# NetScaler Configuration Extractor # Note: This script works on Windows 10, but the regex match group commands fail on Windows 7 param ( # Full path to source config file saved from NetScaler (System > Diagnostics > Running Configuration) # If set to "", then the script will prompt for the file. [string]$configFile = "", #$configFile = "$env:userprofile\Downloads\nsrunning.conf" # Name of vServer - or VIP - case insensitive # Partial match supported - if more than one match, the script will prompt for a selection. Set it to "" to list all vServers. # If vserver name is exact match for one vserver, that vserver will be used, even if it's a substring match for another vserver [string]$vserver = "", # Optional filename to save output - file will be overwritten # If you intend to batch import to NetScaler, then no spaces or capital letters in the file name. # If set to "screen", then output will go to screen. # If set to "", then the script will prompt for a file. Clicking cancel will output to the screen. #[string]$outputFile = "", #[string]$outputFile = "screen", [string]$outputFile = "$env:userprofile\Downloads\nsconfig.conf", #[string]$outputFile = "$env:HOME/Downloads/nsconfig.conf", # Optional text editor to open saved output file - text editor should handle UNIX line endings (e.g. Wordpad or Notepad++) [string]$textEditor = "notepad++.exe", # Optional get CSW vserver Binds for selected LB and/or VPN virtual server [switch]$cswBind, # Max # of nFactor Next Factors to extract [int]$nFactorNestingLevel = 5 ) # Change Log # ---------- # 2024 Sep 25 - added "add monitor" instead of "add lb monitor" # 2023 June 30 - added port numbers to VIP list; bug fixes # 2022 Sep 20 - added bot management # 2022 July 10 - added support for * in object names (e.g., *.corp.com) # 2021 Nov 4 - performance improvements # 2021 Oct 15 - output SAML SSO Actions; performance improvements # 2021 Jun 1 - added search "policy expressions" for other appexpert objects # 2021 May 27 - added messageactions to output # 2021 Apr 30 - fixed named expressions # 2021 Apr 30 - added: get variables from expressions; get variable assignments from responders # 2021 Apr 27 - fixed sorting of Backup vServers # 2021 Apr 20 - added DISABLED state to VIP selection screen # 2021 Feb 5 - fixed TACACS policies and Local Authentication Policies, including global # 2020 Dec 7 - added Captcha action and NoAuth action # 2020 Dec 7 - added parameter to set nFactor nesting level # 2020 Dec 7 - sorted authentication policylabels so NextFactors are created first # 2019 Jun 3 - added RNAT; added OTP Push Service; added partitions; added Azure Keys # 2019 Apr 22 - added vServer VIP extraction from other commands (e.g. LDAP Action) # 2019 Apr 15 - fixed server enumeration # 2019 Apr 7 - reordered Policy Expression output # 2019 Apr 1 - new "Sys" option to extract System Settings # 2019 Mar 6 - fixed Visualizer substring match, and added emailAction # 2018 Dec 27 - fix aaa tm trafficpolicy/action aaa kcdAccount output (BKF) # 2018 Dec 2 - added nFactor Visualizer for AAA vServers # 2018 Nov 19 - MacOS: added List Dialog to select vServers. fix: dialogfocus (BKF) # 2018 Nov 17 - changed vServer selection to Out-GridView (GUI) # 2018 Nov 16 - support for MacOS popups for nsconf and saveas. Switch for sort to Sort-object to support MacOs & Powershell core 6 # 2018 Nov 5 - check text editor existince (h/t Bjørn-Kåre Flister) # 2018 Nov 5 - switch to extract CS vServer for selected LB/VPN/AAA vServer (h/t Bjørn-Kåre Flister) # 2018 Sep 19 - fixed SAML Policy and SAML Action # 2018 Sep 11 - parameterized the script, fixed specified vServer # 2018 July 22 - added ICA Parameters to VPN Global Settings # 2018 July 18 - added preauthentication policy, added AlwaysOn profile # 2018 July 12 - added two levels of nFactor NextFactor extraction # 2018 July 8 - added DNS configuration to every extraction # 2018 July 7 - added GSLB Sites and rpcNodes # 2018 July 4 - extract local LB VIPs from Session Action URLs (e.g. StoreFront URL to local LB VIP) # 2018 July 3 - extract DNS vServers from "set vpn parameter" and Session Actions # 2018 July 3 - added "*" to select all vServers # 2018 July 3 - updated for 12.1 (SSL Log Profile, IP Set, Analytics Profile) # 2018 Jan 23 - skip gobal cache settings if cache feature is not enabled # 2018 Jan 4 - Sirius' Mark Scott added code to browse to open and save files. Added kcdaccounts to extraction. # Start of script code cls # Function to prompt the user for a NetScaler config file. # The NetScaler config file can be found in the System > Diagnostics > Running Configuration location in the GUI Function Get-InputFile($initialDirectory) { if ($IsMacOS){ $filename = (('tell application "SystemUIServer"'+"`n"+'activate'+"`n"+'set fileName to POSIX path of (choose file with prompt "NetScaler documentation file")'+"`n"+'end tell' | osascript -s s) -split '"')[1] if ([String]::IsNullOrEmpty($filename)){break}else{$filename} }else{ [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") | Out-Null $OpenFileDialog = New-Object System.Windows.Forms.OpenFileDialog $OpenFileDialog.Title = "Open NetScaler Config" $OpenFileDialog.initialDirectory = $initialDirectory $OpenFileDialog.filter = "NetScaler Config (*.conf)| *.conf|All files (*.*)|*.*" $OpenFileDialog.ShowDialog() | Out-Null $OpenFileDialog.filename } } # Function to prompt the user to save the output file Function Get-OutputFile($initialDirectory) { if ($IsMacOS){ $DefaultName = 'default name "nsconfig.conf"' if ($initialDirectory){ $DefaultLocation = 'default location "'+$initialDirectory+'"' } $filename = (('tell application "SystemUIServer"'+"`n"+'activate'+"`n"+'set theName to POSIX path of (choose file name '+$($DefaultName)+' '+$($DefaultLocation)+' with prompt "Save NetScaler documentation file as")'+"`n"+'end tell' | osascript -s s) -split '"')[1] $filename }else{ [System.Reflection.Assembly]::LoadWithPartialName("System.windows.forms") | Out-Null $SaveFileDialog = New-Object System.Windows.Forms.SaveFileDialog $SaveFileDialog.Title = "Save Extracted Config" $SaveFileDialog.initialDirectory = $initialDirectory $SaveFileDialog.filter = "NetScaler Config File (*.conf)| *.conf|All files (*.*)|*.*" $SaveFileDialog.ShowDialog() | Out-Null $SaveFileDialog.filename } } # Run the Get-InputFile function to ask the user for the NetScaler config file if (!$configFile) { $configFile = Get-InputFile $inputfile } if (!$configFile) { exit } "Loading config file $configFile ...`n" $config = "" $config = Get-Content $configFile -ErrorAction Stop function printProgress ($origObjects, $NSObjectType) { # Check if anything was added and display $newObjects = @() if (-not $origObjects) { $newObjects = $nsObjects.$NSObjectType } else { $newObjects = (Compare-Object $origObjects $nsObjects.$NSObjectType).InputObject } if ($newObjects) { foreach ($newObject in $newObjects) { write-host (("Found {0,-25} " -f $NSObjectType) + $newObject) } } return $newObjects } # returns a regex clause with multiple objects or'd to speed up regex matching function getMatchExpression ($Objects) { # returns a regex clause with multiple objects or'd to speed up regex matching $matchExpression = "(" foreach ($uniqueObject in $Objects) { $uniqueObjectDots = $uniqueObject -replace "\.", "\." $uniqueObjectDots = $uniqueObjectDots -replace "\*", "\*" $matchExpression += $uniqueObjectDots + "|" } $matchExpression = $matchExpression.Substring(0,$matchExpression.length - 1) + ")" return $matchExpression } # searches matches for other objects (e.g., pattern set) # then adds all matches to the main matches hash table function addNSObject ($NSObjectType, $NSObjectName) { if (!$NSObjectName) { return } # write-host $NSObjectType $NSObjectName #Debug if (!$nsObjects.$NSObjectType) { $nsObjects.$NSObjectType = @()} $origObjects = $nsObjects.$NSObjectType $nsObjects.$NSObjectType += $NSObjectName $nsObjects.$NSObjectType = @($nsObjects.$NSObjectType | Select-Object -Unique) $newObjects = printProgress $origObjects $NSObjectType if (!$newObjects) {return} # Get Filtered Config for the object being added to check for policy sub-objects # Don't match "-" to prevent "add serviceGroup -netProfile" # Ensure there's whitespace before match to prevent substring matches (e.g. server matching MyServer) $filteredConfig = "" $matchExpression = getMatchExpression $newObjects $filteredConfig = $config -match "[^-\S]" + $NSObjectType + " " + $matchExpression + "[^\S]" if (!$filteredConfig) {$filteredConfig = $uniqueObject} # Look in expressions for other objects if ($filteredConfig -match '["|(]' ) { # Look for Pattern Sets $foundObjects = getNSObjects $filteredConfig "policy patset" if ($foundObjects) { $origObjects = $nsObjects."policy patset" $nsObjects."policy patset" += $foundObjects $nsObjects."policy patset" = @($nsObjects."policy patset" | Select-Object -Unique) $newObjects = printProgress $origObjects "policy patset" } # Look for Data Sets $foundObjects = getNSObjects $filteredConfig "policy dataset" if ($foundObjects) { $nsObjects."policy dataset" += $foundObjects $nsObjects."policy dataset" = @($nsObjects."policy dataset" | Select-Object -Unique) } # Look for String Maps $foundObjects = getNSObjects $filteredConfig "policy stringmap" if ($foundObjects) { $nsObjects."policy stringmap" += $foundObjects $nsObjects."policy stringmap" = @($nsObjects."policy stringmap" | Select-Object -Unique) } # Look for URL Sets $foundObjects = getNSObjects $filteredConfig "policy urlset" if ($foundObjects) { $nsObjects."policy urlset" += $foundObjects $nsObjects."policy urlset" = @($nsObjects."policy urlset" | Select-Object -Unique) } # Look for Expressions $foundObjects = getNSObjects $filteredConfig "policy expression" if ($foundObjects) { addNsObject "policy expression" $foundObjects #$nsObjects."policy expression" += $foundObjects #$nsObjects."policy expression" = @($nsObjects."policy expression" | Select-Object -Unique) } # Look for Variables $foundObjects = getNSObjects $filteredConfig "ns variable" if ($foundObjects) { $nsObjects."ns variable" += $foundObjects $nsObjects."ns variable" = @($nsObjects."ns variable" | Select-Object -Unique) } # Look for Policy Maps $foundObjects = getNSObjects $filteredConfig "policy map" if ($foundObjects) { $nsObjects."policy map" += $foundObjects $nsObjects."policy map" = @($nsObjects."policy map" | Select-Object -Unique) } # Look for Limit Identifiers $foundObjects = getNSObjects $filteredConfig "ns limitIdentifier" if ($foundObjects) { $nsObjects."ns limitIdentifier" += $foundObjects $nsObjects."ns limitIdentifier" = @($nsObjects."ns limitIdentifier" | Select-Object -Unique) } # Look for Stream Identifiers $foundObjects = getNSObjects $filteredConfig "stream identifier" if ($foundObjects) { $nsObjects."stream identifier" += $foundObjects $nsObjects."stream identifier" = @($nsObjects."stream identifier" | Select-Object -Unique) } # Look for Policy Extensions $foundObjects = getNSObjects $filteredConfig "ns extension" if ($foundObjects) { $origObjects = $nsObjects."ns extension" $nsObjects."ns extension" += $foundObjects $nsObjects."ns extension" = @($nsObjects."ns extension" | Select-Object -Unique) printProgress $origObjects "ns extension" } # Look for Callouts if ($filteredConfig -match "CALLOUT") { if (!