood.com/netscaler-scripting/#extractconfig 7 | --------------------------------------------------------------------------------