$nsObjects."policy httpCallout") { $nsObjects."policy httpCallout" = @()} $nsObjects."policy httpCallout" += getNSObjects $filteredConfig "policy httpCallout" $nsObjects."policy httpCallout" = @($nsObjects."policy httpCallout" | Select-Object -Unique) } # Look for DNS Records $foundObjects = getNSObjects $filteredConfig "dns addRec" if ($foundObjects) { $nsObjects."dns addRec" += $foundObjects $nsObjects."dns addRec" = @($nsObjects."dns addRec" | Select-Object -Unique) } $foundObjects = getNSObjects $filteredConfig "dns nsRec" if ($foundObjects) { $nsObjects."dns nsRec" += $foundObjects $nsObjects."dns nsRec" = @($nsObjects."dns nsRec" | Select-Object -Unique) } # Look for vServer VIPs if ($filteredConfig -match "\d+\.\d+\.\d+\.\d+" -and $NSObjectType -notmatch " vserver") { $objectsToAdd = getNSObjects $filteredConfig "lb vserver" if ($objectsToAdd) { if (!$nsObjects."lb vserver") { $nsObjects."lb vserver" = @()} $nsObjects."lb vserver" += getNSObjects $filteredConfig "lb vserver" $nsObjects."lb vserver" = @($nsObjects."lb vserver" | Select-Object -Unique) GetLBvServerBindings $objectsToAdd } $objectsToAdd = getNSObjects $filteredConfig "cs vserver" if ($objectsToAdd) { if (!$nsObjects."cs vserver") { $nsObjects."cs vserver" = @()} $nsObjects."cs vserver" += getNSObjects $filteredConfig "cs vserver" $nsObjects."cs vserver" = @($nsObjects."cs vserver" | Select-Object -Unique) } $objectsToAdd = getNSObjects $filteredConfig "vpn vserver" if ($objectsToAdd) { if (!$nsObjects."vpn vserver") { $nsObjects."vpn vserver" = @()} $nsObjects."vpn vserver" += getNSObjects $filteredConfig "vpn vserver" $nsObjects."vpn vserver" = @($nsObjects."vpn vserver" | Select-Object -Unique) } } } } # Search for objects of type bound to selected vservers function getNSObjects ($matchConfig, $NSObjectType, $paramName, $position) { if ($paramName -and !($matchConfig -match $paramName)) { return } # Read all objects of type from from full config # Cache objects to speed up multiple iterations of this function if ($nsObjectsCache.$NSObjectType) { $objectsAll = $nsObjectsCache.$NSObjectType } else { $objectsAll = $config | select-string -Pattern ('^(add|set|bind) ' + $NSObjectType + ' (".*?"|[^-"]\S+)($| )') | ForEach-Object {$_.Matches.Groups[2].value} $objectsAll = $objectsAll | Where-Object { $nsObjects.$NSObjectType -notcontains $_ } $objectsAll = $objectsAll | sort-object -Unique $nsObjectsCache.$NSObjectType = $objectsAll } if ($objectsAll.length -eq 0) {return} # if looking for matching vServers, also match on VIPs if ($NSObjectType -match " vserver") { $VIPsAll = $config | select-string -Pattern ('^add ' + $NSObjectType + ' (".*?"|[^-"]\S+) \S+ (\d+\.\d+\.\d+\.\d+) (\d+)') | ForEach-Object { @{ VIP = $_.Matches.Groups[2].value Name = $_.Matches.Groups[1].value Port = $_.Matches.Groups[3].value } } $VIPsAll = $VIPsAll | Where-Object {$_.VIP -ne "0.0.0.0"} } # if ($NSObjectType -match "ssl certKey") # { write-host $objectCandidate} # Strip Comments $matchConfig = $matchConfig | ForEach-Object {$_ -replace '-comment ".*?"' } # Build Position matching string - match objectCandidate after the # of positions - avoids Action name matching Policy name if ($position) { $positionString = "" 1..($position) | ForEach-Object { $positionString += '(".*?"|[^"]\S+) ' } $positionString += ".* " } # Match objects to matchConfig # optional searchHint helps prevent too many matches (e.g. "tcp") $objectMatches = @() foreach ($objectCandidate in $objectsAll) { # For regex, replace dots with escaped dots and escaped * $objectCandidateDots = $objectCandidate -replace "\.", "\." $objectCandidateDots = $objectCandidateDots -replace "\*", "\*" # Trying to avoid substring matches if ($paramName) { # Compare candidate to term immediately following parameter name if (($matchConfig -match ($paramName + " " + $objectCandidateDots + "$" )) -or ($matchConfig -match ($paramName + " " + $objectCandidateDots + " "))) { $objectMatches += $objectCandidate } } elseif ($position) { # Compare candidate to all terms after the specified position # - avoids action name matching policy name if (($matchConfig -match ($positionString + $objectCandidateDots + "$")) -or ($matchConfig -match ($positionString + $objectCandidateDots + " "))) { $objectMatches += $objectCandidate # if ($objectCandidate -match "storefront") { write-host $objectCandidate;write-host ($matchConfig);read-host} } } elseif (($matchConfig -match (" " + $objectCandidateDots + "$")) -or ($matchConfig -match (" " + $objectCandidateDots + " "))) { # Look for candidate at end of string, or with spaces surrounding it - avoids substring matches $objectMatches += $objectCandidate } elseif (($matchConfig -match ('"' + $objectCandidateDots + '\\"')) -or ($matchConfig -match ('\(' + $objectCandidateDots + '\)"'))) { # Look for AppExpert objects (e.g. policy sets, callouts) in policy expressions that don't have spaces around it $objectMatches += $objectCandidate } elseif (($matchConfig -match ('//' + $objectCandidateDots)) -or ($matchConfig -match ($objectCandidateDots + ':'))) { # Look in URLs for DNS records $objectMatches += $objectCandidate } elseif (($matchConfig -match ('\.' + $objectCandidateDots + '(\.|"|\(| )'))) { # Look in Policy Expressions for Policy Extensions - .extension. or .extension" or .extension( or .extension $objectMatches += $objectCandidate } elseif (($NSObjectType -match "variable") -and ($matchConfig -match ('\$' + $objectCandidateDots))) { # Look for variables $objectMatches += $objectCandidate } elseif (($NSObjectType -match "expression") -and (($matchConfig -match ($objectCandidateDots + "\.") -or ($matchConfig -match ($objectCandidateDots + '\"'))))) { # Look for named expressions that have dot operators after it $objectMatches += $objectCandidate } } foreach ($VIP in $VIPsAll) { # For regex, replace dots with escaped dots $VIPDots = $VIP.VIP -replace "\.", "\." # Trying to avoid substring matches if ($paramName) { # Compare candidate to term immediately following parameter name if (($matchConfig -match ($paramName + " " + $VIPDots + "$" )) -or ($matchConfig -match ($paramName + " " + $VIPDots + " "))) { if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } } } elseif ($position) { # Compare candidate to all terms after the specified position # - avoids action name matching policy name if (($matchConfig -match ($positionString + $VIPDots + "$")) -or ($matchConfig -match ($positionString + $VIPDots + " "))) { if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } } } elseif (($matchConfig -match (" " + $VIPDots + "$")) -or ($matchConfig -match (" " + $VIPDots + " "))) { # Look for candidate at end of string, or with spaces surrounding it - avoids substring matches if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } } elseif (($matchConfig -match ('"' + $VIPDots + '\\"')) -or ($matchConfig -match ('\(' + $VIPDots + '\)"'))) { # Look for AppExpert objects (e.g. policy sets, callouts) in policy expressions that don't have spaces around it if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } } elseif (($matchConfig -match ('//' + $VIPDots)) -or ($matchConfig -match ($VIPDots + ':'))) { # Look in URLs for DNS records if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } } elseif (($matchConfig -match ('\.' + $VIPDots + '(\.|"|\(| )'))) { # Look in Policy Expressions for Policy Extensions - .extension. or .extension" or .extension( or .extension if ($matchConfig -match $VIP.Port) { $objectMatches += $VIP.Name } } } return $objectMatches } function GetLBvServerBindings ($objectsList) { $matchExpression = getMatchExpression $objectsList #foreach ($lbvserver in $objectsList) { $vserverConfig = $config -match " lb vserver $matchExpression " addNSObject "service" (getNSObjects $vserverConfig "service") if ($NSObjects.service) { $serviceMatchExpression = getMatchExpression $NSObjects.service #foreach ($service in $NSObjects.service) { # wrap config matches in spaces to avoid substring matches $serviceConfig = $config -match " service $serviceMatchExpression " addNSObject "monitor" (getNSObjects $serviceConfig "lb monitor" "-monitorName") addNSObject "monitor" (getNSObjects $serviceConfig "monitor" "-monitorName") addNSObject "server" (getNSObjects $serviceConfig "server") addNSObject "ssl profile" (getNSObjects $serviceConfig "ssl profile") addNSObject "netProfile" (getNSObjects $serviceConfig "netProfile" "-netProfile") addNSObject "ns trafficDomain" (getNSObjects $serviceConfig "ns trafficDomain" "-td") addNSObject "ns httpProfile" (getNSObjects $serviceConfig "ns httpProfile" "-httpProfileName") addNSObject "ssl cipher" (getNSObjects $serviceConfig "ssl cipher") addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-certkeyName") addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-cacert") #} } addNSObject "serviceGroup" (getNSObjects $vserverConfig "serviceGroup") if ($NSObjects.serviceGroup) { $serviceGrouMatchExpression = getMatchExpression $NSObjects.serviceGroup #foreach ($serviceGroup in $NSObjects.serviceGroup) { $serviceConfig = $config -match " serviceGroup $serviceGrouMatchExpression " addNSObject "monitor" (getNSObjects $serviceConfig "lb monitor" "-monitorName") addNSObject "monitor" (getNSObjects $serviceConfig "monitor" "-monitorName") addNSObject "server" (getNSObjects $serviceConfig "server") addNSObject "ssl profile" (getNSObjects $serviceConfig "ssl profile") addNSObject "netProfile" (getNSObjects $serviceConfig "netProfile" "-netProfile") addNSObject "ns trafficDomain" (getNSObjects $serviceConfig "ns trafficDomain" "-td") addNSObject "ns httpProfile" (getNSObjects $serviceConfig "ns httpProfile" "-httpProfileName") addNSObject "ssl cipher" (getNSObjects $serviceConfig "ssl cipher") addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-certkeyName") addNSObject "ssl certKey" (getNSObjects $serviceConfig "ssl certKey" "-cacert") #} } addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile") addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") addNSObject "authentication vserver" (getNSObjects $vserverConfig "authentication vserver" "-authnVsName") addNSObject "authentication authnProfile" (getNSObjects $vserverConfig "authentication authnProfile" "-authnProfile") addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel") addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policyName") addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName") addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher" "-cipherName") addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName") addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-cacert") addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $matchExpression ") "ssl vserver") addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName") addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName") addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName") addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel") addNSObject "cmp policy" (getNSObjects $vserverConfig "cmp policy" "-policyName") addNSObject "cmp policylabel" (getNSObjects $vserverConfig "cmp policylabel" "policylabel") addNSObject "appqoe policy" (getNSObjects $vserverConfig "appqoe policy" "-policyName") addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policyName") addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel") addNSObject "appfw policy" (getNSObjects $vserverConfig "appfw policy" "-policyName") addNSObject "appfw policylabel" (getNSObjects $vserverConfig "appfw policylabel" "policylabel") addNSObject "filter policy" (getNSObjects $vserverConfig "filter policy" "-policyName") addNSObject "bot policy" (getNSObjects $vserverConfig "bot policy") addNSObject "transform policy" (getNSObjects $vserverConfig "transform policy" "-policyName") addNSObject "transform policylabel" (getNSObjects $vserverConfig "transform policylabel") addNSObject "tm trafficPolicy" (getNSObjects $vserverConfig "tm trafficPolicy" "-policyName") addNSObject "feo policy" (getNSObjects $vserverConfig "feo policy" "-policyName") addNSObject "spillover policy" (getNSObjects $vserverConfig "spillover policy" "-policyName") addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policyName") addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policyName") addNSObject "bot policy" (getNSObjects $vserverConfig "bot policy") addNSObject "dns profile" (getNSObjects $vserverConfig "dns profile" "-dnsProfileName" ) addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile" "-tcpProfileName") addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName") addNSObject "db dbProfile" (getNSObjects $vserverConfig "db dbProfile" "-dbProfileName") addNSObject "lb profile" (getNSObjects $vserverConfig "lb profile" "-lbprofilename") addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset") addNSObject "authentication adfsProxyProfile" (getNSObjects $vserverConfig "authentication adfsProxyProfile" "-adfsProxyProfile") #} } function getHttpVServer ($matchConfig) { # Matches local LB/CS vServer VIPs in URLs (e.g. StoreFront URL) - No FQDN support # Read all LB/CS objects of protocol HTTP/SSL from from full config. Extract Name, IP, and Port if ($matchConfig -match "http://") { $objectsAll = $config | select-string -Pattern '^add (lb|cs) vserver (".*?"|[^-"]\S+) HTTP (\d+\.\d+.\d+\.\d+) (\d+) ' | ForEach-Object { New-Object PSObject -property @{ Name = $_.Matches.Groups[2].value IP = $_.Matches.Groups[3].value Port = $_.Matches.Groups[4].value } } } elseif ($matchConfig -match "https://") { $objectsAll = $config | select-string -Pattern '^add (lb|cs) vserver (".*?"|[^-"]\S+) SSL (\d+\.\d+.\d+\.\d+) (\d+)' | ForEach-Object { New-Object PSObject -property @{ Name = $_.Matches.Groups[2].value IP = $_.Matches.Groups[3].value Port = $_.Matches.Groups[4].value } } } # Check URL for matching VIP and/or Port number $objectMatches = @() foreach ($objectCandidate in $objectsAll) { if ($matchConfig -match $objectCandidate.IP) { if ($matchConfig -match ":\d+/") { if ($matchConfig -match (":" + $objectCandidate.Port + "/")) { $objectMatches += $objectCandidate.Name } } elseif ($objectCandidate.Port -eq "80" -or $objectCandidate.Port -eq "443") { $objectMatches += $objectCandidate.Name } } } return $objectMatches } function outputnFactorPolicies ($bindingType, $indent) { $matchedConfig = @() $loginSchemaProfile = $config | select-string -Pattern ('^add ' + $bindingType + ' -loginSchema (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} if ($loginSchemaProfile) { $matchedConfig += $linePrefix + ($spacing * ($indent)) + "Login Schema Profile = " + $loginSchemaProfile $loginSchemaProfile = $config -match '^add authentication loginSchema ' + $loginSchemaProfile + " " $loginSchemaXML = $loginSchemaProfile | select-string -Pattern ('-authenticationSchema (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} if ($loginSchemaXML) { $matchedConfig += $linePrefix + ($spacing * ($indent)) + "Login Schema XML = " + $loginSchemaXML } } $policies = $config | select-string -Pattern ('^bind ' + $bindingType + ' -(policy|policyName|loginSchema) (".*?"|[^-"]\S+)($| )') | ForEach-Object {$_.Matches.Groups[2].value} foreach ($policy in $policies) { $policyBinding = $config -match ('^bind ' + $bindingType + " -(policy|policyName|loginSchema) " + $policy + " ") $priority = $policyBinding | select-string -Pattern ('-priority (\d+)') | ForEach-Object {$_.Matches.Groups[1].value} $goto = $policyBinding | select-string -Pattern ('-gotoPriorityExpression (\S+)') | ForEach-Object {$_.Matches.Groups[1].value} $loginSchemaPolicy = $config -match '^add authentication loginSchemaPolicy ' + $policy + " " if ($loginSchemaPolicy) { $loginSchemaAction = $loginSchemaPolicy | select-string -Pattern ('-action (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} $rule = $loginSchemaPolicy | select-string -Pattern ('-rule (.*?) -action') | ForEach-Object {$_.Matches.Groups[1].value} $matchedConfig += $linePrefix + ($spacing * $indent) + "Login Schema Policy = " + $policy $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Priority = " + $priority $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Rule = " + $rule $loginSchemaProfile = $config -match '^add authentication loginSchema ' + $loginSchemaAction + " " if ($loginSchemaProfile) { $loginSchemaXML = $loginSchemaProfile | select-string -Pattern ('-authenticationSchema (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Login Schema XML = " + $loginSchemaXML } } $authPolicy = $config -match '^add authentication Policy ' + $policy + ' ' if ($authPolicy) { $authAction = $authPolicy | select-string -Pattern ('-action (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} $authActionConfig = $config -match '^add authentication \w+?Action ' + $authAction + " " $AAAGroup = $authActionConfig | select-string -Pattern ('-defaultAuthenticationGroup (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} $authType = $authActionConfig | select-string -Pattern ('^add authentication (\w+?Action)') | ForEach-Object {$_.Matches.Groups[1].value} $rule = $authPolicy | select-string -Pattern ('-rule (.*?) -action') | ForEach-Object {$_.Matches.Groups[1].value} $nextFactor = $policyBinding | select-string -Pattern ('-nextFactor (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} $matchedConfig += $linePrefix + ($spacing * $indent) + "Adv Authn Policy = " + $policy $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Priority = " + $priority $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Rule = " + $rule if ($authType) { $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Action = " + $authType + " named " + $authAction } else { $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Action = " + $authAction } if ($AAAGroup) { $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "AAA Group = " + $AAAGroup } $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Goto if failed = " + $goto if ($nextFactor) { $matchedConfig += $linePrefix + ($spacing * ($indent + 1)) + "Next Factor if Success = " + $nextFactor $matchedConfig += outputnFactorPolicies ('authentication policylabel ' + $nextFactor) ($indent + 2) } } } return $matchedConfig } function outputObjectConfig ($header, $NSObjectKey, $NSObjectType, $explainText) { $uniqueObjects = $NSObjects.$NSObjectKey | Select-Object -Unique # Build header line $output = "# " + $header + "`n# " 1..$header.length | ForEach-Object {$output += "-"} $output += "`n" $matchedConfig = @() if ($NSObjectType -eq "raw") { # Print actual Object Values. Don't get output from filtered config. $matchedConfig = $NSObjects.$NSObjectKey + "`n" } else { foreach ($uniqueObject in $uniqueObjects) { # For regex, replace dots with escaped dots and escaped * $uniqueObject = $uniqueObject -replace "\.", "\." $uniqueObject = $uniqueObject -replace "\*", "\*" # Don't match "-" to prevent "add serviceGroup -netProfile" # Ensure there's whitespace before match to prevent substring matches (e.g. MyServer matching server) if ($NSObjectType) { # Optional $NSObjectType overrides $NSObjectKey if they don't match (e.g. CA Cert doesn't match certKey) $matchedConfig += $config -match "[^-\S]" + $NSObjectType + " " + $uniqueObject + "$" $matchedConfig += $config -match "[^-\S]" + $NSObjectType + " " + $uniqueObject + "[^\S]" } else { $matchedConfig += $config -match "[^-\S]" + $NSObjectKey + " " + $uniqueObject + "$" $matchedConfig += $config -match "[^-\S]" + $NSObjectKey + " " + $uniqueObject + "[^\S]" } # if ($uniqueObject -eq "NO_RW_192\.168\.192\.242") {write-host $uniqueObject $matchedConfig} $matchedConfig += "`n" } } if ($explainText) { $explainText = @($explainText -split "`n") $explainText | ForEach-Object { $matchedConfig += "# *** " + $_ } $matchedConfig += "`n" } # nFactor Visualizer if ($NSObjectKey -eq "authentication vserver") { $linePrefix = "# ** " $spacing = " " foreach ($aaavServer in $uniqueObjects) { $indent = 0 $matchedConfig += $linePrefix + "nFactor Visualizer " $matchedConfig += $linePrefix + "------------------ " $matchedConfig += $linePrefix + ($spacing * $indent) + "AAA vserver: " + $aaavServer $matchedConfig += outputnFactorPolicies ("authentication vserver " + $aaavServer) 1 $matchedConfig += "`n" } } # Add line endings to output $SSLVServerName = "" foreach ($line in $matchedConfig) { # if binding new cipher group, remove old ciphers first # only add unbind line once per SSL object $SSLvserverNameMatch = $line | select-string -Pattern ('^bind ssl (vserver|service|serviceGroup|monitor) (.*) -cipherName') | ForEach-Object {$_.Matches.Groups[2].value} if ($SSLvserverNameMatch -and ($SSLVServerName -ne $SSLvserverNameMatch)) { $SSLVServerName = $SSLvserverNameMatch $output += ($line -replace "bind (.*) -cipherName .*", "unbind `$1 -cipherName DEFAULT`n") } # handle one blank line between mutliple objects of same type if ($line -ne "`n") { $output += $line + "`n" } else { $output += "`n" } } # Output to file or screen if ($outputFile -and ($outputFile -ne "screen")) { $output | out-file $outputFile -Append } else { $output } } ## Start main script # Clear configuration from last run $nsObjects = @{} $nsObjectsCache = @{} $selectionDone =$false $firstLoop = $true do { # Get matching vServer Names. If more than one, prompt for selection. # This loop allows users to change the vServer filter text if ($vserver -match " ") { $vserver = [char]34 + $vserver + [char]34 } $vservers = $config -match "$vserver" | select-string -Pattern ('^add \w+ vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} if (!$vservers) { # Try substring matches without quotes if ($vserver -match " ") { $vserver = $vserver -replace [char]34 } $vservers = $config -match "$vserver" | select-string -Pattern ('^add \w+ vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} } # Make sure it's an array, even if only one match $vservers = @($vservers) # FirstLoop flag enables running script without prompting. # If second loop, then user must have changed the filter and wants to see results even if only one (or none). if (($vservers.length -eq 1 -and $firstLoop) -or $vservers -contains $vserver) { # Get vServer Type $vserverType = $config -match " $vservers " | select-string -Pattern ('^add (\w+) vserver') | ForEach-Object {$_.Matches.Groups[1].value} addNSObject ($vserverType + " vserver") $vservers $selectionDone = $true } else { # Prompt for vServer selection # Prepend System option $vservers = @("System Settings") + $vservers # Get vServer Type for each vServer name - later display to user $vserverTypes = @("") * ($vservers.length) $vserverTypes[0] = "sys" if ($vserver) { $vserverConfig = $config -match "$vserver" } else { $vserverConfig = $config -match "add (\w+) vserver" } for ($x = 1; $x -lt $vservers.length; $x++) { $vserverTypes[$x] = $vserverConfig | select-string -Pattern ('^add (\w+) vserver ' + $vservers[$x] + " ") | ForEach-Object {$_.Matches.Groups[1].value} } # Change "authentication" to "aaa" so it fits within 4 char column $vserverTypes = $vserverTypes -replace "authentication", "aaa" # Get VIPs for each vServer so they can be displayed to the user $VIPs = @("") * ($vservers.length) for ($x = 1; $x -lt $vservers.length; $x++) { $VIPs[$x] = $vserverConfig | select-string -Pattern ('^add \w+ vserver ' + $vservers[$x] + ' \w+ (\d+\.\d+\.\d+\.\d+)') | ForEach-Object {$_.Matches.Groups[1].value} } # Get Ports for each vServer so they can be displayed to the user $Ports = @("") * ($vservers.length) for ($x = 1; $x -lt $vservers.length; $x++) { $Ports[$x] = $vserverConfig | select-string -Pattern ('^add \w+ vserver ' + $vservers[$x] + ' \w+ \d+\.\d+\.\d+\.\d+ (\d+)') | ForEach-Object {$_.Matches.Groups[1].value} } # Get Enabled/Disabled State for each vServer so they can be displayed to the user $States = @("") * ($vservers.length) for ($x = 1; $x -lt $vservers.length; $x++) { $States[$x] = $vserverConfig | select-string -Pattern ('^add \w+ vserver ' + $vservers[$x] + ' .*? -state (\w+)') | ForEach-Object {$_.Matches.Groups[1].value} } $selected = @("") * ($vservers.length) # Grid View $vserverObjects = @() $vserverObjects = for ($x = 0; $x -lt $vservers.length; $x++) { [PSCustomObject] @{ Type = $vserverTypes[$x] Name = $vservers[$x] VIP = $VIPs[$x] Port = $Ports[$x] State = $States[$x] } } if ($IsMacOS){ "Use Listbox window to select Virtual Servers`n" $vserverlist = $vservers | Foreach-object{,($_.trim('"') )} $vserverlist = (('tell application "SystemUIServer"'+"`n"+'activate'+"`n"+'set vserver to (choose from list {"'+($vserverlist -join '","')+'"} with prompt "Command+Select Multiple Virtual Servers to extract" with multiple selections allowed)'+"`n"+'end tell' | osascript -s s) -replace ', ',',') $vserverObjects = @() [regex]::Matches($vserverlist, '(?:([\w\s]+))') | ForEach-Object { if ($_.value -match ' '){$vservername = '"'+$_.value+'"'} else {$vservername = $_.value} $x = $vservers.IndexOf($vservername) $vserverObjects += [PSCustomObject] @{ Type = $vserverTypes[$x] Name = $vservers[$x] } } } else { "Use Grid View window to select Virtual Servers`n" $vserverObjects = $vserverObjects | Out-GridView -Title "Ctrl+Select Multiple Virtual Servers to extract" -PassThru } if (!$vserverObjects) { exit } $vservers = @() foreach ($vserverObject in $vserverObjects) { if ($vserverObject.Type -eq "aaa") { $vserverObject.Type = "authentication" } if ($vserverObject.Type -eq "sys") { addNSObject ("sys") $vserverObject.Name $vservers += "System Settings" } else { addNSObject ($vserverObject.Type + " vserver") $vserverObject.Name $vservers += $vserverObject.Name } } $selectionDone = $true # CLI Menu Selection <# do { $count = 1 cls $promptString = "Select one or more of the following Virtual Servers for configuration extraction:`n`n" $promptString += "Virtual Server Filter = $vserver`n`n" $promptString += " Num Type VIP Name`n" $maxLength = ($vservers | sort-object length -desc | select -first 1).length $promptString += " ----- ---- " + ("-" * 15) + " " + ("-" * $maxLength) + "`n" write-host $promptString foreach ($vserverOption in $vservers) { $promptString = "{0,1} {1,4}: {2,4} {3,15} $vserverOption" -f $selected[$count-1], $count, $vserverTypes[$count-1], $VIPs[$count-1] if ($selected[$count-1] -eq "*") { write-host -foregroundcolor yellow $promptString } else { write-host $promptString } $count++ } write-host "" $entry = read-host "Enter Number to select/deselect, * for all, 0 for new filter string, or to begin extraction" if (!$entry -or $entry -eq "") { $selectionDone = $true; break } if ($entry -eq "*") { for ($x = 0; $x -lt $selected.length; $x++) { if ($selected[$x] -eq "*") { $selected[$x] = "" } else { $selected[$x] = "*" } } } else { try { $entry = [int]$entry if ($entry -lt 0 -or $entry -gt $count) { write-host "`nInvalid entry. Press Enter to try again. ";read-host $entry = "retry" } elseif ($entry -ge 1 -and $entry -le $count) { # Swap select status if ($selected[$entry -1] -eq "*") { $selected[$entry-1] = "" } else { $selected[$entry-1] = "*" } } elseif ($entry -eq 0) { $newFilter = read-host "Enter new filter string" $vserver = $newFilter $entry = "" $selected = "" } } catch { write-host "`nInvalid entry. Press Enter to try again. ";read-host $entry = "retry" } } } while ($entry -and $entry -ne "") $vserversSelected = @() for ($x = 0; $x -lt ($selected.length); $x++) { $vserverTypes = $vserverTypes -replace "aaa", "authentication" if ($selected[$x] -eq "*") { addNSObject ($vserverTypes[$x] + " vserver") $vservers[$x] $vserversSelected += $vservers[$x] $selectionDone = $true } } $vservers = $vserversSelected #> } $firstLoop = $false } while (!$selectionDone) if (!$vservers) { exit } # Run the Get-Output function to ask the user where to save the NetScaler documentation file if (!$outputFile) { $outputFile = Get-OutputFile $outputfile } "`nLooking for objects associated with selected vServers: `n" + ($vservers -join "`n") + "`n" $Timer = [system.diagnostics.stopwatch]::StartNew() # Get System Objects if ($nsObjects."sys") { addNSObject "ns partition" (getNSObjects ($config -match "add ns partition") "ns partition") addNSObject "dns nameServer" (getNSObjects ($config -match "add dns nameServer") "dns nameServer") if ($nsObjects."dns nameServer") { foreach ($nameserver in $nsObjects."dns nameServer") { $nameServerConfig = $config -match "lb vserver $nameserver " addNSObject "lb vserver" (getNSObjects $nameServerConfig "lb vserver") } } addNSObject "ns feature" ($config -match "ns feature") addNSObject "ns mode" ($config -match "ns mode") addNSObject "system parameter" ($config -match "system parameter") addNSObject "ns encryptionParams" ($config -match "set ns encryptionParams") addNSObject "ssl cipher" (getNSObjects $config "ssl cipher" "-cipherName") # Get Networking Settings addNSObject "ns config" ($config -match "ns config") addNSObject "ns hostName" ($config -match "ns hostName") addNSObject "interface" ($config -match " interface ") addNSObject "channel" ($config -match " channel ") addNSObject "vlan" (getNSObjects ($config -match " vlan ") "vlan") addNSObject "vrid" (getNSObjects ($config -match "vrid") "vrid") addNSObject "ns ip" (getNSObjects ($config -match "ns ip") "ns ip") addNSObject "route" ($config -match " route ") addNSObject "ns pbr" ($config -match " ns pbr") addNSObject "mgmt ssl service" (getNSObjects ($config -match " ssl service ns(krpcs|https|rpcs|rnatsip)-") "ssl service") # Get SNMP addNSObject "snmp community" ($config -match " snmp community") addNSObject "snmp manager" ($config -match " snmp manager") addNSObject "snmp trap" ($config -match " snmp trap") addNSObject "snmp alarm" ($config -match " snmp alarm") # Get HA settings addNSObject "ha node" ($config -match "HA node") addNSObject "ha rpcNode" (getNSObjects ($config -match "set ns config") "ns rpcNode") addNSObject "ha rpcNode" (getNSObjects ($config -match "HA node") "ns rpcNode") # Get System Global Bindings - authentication, syslog addNSObject "system global" ($config -match "system global") addNSObject "authentication Policy" (getNSObjects ($config -match "system global") "authentication Policy") addNSObject "authentication ldapPolicy" (getNSObjects ($config -match "system global") "authentication ldapPolicy") addNSObject "authentication radiusPolicy" (getNSObjects ($config -match "system global") "authentication radiusPolicy") addNSObject "authentication tacacsPolicy" (getNSObjects ($config -match "system global") "authentication tacacsPolicy") addNSObject "authentication localPolicy" (getNSObjects ($config -match "system global") "authentication localPolicy") addNSObject "audit syslogPolicy" (getNSObjects ($config -match "bind system global") "audit syslogPolicy") addNSObject "audit syslogPolicy" (getNSObjects ($config -match "bind audit syslogGlobal") "audit syslogPolicy") addNSObject "audit nslogPolicy" (getNSObjects ($config -match "bind system global") "audit nslogPolicy") addNSObject "system user" (getNSObjects ($config -match "system user") "system user") addNSObject "system group" (getNSObjects ($config -match "system group") "system group") } # If $cswBind switch is true, look for CS vServers that the LB, AAA, and/or VPN vServers are bound to. if ($cswBind){ $cswBindType = @{lb='lbvserver';vpn='vserver';authentication='vserver'} foreach ($vsrvType in 'lb','vpn','authentication' ) { if ($nsObjects."$vsrvType vserver") { foreach ($vsrv in $nsObjects."$vsrvType vserver") { # CSW Default virtual server if ($config -match "bind cs vserver .* -$($cswBindType.$vsrvType) $vsrv"){ addNSObject "cs vserver" ($config -match "bind cs vserver .* -$($cswBindType.$vsrvType) $vsrv" | select-string -Pattern ('^bind cs vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) } # CSW Policy Bind -targetlbserver if ($config -match "bind cs vserver .* -policyName .* -targetLBVserver $vsrv"){ addNSObject "cs vserver" ($config -match "bind cs vserver .* -policyName .* -targetLBVserver $vsrv" | select-string -Pattern ('^bind cs vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) } # CSW Action -targetlbserver -targetvserver if ($config -match "add cs action .* -target$($cswBindType.$vsrvType) $vsrv"){ $csaction = ($config -match "add cs action .* -target$($cswBindType.$vsrvType) $vsrv" | select-string -Pattern ('^add cs action (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) #CS Policy for CS Action $cspolicy = ($config -match "add cs policy .* -action $csaction" | select-string -Pattern ('^add cs policy (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) #CS vServer for CS Policy addNSObject "cs vserver" ($config -match "bind cs vserver .* -policyName $cspolicy" | select-string -Pattern ('^bind cs vserver (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value}) } } } } } # Look for Backup CSW vServers and Linked LB vServers if ($nsObjects."cs vserver") { if ($config -match "enable ns feature.* CS") { $NSObjects."cs parameter" = @("enable ns feature CS") } else { $NSObjects."cs parameter" = @("# *** CS feature is not enabled") } foreach ($csvserver in $nsObjects."cs vserver") { $currentVServers = $nsObjects."cs vserver" $nsObjects."cs vserver" = @() $vserverConfig = $config -match " $csvserver " # Backup VServers should be created before Active VServers $backupVServers = getNSObjects ($vserverConfig) "cs vserver" "-backupVServer" if ($backupVServers) { addNSObject "cs vserver" ($backupVServers) foreach ($vserver in $currentvservers) { if ($backupVServers -notcontains $vserver) { addNSObject "cs vserver" ($vserver) } } } else { $nsObjects."cs vserver" = $currentVServers } addNSObject "lb vserver" (getNSObjects $vserverconfig "lb vserver" "-targetLBVserver") } } # Enumerate CSW vServer config for additional bound objects if ($nsObjects."cs vserver") { foreach ($csvserver in $nsObjects."cs vserver") { $vserverConfig = $config -match "vserver $csvserver " addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy" "-policyName") addNSObject "cs policylabel" (getNSObjects $vserverConfig "cs policylabel" "policylabel") addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-lbvserver") addNSObject "gslb vserver" (getNSObjects $vserverConfig "gslb vserver" "-vserver") addNSObject "vpn vserver" (getNSObjects $vserverConfig "vpn vserver" "-vserver") addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile") addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile" "-tcpProfileName") addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName") addNSObject "db dbProfile" (getNSObjects $vserverConfig "db dbProfile" "-dbProfileName") addNSObject "dns profile" (getNSObjects $vserverConfig "dns profile" "-dnsProfileName") addNSObject "authentication vserver" (getNSObjects $vserverConfig "authentication vserver" "-authnVsName") addNSObject "authentication authnProfile" (getNSObjects $vserverConfig "authentication authnProfile" "-authnProfile") addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel") addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policyName") addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policyName") addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policyName") addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName") addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher" "-cipherName") addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certKeyName") addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $csvserver ") "ssl vserver") addNSObject "cmp policy" (getNSObjects $vserverConfig "cmp policy" "-policyName") addNSObject "cmp policylabel" (getNSObjects $vserverConfig "cmp policylabel" "policylabel") addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName") addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName") addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policyName") addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel") addNSObject "appfw policy" (getNSObjects $vserverConfig "appfw policy" "-policyName") addNSObject "appfw policylabel" (getNSObjects $vserverConfig "appfw policylabel" "policylabel") addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName") addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel") addNSObject "transform policy" (getNSObjects $vserverConfig "transform policy" "-policyName") addNSObject "transform policylabel" (getNSObjects $vserverConfig "transform policylabel") addNSObject "tm trafficPolicy" (getNSObjects $vserverConfig "tm trafficPolicy" "-policyName") addNSObject "feo policy" (getNSObjects $vserverConfig "feo policy" "-policyName") addNSObject "spillover policy" (getNSObjects $vserverConfig "spillover policy" "-policyName") addNSObject "appqoe policy" (getNSObjects $vserverConfig "appqoe policy" "-policyName") addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset") addNSObject "analytics profile" (getNSObjects $vserverConfig "analytics profile" "-analyticsProfile") } } # write-host ("cs objects: " + $timer.elapsed.TotalSeconds) # Get CSW Policies from CSW Policy Labels if ($NSObjects."cs policylabel") { foreach ($policy in $NSObjects."cs policylabel") { addNSObject "cs policy" (getNSObjects ($config -match " $policy ") "cs policy") } } # Get CSW Actions from CSW Policies if ($NSObjects."cs policy") { $matchExpression = getMatchExpression $NSObjects."cs policy" addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action") addNSObject "audit messageaction" (getNSObjects ($config -match "cr policy $matchExpression") "audit messageaction" "-logAction") # Get vServers linked to CSW Actions if ($NSObjects."cs action") { $matchExpression = getMatchExpression $NSObjects."cs action" $filteredConfig = $config -match " $matchExpression " addNSObject "lb vserver" (getNSObjects ($filteredConfig) "lb vserver" "-targetLBVserver") addNSObject "vpn vserver" (getNSObjects ($filteredConfig) "vpn vserver" "-targetVserver") addNSObject "authentication vserver" (getNSObjects ($filteredConfig) "authentication vserver" "-targetVserver") addNSObject "gslb vserver" (getNSObjects ($filteredConfig) "gslb vserver" "-targetVserver") } } # Look for Backup CR vServers if ($nsObjects."cr vserver") { foreach ($crvserver in $nsObjects."cr vserver") { $currentVServers = $nsObjects."cr vserver" $nsObjects."cr vserver" = @() $vserverConfig = $config -match " $crvserver " # Backup VServers should be created before Active VServers $backupVServers = getNSObjects ($vserverConfig) "cr vserver" "-backupVServer" if ($backupVServers) { addNSObject "cr vserver" ($backupVServers) foreach ($vserver in $currentvservers) { if ($backupVServers -notcontains $vserver) { addNSObject "cr vserver" ($vserver) } } } else { $nsObjects."cr vserver" = $currentVServers } } } # Enumerate CR vServer config for additional bound objects if ($nsObjects."cr vserver") { foreach ($crvserver in $nsObjects."cr vserver") { $vserverConfig = $config -match " $crvserver " addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy") addNSObject "cs policylabel" (getNSObjects $vserverConfig "cs policylabel" "policylabel") addNSObject "cr policy" (getNSObjects $vserverConfig "cr policy") addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-lbvserver") addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-dnsVserverName") addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile") addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile" "-tcpProfileName") addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName") addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName") addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher") addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certKeyName") addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $crvserver ") "ssl vserver") addNSObject "cmp policy" (getNSObjects $vserverConfig "cmp policy" "-policyName") addNSObject "cmp policylabel" (getNSObjects $vserverConfig "cmp policylabel" "policylabel") addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName") addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName") addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policyName") addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel") addNSObject "appfw policy" (getNSObjects $vserverConfig "appfw policy" "-policyName") addNSObject "appfw policylabel" (getNSObjects $vserverConfig "appfw policylabel" "policylabel") addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName") addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel") addNSObject "feo policy" (getNSObjects $vserverConfig "feo policy" "-policyName") addNSObject "spillover policy" (getNSObjects $vserverConfig "spillover policy" "-policyName") addNSObject "appqoe policy" (getNSObjects $vserverConfig "appqoe policy" "-policyName") addNSObject "ica policy" (getNSObjects $vserverConfig "ica policy" "-policyName") addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset") addNSObject "analytics profile" (getNSObjects $vserverConfig "analytics profile" "-analyticsProfile") } } # Get Message Actions from CR Policies if ($NSObjects."cr policy") { foreach ($policy in $NSObjects."cr policy") { addNSObject "audit messageaction" (getNSObjects ($config -match "cr policy $policy") "audit messageaction" "-logAction") } } # Get CSW Policies from CSW Policy Labels if ($NSObjects."cs policylabel") { foreach ($policy in $NSObjects."cs policylabel") { addNSObject "cs policy" (getNSObjects ($config -match " $policy ") "cs policy") } } # Get CSW Actions from CSW Policies if ($NSObjects."cs policy") { $matchExpression = getMatchExpression $NSObjects."cs policy" addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action") addNSObject "audit messageaction" (getNSObjects ($config -match "cs policy $matchExpression") "audit messageaction" "-logAction") # Get vServers linked to CSW Actions if ($NSObjects."cs action") { $matchExpression = getMatchExpression $NSObjects."cs action" $filteredConfig = $config -match " $matchExpression " foreach ($action in $NSObjects."cs action") { addNSObject "lb vserver" (getNSObjects ( $filteredConfig) "lb vserver" "-targetLBVserver") addNSObject "vpn vserver" (getNSObjects ( $filteredConfig) "vpn vserver" "-targetVserver") addNSObject "gslb vserver" (getNSObjects ( $filteredConfig) "gslb vserver" "-targetVserver") } } } # Look for Backup GSLB vServers if ($nsObjects."gslb vserver") { foreach ($gslbvserver in $nsObjects."gslb vserver") { # $currentVServers = $nsObjects."gslb vserver" # $nsObjects."gslb vserver" = @() $vserverConfig = $config -match " $gslbvserver " # Backup VServers should be created before Active VServers $backupVServers = getNSObjects ($vserverConfig) "gslb vserver" "-backupVServer" if ($backupVServers) { addNSObject "gslb vserver" ($backupVServers) # foreach ($vserver in $currentvservers) { # if ($backupVServers -notcontains $vserver) { # addNSObject "gslb vserver" ($vserver) # } # } # } else { # $nsObjects."gslb vserver" = $currentVServers } } } # Enumerate GSLB vServer config for additional bound objects if ($nsObjects."gslb vserver") { if ($config -match "enable ns feature.* GSLB") { $NSObjects."gslb parameter" = @("enable ns feature gslb") } else { $NSObjects."gslb parameter" = @("# *** GSLB feature is not enabled") } foreach ($gslbvserver in $nsObjects."gslb vserver") { $vserverConfig = $config -match " $gslbvserver " addNSObject "gslb service" (getNSObjects $vserverConfig "gslb service" "-serviceName") addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $gslbvserver ") "ssl vserver") addNSObject "dns soaRec" (getNSObjects $vserverConfig "dns soaRec") addNSObject "dns nsRec" (getNSObjects $vserverConfig "dns nsRec") } if ($NSObjects."gslb service") { foreach ($service in $NSObjects."gslb service") { # wrap config matches in spaces to avoid substring matches $serviceConfig = $config -match " gslb service $service " addNSObject "monitor" (getNSObjects $serviceConfig "lb monitor" "-monitorName") addNSObject "monitor" (getNSObjects $serviceConfig "monitor" "-monitorName") addNSObject "server" (getNSObjects $serviceConfig "server") addNSObject "ssl profile" (getNSObjects $serviceConfig "ssl profile") addNSObject "netProfile" (getNSObjects $serviceConfig "netProfile" "-netProfile") addNSObject "ns trafficDomain" (getNSObjects $serviceConfig "ns trafficDomain" "-td") addNSObject "dns view" (getNSObjects $serviceConfig "dns view" "-viewName") addNSObject "gslb site" (getNSObjects $serviceConfig "gslb site" "-siteName") } } if ($NSObjects."gslb site") { foreach ($site in $NSObjects."gslb site") { $siteConfig = $config -match "add gslb site $site " addNSObject "ns rpcNode" (getNSObjects $siteConfig "ns rpcNode") } } addNSObject "dns cnameRec" (getNSObjects ($config -match "^add dns cnameRec ") "dns cnameRec") addNSObject "dns addRec" (getNSObjects ($config | select-string -Pattern "^add dns addRec" | select-string -NotMatch -Pattern ".root-servers.net") "dns addRec") addNSObject "gslb location" ($config -match "^set locationParameter") "gslb location" addNSObject "gslb location" ($config -match " locationFile ") "gslb location" addNSObject "gslb location" ($config -match "^add location ") "gslb location" addNSObject "gslb parameter" ($config -match "^set gslb parameter ") "gslb parameter" addNSObject "gslb parameter" ($config -match "^set dns parameter") "gslb parameter" # Get all global DNS Responder policies in case they affect GSLB DNS traffic addNSObject "responder policy" (getNSObjects ($config -match "^bind responder global .*? -type DNS_REQ_") "responder policy") # Get all global DNS Policy bindings in case they affect ADNS traffic? addNSObject "dns policy" (getNSObjects ($config -match "^bind dns global") "dns policy") addNSObject "adns service" ($config -match '^add service (".*?"|[^-"]\S+) \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} ADNS') "adns service" # Get all DNS LB vServers in case they are used for DNS Queries? addNSObject "lb vserver" (getNSObjects ($config -match '^add lb vserver (".*?"|[^-"]\S+) DNS') "lb vserver") } # Get DNS Actions and DNS Polices from DNS Views if ($nsObjects."dns view") { foreach ($view in $nsObjects."dns view") { addNSObject "dns action" (getNSObjects ($config -match "dns action .*? -viewName $view") "dns action") } foreach ($action in $nsObjects."dns action") { addNSObject "dns policy" (getNSObjects ($config -match "dns policy .*? $action") "dns policy" ) } } if ($nsObjects."dns policy") { # Get DNS Actions for global DNS policies discovered earlier foreach ($policy in $nsObjects."dns policy") { addNSObject "dns action" (getNSObjects ($config -match "dns policy $policy") "dns action") addNSObject "audit messageaction" (getNSObjects ($config -match "dns policy $policy") "audit messageaction" "-logAction") } # Get DNS Profiles linked to DNS Actions foreach ($action in $nsObjects."dns action") { addNSObject "dns profile" (getNSObjects ($config -match "dns action $action") "dns profile" "-dnsProfileName" ) } # Get DNS Views linked to DNS Actions foreach ($action in $nsObjects."dns action") { addNSObject "dns view" (getNSObjects ($config -match "dns action $action") "dns view" "-viewName" ) } addNSObject "dns global" ($config -match "bind dns global ") "dns global" } # Enumerate VPN vServer config for additional bound objects if ($nsObjects."vpn vserver") { if ($config -match "enable ns feature.* SSLVPN") { $NSObjects."vpn parameter" = @("enable ns feature SSLVPN") } else { $NSObjects."vpn parameter" = @("# *** Citrix Gateway feature is not enabled") } addNSObject "vpn parameter" ($config -match "vpn parameter") "vpn parameter" addNSObject "vpn parameter" ($config -match "ica parameter") "vpn parameter" addNSObject "vpn parameter" ($config -match "aaa parameter") "vpn parameter" addNSObject "vpn parameter" ($config -match "dns suffix") "vpn parameter" addNSObject "clientless domains" ($config -match "ns_cvpn_default_inet_domains") "clientless domains" foreach ($vpnvserver in $nsObjects."vpn vserver") { $vserverConfig = $config -match " $vpnvserver " addNSObject "cs policylabel" (getNSObjects $vserverConfig "cs policylabel") addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy") addNSObject "ns tcpProfile" (getNSObjects $vserverConfig "ns tcpProfile") addNSObject "netProfile" (getNSObjects $vserverConfig "netProfile" "-netProfile") addNSObject "ns httpProfile" (getNSObjects $vserverConfig "ns httpProfile" "-httpProfileName") addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") addNSObject "authentication authnProfile" (getNSObjects $vserverConfig "authentication authnProfile" "-authnProfile") addNSObject "vpn pcoipVserverProfile" (getNSObjects $vserverConfig "vpn pcoipVserverProfile" "-pcoipVserverProfileName") addNSObject "vpn intranetApplication" (getNSObjects $vserverConfig "vpn intranetApplication" "-intranetApplication") addNSObject "vpn portaltheme" (getNSObjects $vserverConfig "vpn portaltheme" "-portaltheme") addNSObject "vpn eula" (getNSObjects $vserverConfig "vpn eula" "-eula") addNSObject "vpn nextHopServer" (getNSObjects $vserverConfig "vpn nextHopServer" "-nextHopServer") addNSObject "authentication ldapPolicy" (getNSObjects $vserverConfig "authentication ldapPolicy" "-policy") addNSObject "authentication radiusPolicy" (getNSObjects $vserverConfig "authentication radiusPolicy" "-policy") addNSObject "authentication samlIdPPolicy" (getNSObjects $vserverConfig "authentication samlIdPPolicy") addNSObject "authentication samlPolicy" (getNSObjects $vserverConfig "authentication samlPolicy") addNSObject "authentication certPolicy" (getNSObjects $vserverConfig "authentication certPolicy") addNSObject "authentication dfaPolicy" (getNSObjects $vserverConfig "authentication dfaPolicy") addNSObject "authentication localPolicy" (getNSObjects $vserverConfig "authentication localPolicy") addNSObject "authentication negotiatePolicy" (getNSObjects $vserverConfig "authentication negotiatePolicy") addNSObject "authentication tacacsPolicy" (getNSObjects $vserverConfig "authentication tacacsPolicy") addNSObject "authentication webAuthPolicy" (getNSObjects $vserverConfig "authentication webAuthPolicy") addNSObject "aaa preauthenticationpolicy" (getNSObjects $vserverConfig "aaa preauthenticationpolicy" "-policy") addNSObject "vpn sessionPolicy" (getNSObjects $vserverConfig "vpn sessionPolicy" "-policy") addNSObject "vpn trafficPolicy" (getNSObjects $vserverConfig "vpn trafficPolicy" "-policy") addNSObject "vpn clientlessAccessPolicy" (getNSObjects $vserverConfig "vpn clientlessAccessPolicy" "-policy") addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel") addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policy") addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policy") addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policy") addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") addNSObject "appflow policy" (getNSObjects $vserverConfig "appflow policy" "-policy") addNSObject "appflow policylabel" (getNSObjects $vserverConfig "appflow policylabel" "policylabel") addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policy") addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel") addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policy") addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policy") addNSObject "ica policy" (getNSObjects $vserverConfig "ica policy" "-policy") addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policy") addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher") addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName") addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $vpnvserver ") "ssl vserver") addNSObject "vpn url" (getNSObjects $vserverConfig "vpn url" "-urlName") addNSObject "ipset" (getNSObjects $vserverConfig "ipset" "-ipset") addNSObject "analytics profile" (getNSObjects $vserverConfig "analytics profile" "-analyticsProfile") } addNSObject "aaa group" (getNSObjects ($config -match "add aaa group") "aaa group") addNSObject "vpn global" ($config -match "bind vpn global ") "vpn global" } # Get CSW Policies from CSW Policy Labels if ($NSObjects."cs policylabel") { foreach ($policy in $NSObjects."cs policylabel") { addNSObject "cs policy" (getNSObjects ($config -match " $policy ") "cs policy") } } # Get CSW Actions from CSW Policies if ($NSObjects."cs policy") { $matchExpression = GetMatchExpression $NSObjects."cs policy" addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action") addNSObject "audit messageaction" (getNSObjects ($config -match "cs policy $matchExpression") "audit messageaction" "-logAction") # Get vServers linked to CSW Actions if ($NSObjects."cs action") { $matchExpression = GetMatchExpression $NSObjects."cs action" $filteredConfig = $config -match " $matchExpression " addNSObject "lb vserver" (getNSObjects ($filteredConfig) "lb vserver" "-targetLBVserver") addNSObject "vpn vserver" (getNSObjects ($filteredConfig) "vpn vserver" "-targetVserver") addNSObject "gslb vserver" (getNSObjects ($filteredConfig) "gslb vserver" "-targetVserver") } } # Get objects bound to VPN Global if ($nsObjects."vpn global") { $vserverConfig = $config -match "bind vpn global " addNSObject "vpn intranetApplication" (getNSObjects $vserverConfig "vpn intranetApplication" "-intranetApplication") addNSObject "vpn portaltheme" (getNSObjects $vserverConfig "vpn portaltheme" "-portaltheme") addNSObject "vpn eula" (getNSObjects $vserverConfig "vpn eula" "-eula") addNSObject "vpn nextHopServer" (getNSObjects $vserverConfig "vpn nextHopServer" "-nextHopServer") addNSObject "authentication ldapPolicy" (getNSObjects $vserverConfig "authentication ldapPolicy" "-policyName") addNSObject "authentication radiusPolicy" (getNSObjects $vserverConfig "authentication radiusPolicy" "-policyName") addNSObject "authentication samlIdPPolicy" (getNSObjects $vserverConfig "authentication samlIdPPolicy") addNSObject "authentication samlPolicy" (getNSObjects $vserverConfig "authentication samlPolicy") addNSObject "authentication certPolicy" (getNSObjects $vserverConfig "authentication certPolicy") addNSObject "authentication dfaPolicy" (getNSObjects $vserverConfig "authentication dfaPolicy") addNSObject "authentication localPolicy" (getNSObjects $vserverConfig "authentication localPolicy") addNSObject "authentication negotiatePolicy" (getNSObjects $vserverConfig "authentication negotiatePolicy") addNSObject "authentication tacacsPolicy" (getNSObjects $vserverConfig "authentication tacacsPolicy") addNSObject "authentication webAuthPolicy" (getNSObjects $vserverConfig "authentication webAuthPolicy") addNSObject "vpn sessionPolicy" (getNSObjects $vserverConfig "vpn sessionPolicy" "-policyName") addNSObject "vpn trafficPolicy" (getNSObjects $vserverConfig "vpn trafficPolicy" "-policyName") addNSObject "vpn clientlessAccessPolicy" (getNSObjects $vserverConfig "vpn clientlessAccessPolicy" "-policyName") addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel" "policylabel") addNSObject "authorization policy" (getNSObjects $vserverConfig "authorization policy" "-policyName") addNSObject "responder policy" (getNSObjects $vserverConfig "responder policy" "-policyName") addNSObject "responder policylabel" (getNSObjects $vserverConfig "responder policylabel" "policylabel") addNSObject "rewrite policy" (getNSObjects $vserverConfig "rewrite policy" "-policyName") addNSObject "rewrite policylabel" (getNSObjects $vserverConfig "rewrite policylabel" "policylabel") addNSObject "cache policy" (getNSObjects $vserverConfig "cache policy" "-policyName") addNSObject "cache policylabel" (getNSObjects $vserverConfig "cache policylabel" "policylabel") addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policyName") addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policyName") addNSObject "ica policy" (getNSObjects $vserverConfig "ica policy" "-policyName") addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policyName") addNSObject "vpn url" (getNSObjects $vserverConfig "vpn url" "-urlName") addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName") addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-cacert") $vserverConfig = $config -match "set vpn parameter " addNSObject "lb vserver" (getNSObjects $vserverConfig "lb vserver" "-dnsVserverName") addNSObject "vpn alwaysONProfile" (getNSObjects $vserverConfig "vpn alwaysONProfile" "-alwaysONProfileName") addNSObject "aaa kcdAccount" (getNSObjects $vserverConfig "aaa kcdAccount" "-kcdAccount") addNSObject "vpn pcoipProfile" (getNSObjects $vserverConfig "vpn pcoipProfile" "-pcoipProfileName") addNSObject "rdp clientprofile" (getNSObjects $vserverConfig "rdp clientprofile" "-rdpClientProfileName") } # Look for LB Persistency Groups if ($nsObjects."lb vserver") { $matchExpression = getMatchExpression $nsObjects."lb vserver" $vserverConfig = $config -match " $matchExpression$" addNSObject "lb group" (getNSObjects ($vserverConfig) "lb group") if ($nsObjects."lb group") { foreach ($lbgroup in $NSObjects."lb group") { addNSObject "lb vserver" (getNSObjects ($config -match "lb group " + $lbgroup) "lb vserver") } } } # Look for Backup LB vServers if ($nsObjects."lb vserver") { $matchExpression = getMatchExpression $nsObjects."lb vserver" $currentVServers = $nsObjects."lb vserver" $nsObjects."lb vserver" = @() $vserverConfig = $config -match " $matchExpression " # Backup VServers should be created before Active VServers $backupVServers = getNSObjects ($vserverConfig) "lb vserver" "-backupVServer" if ($backupVServers) { addNSObject "lb vserver" ($backupVServers) foreach ($vserver in $currentvservers) { if ($backupVServers -notcontains $vserver) { addNSObject "lb vserver" ($vserver) } } } else { $nsObjects."lb vserver" = $currentVServers } } # Get objects linked to AAA Groups if ($nsObjects."aaa group") { foreach ($group in $nsObjects."aaa group") { $groupConfig = $config -match " aaa group $group " addNSObject "vpn intranetApplication" (getNSObjects $groupConfig "vpn intranetApplication" "-intranetApplication") addNSObject "vpn sessionPolicy" (getNSObjects $groupConfig "vpn sessionPolicy" "-policy") addNSObject "vpn trafficPolicy" (getNSObjects $groupConfig "vpn trafficPolicy" "-policy") addNSObject "authorization policylabel" (getNSObjects $vserverConfig "authorization policylabel") addNSObject "authorization policy" (getNSObjects $groupConfig "authorization policy" "-policy") addNSObject "vpn url" (getNSObjects $groupConfig "vpn url" "-urlName") } } # Get Preauthentication Actions from Preauthentication Policies if ($NSObjects."aaa preauthenticationpolicy") { foreach ($policy in $NSObjects."aaa preauthenticationpolicy") { addNSObject "aaa preauthenticationaction" (getNSObjects ($config -match "aaa preauthenticationpolicy $policy ") "aaa preauthenticationaction" -position 4) } } # Get VPN Session Actions from VPN Session Policies if ($NSObjects."vpn sessionPolicy") { foreach ($policy in $NSObjects."vpn sessionPolicy") { addNSObject "vpn sessionAction" (getNSObjects ($config -match "vpn sessionPolicy $policy ") "vpn sessionAction" -position 4) } } # Get KCD Accounts and DNS LB vServers from VPN Session Actions if ($NSObjects."vpn sessionAction") { foreach ($profile in $NSObjects."vpn sessionAction") { $profileConfig = $config -match "vpn sessionAction $profile " addNSObject "aaa kcdAccount" (getNSObjects $profileConfig "aaa kcdAccount" "-kcdAccount") addNSObject "lb vserver" (getNSObjects $profileConfig "lb vserver" "-dnsVserverName") if ($profileConfig -match "http://" -or $profileConfig -match "https://") { addNSObject "lb vserver" (getHttpVServer $profileConfig) } } } # Enumerate LB vServer config for additional bound objects if ($nsObjects."lb vserver" -or $nsObjects."sys") { if ($config -match "enable ns feature.* lb") { $NSObjects."lb parameter" = @("enable ns feature lb") } else { $NSObjects."lb parameter" = @("# *** Load Balancing feature is not enabled") } addNSObject "lb parameter" ($config -match "ns mode") "lb parameter" addNSObject "lb parameter" ($config -match "set lb parameter") "lb parameter" addNSObject "lb parameter" ($config -match "set ns param") "lb parameter" addNSObject "lb parameter" ($config -match "set dns parameter") "lb parameter" addNSObject "lb parameter" ($config -match "set dns profile default-dns-profile") "lb parameter" addNSObject "lb parameter" ($config -match "set ns tcpParam") "lb parameter" addNSObject "lb parameter" ($config -match "set ns tcpProfile nstcp_default") "lb parameter" addNSObject "lb parameter" ($config -match "set ns httpParam") "lb parameter" addNSObject "lb parameter" ($config -match "set ns tcpbufParam") "lb parameter" addNSObject "lb parameter" ($config -match "set ns timeout") "lb parameter" GetLBvServerBindings $NSObjects."lb vserver" } # Get AAA VServers linked to Authentication Profiles if ($NSObjects."authentication authnProfile") { foreach ($profile in $NSObjects."authentication authnProfile") { addNSObject "authentication vserver" (getNSObjects ($config -match "authentication authnProfile $profile ") "authentication vserver" "-authnVsName") } } # Get Objects linked to Authentication vServers if ($NSObjects."authentication vserver") { if ($config -match "enable ns feature.* rewrite") { $NSObjects."authentication param" = @("enable ns feature AAA") } else { $NSObjects."authentication param" = @("# *** AAA feature is not enabled") } $matchExpression = getMatchExpression $NSObjects."authentication vserver" $vserverConfig = $config -match " $matchExpression " addNSObject "ns trafficDomain" (getNSObjects $vserverConfig "ns trafficDomain" "-td") addNSObject "authentication ldapPolicy" (getNSObjects $vserverConfig "authentication ldapPolicy") addNSObject "authentication radiusPolicy" (getNSObjects $vserverConfig "authentication radiusPolicy") addNSObject "authentication policy" (getNSObjects $vserverConfig "authentication policy") addNSObject "authentication samlIdPPolicy" (getNSObjects $vserverConfig "authentication samlIdPPolicy") addNSObject "authentication samlPolicy" (getNSObjects $vserverConfig "authentication samlPolicy") addNSObject "authentication certPolicy" (getNSObjects $vserverConfig "authentication certPolicy") addNSObject "authentication dfaPolicy" (getNSObjects $vserverConfig "authentication dfaPolicy") addNSObject "authentication localPolicy" (getNSObjects $vserverConfig "authentication localPolicy") addNSObject "authentication negotiatePolicy" (getNSObjects $vserverConfig "authentication negotiatePolicy") addNSObject "authentication tacacsPolicy" (getNSObjects $vserverConfig "authentication tacacsPolicy") addNSObject "authentication webAuthPolicy" (getNSObjects $vserverConfig "authentication webAuthPolicy") addNSObject "tm sessionPolicy" (getNSObjects $vserverConfig "tm sessionPolicy") addNSObject "vpn portaltheme" (getNSObjects $vserverConfig "vpn portaltheme" "-portaltheme") addNSObject "authentication loginSchemaPolicy" (getNSObjects $vserverConfig "authentication loginSchemaPolicy") addNSObject "authentication policylabel" (getNSObjects $vserverConfig "authentication policylabel" "-nextFactor") addNSObject "audit syslogPolicy" (getNSObjects $vserverConfig "audit syslogPolicy" "-policy") addNSObject "audit nslogPolicy" (getNSObjects $vserverConfig "audit nslogPolicy" "-policy") addNSObject "cs policy" (getNSObjects $vserverConfig "cs policy" "-policy") addNSObject "ssl policy" (getNSObjects $vserverConfig "ssl policy" "-policy") addNSObject "ssl cipher" (getNSObjects $vserverConfig "ssl cipher" "-cipherName") addNSObject "ssl profile" (getNSObjects $vserverConfig "ssl profile") addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-certkeyName") addNSObject "ssl certKey" (getNSObjects $vserverConfig "ssl certKey" "-cacert") addNSObject "ssl vserver" (getNSObjects ($config -match "ssl vserver $authVServer ") "ssl vserver") } # Get CSW Actions from CSW Policies if ($NSObjects."cs policy") { $matchExpression = getMatchExpression $NSObjects."cs policy" addNSObject "cs action" (getNSObjects ($config -match " $matchExpression ") "cs action") addNSObject "audit messageaction" (getNSObjects ($config -match "cr policy $policy") "audit messageaction" "-logAction") # Get vServers linked to CSW Actions if ($NSObjects."cs action") { $matchExpression = getMatchExpression $NSObjects."cs action" $filteredConfig = $config -match " $matchExpression " addNSObject "lb vserver" (getNSObjects ($filteredConfig) "lb vserver" "-targetLBVserver") addNSObject "vpn vserver" (getNSObjects ($filteredConfig) "vpn vserver" "-targetVserver") addNSObject "gslb vserver" (getNSObjects ($filteredConfig) "gslb vserver" "-targetVserver") } } # Get Next Factors, Authentication Policies and Login Schemas from Authentication Policy Labels if ($NSObjects."authentication policylabel") { # Get Next Factors; repeat multiple times for Next Factor nesting level for ($i=0;$i -le $nFactorNestingLevel; $i++) { foreach ($policy in $NSObjects."authentication policylabel") { addNSObject "authentication policylabel" (getNSObjects ($config -match " $policy ") "authentication policylabel" "-nextFactor") } } foreach ($policy in $NSObjects."authentication policylabel") { addNSObject "authentication policy" (getNSObjects ($config -match " $policy ") "authentication policy") addNSObject "authentication loginSchema" (getNSObjects ($config -match " $policy ") "authentication loginSchema") } } # Sort the Policy Labels so Next Factors are created prior to policy bindings in earlier factors if ($NSObjects."authentication policylabel") { $policyLabelsSorted = @() foreach ($policyLabel in $NSObjects."authentication policylabel") { $policyBindings = $config -match ('^bind authentication policylabel ' + $policyLabel + " -(policy|policyName) ") $nextFactors = $policyBindings | select-string -Pattern ('-nextFactor (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} if (-not $nextFactors) { $policyLabelsSorted = ,$policyLabel + $policyLabelsSorted } else { foreach ($nextFactor in $nextFactors) { if ($policyLabelsSorted -contains $nextFactor) { $policyLabelsSorted = $policyLabelsSorted + ,$policyLabel } } } } for ($i=0; $i -lt $nFactorNestingLevel; $i++) { foreach ($policyLabel in $NSObjects."authentication policylabel") { $policyBindings = $config -match ('^bind authentication policylabel ' + $policyLabel + " -(policy|policyName) ") $nextFactors = $policyBindings | select-string -Pattern ('-nextFactor (".*?"|[^-"]\S+)') | ForEach-Object {$_.Matches.Groups[1].value} foreach ($nextFactor in $nextFactors) { if ($policyLabelsSorted -contains $nextFactor) { $policyLabelsSorted = $policyLabelsSorted + ,$policyLabel } } } } $NSObjects."authentication policylabel" = $policyLabelsSorted } # Get Authentication Actions from Advanced Authentication Policies if ($NSObjects."authentication policy") { $matchExpression = getMatchExpression $NSObjects."authentication policy" $filteredConfig = $config -match "authentication policy $matchExpression " addNSObject "authentication ldapAction" (getNSObjects ($filteredConfig) "authentication ldapAction") addNSObject "audit messageaction" (getNSObjects ($filteredConfig) "audit messageaction" "-logAction") addNSObject "authentication radiusAction" (getNSObjects ($filteredConfig) "authentication radiusAction") addNSObject "authentication samlAction" (getNSObjects ($filteredConfig) "authentication samlAction" -position 4) addNSObject "authentication certAction" (getNSObjects ($filteredConfig) "authentication certAction") addNSObject "authentication dfaAction" (getNSObjects ($filteredConfig) "authentication dfaAction") addNSObject "authentication epaAction" (getNSObjects ($filteredConfig) "authentication epaAction") addNSObject "authentication negotiateAction" (getNSObjects ($filteredConfig) "authentication negotiateAction") addNSObject "authentication OAuthAction" (getNSObjects ($filteredConfig) "authentication OAuthAction") addNSObject "authentication storefrontAuthAction" (getNSObjects ($filteredConfig) "authentication storefrontAuthAction") addNSObject "authentication tacacsAction" (getNSObjects ($filteredConfig) "authentication tacacsAction") addNSObject "authentication webAuthAction" (getNSObjects ($filteredConfig) "authentication webAuthAction") addNSObject "authentication emailAction" (getNSObjects ($filteredConfig) "authentication emailAction") addNSObject "authentication noAuthAction" (getNSObjects ($filteredConfig) "authentication noAuthAction") addNSObject "authentication captchaAction" (getNSObjects ($filteredConfig) "authentication captchaAction") } # Get LDAP Actions from LDAP Policies if ($NSObjects."authentication ldapPolicy") { foreach ($policy in $NSObjects."authentication ldapPolicy") { addNSObject "authentication ldapAction" (getNSObjects ($config -match "authentication ldapPolicy $policy ") "authentication ldapAction") } } # Get RADIUS Actions from RADIUS Policies if ($NSObjects."authentication radiusPolicy") { foreach ($policy in $NSObjects."authentication radiusPolicy") { addNSObject "authentication radiusAction" (getNSObjects ($config -match "authentication radiusPolicy $policy ") "authentication radiusAction" -position 4) } } # Get Cert Actions from Cert Policies if ($NSObjects."authentication certPolicy") { foreach ($policy in $NSObjects."authentication certPolicy") { addNSObject "authentication certAction" (getNSObjects ($config -match "authentication certPolicy $policy ") "authentication certAction" -position 4) } } # Get DFA Actions from DFA Policies if ($NSObjects."authentication dfaPolicy") { foreach ($policy in $NSObjects."authentication dfaPolicy") { addNSObject "authentication dfaAction" (getNSObjects ($config -match "authentication dfaPolicy $policy ") "authentication dfaAction") } } # Get Negotiate Actions from Negotiate Policies if ($NSObjects."authentication negotiatePolicy") { foreach ($policy in $NSObjects."authentication negotiatePolicy") { addNSObject "authentication negotiateAction" (getNSObjects ($config -match "authentication negotiatePolicy $policy ") "authentication negotiateAction") } } # Get TACACS Actions from TACACS Policies if ($NSObjects."authentication tacacsPolicy") { foreach ($policy in $NSObjects."authentication tacacsPolicy") { addNSObject "authentication tacacsAction" (getNSObjects ($config -match "authentication tacacsPolicy $policy ") "authentication tacacsAction") } } # Get Web Auth Actions from Web Auth Policies if ($NSObjects."authentication webAuthPolicy") { foreach ($policy in $NSObjects."authentication webAuthPolicy") { addNSObject "authentication webAuthAction" (getNSObjects ($config -match "authentication webAuthPolicy $policy ") "authentication webAuthAction") } } # Get SAML iDP Profiles from SAML iDP Policies if ($NSObjects."authentication samlIdPPolicy") { foreach ($policy in $NSObjects."authentication samlIdPPolicy") { addNSObject "authentication samlIdPProfile" (getNSObjects ($config -match "authentication samlIdPPolicy $policy ") "authentication samlIdPProfile" -position 4) addNSObject "audit messageaction" (getNSObjects ($config -match "authentication samlIdPPolicy $policy") "audit messageaction" "-logAction") } } # Get SAML Actions from SAML Authentication Policies if ($NSObjects."authentication samlPolicy") { $matchExpression = GetMatchExpression $NSObjects."authentication samlPolicy" addNSObject "authentication samlAction" (getNSObjects ($config -match "authentication samlPolicy $matchExpression ") "authentication samlAction" -position 4) } # Get SSL Certificates from SAML Actions, SAML Profiles, and ADFS Proxy Profiles if ($NSObjects."authentication samlAction") { $matchExpression = GetMatchExpression $NSObjects."authentication samlAction" $filteredConfig = $config -match "authentication samlAction $matchExpression " addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlIdPCertName") addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlSigningCertName") } if ($NSObjects."authentication samlIdPProfile") { $matchExpression = GetMatchExpression $NSObjects."authentication samlIdPProfile" $filteredConfig = $config -match "authentication samlIdPProfile $matchExpression " addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlIdPCertName") addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-samlSPCertName") } foreach ($action in $NSObjects."authentication adfsProxyProfile") { addNSObject "ssl certKey" (getNSObjects ($config -match "authentication adfsProxyProfile $action ") "ssl certKey" "-certKeyName") } # Get Push Service from LDAP Actions foreach ($action in $NSObjects."authentication ldapAction") { addNSObject "authentication pushService" (getNSObjects ($config -match "authentication ldapAction $action ") "authentication pushService" "-pushService") } # Get Default AAA Groups from Authentication Actions foreach ($action in $NSObjects."authentication certAction") { addNSObject "aaa group" (getNSObjects ($config -match "authentication certAction $action ") "aaa group" "-defaultAuthenticationGroup") } foreach ($action in $NSObjects."authentication dfaAction") { addNSObject "aaa group" (getNSObjects ($config -match "authentication dfaAction $action ") "aaa group" "-defaultAuthenticationGroup") } foreach ($action in $NSObjects."authentication epaAction") { addNSObject "aaa group" (getNSObjects ($config -match "authentication epaAction $action ") "aaa group" "-defaultEPAGroup") addNSObject "aaa group" (getNSObjects ($config -match "authentication epaAction $action ") "aaa group" "-quarantineGroup") } foreach ($action in $NSObjects."authentication ldapAction") { addNSObject "aaa group" (getNSObjects ($config -match "authentication ldapAction $action ") "aaa group" "-defaultAuthenticationGroup") } foreach ($action in $NSObjects."authentication negotiateAction") { addNSObject "aaa group" (getNSObjects ($config -match "authentication negotiateAction $action ") "aaa group" "-defaultAuthenticationGroup") } foreach ($action in $NSObjects."authentication OAuthAction") { addNSObject "aaa group" (getNSObjects ($config -match "authentication OAuthAction $action ") "aaa group" "-defaultAuthenticationGroup") } foreach ($action in $NSObjects."authentication radiusAction") { addNSObject "aaa group" (getNSObjects ($config -match "authentication radiusAction $action ") "aaa group" "-defaultAuthenticationGroup") } foreach ($action in $NSObjects."authentication samlAction") { addNSObject "aaa group" (getNSObjects ($config -match "authentication samlAction $action ") "aaa group" "-defaultAuthenticationGroup") } foreach ($action in $NSObjects."authentication webAuthAction") { addNSObject "aaa group" (getNSObjects ($config -match "authentication webAuthAction $action ") "aaa group" "-defaultAuthenticationGroup") } # Get SSL Objects from SSL vServers if ($NSObjects."ssl vserver") { $matchExpression = getMatchExpression $NSObjects."ssl vserver" $filteredConfig = $config -match " ssl vserver $matchExpression " addNSObject "ssl cipher" (getNSObjects ($filteredConfig) "ssl cipher" "-cipherName") addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-certkeyName") addNSObject "ssl certKey" (getNSObjects ($filteredConfig) "ssl certKey" "-cacert") addNSObject "ssl logprofile" (getNSObjects ($filteredConfig) "ssl logprofile" "-ssllogprofile") addNSObject "ssl profile" (getNSObjects ($filteredConfig) "ssl profile" "-sslProfile") } # Get objects linked to certKeys if ($NSObjects."ssl certKey") { foreach ($certKey in $NSObjects."ssl certKey") { $certKey = $certKey -replace "\.", "\." $certKey = $certKey -replace "\*", "\*" # Get FIPS Keys from SSL Certs addNSObject "ssl fipsKey" (getNSObjects ($config -match "add ssl certKey $certKey ") "ssl fipsKey" "-fipsKey") # Get HSM Keys from SSL Certs addNSObject "ssl hsmKey" (getNSObjects ($config -match "add ssl certKey $certKey ") "ssl hsmKey" "-hsmKey") # Put Server Cerficates in different bucket than CA Certificates addNSObject "ssl cert" ($config -match "add ssl certKey $certKey") "ssl certKey" # CA Certs are seperate section so they can be outputted before server certs $CACert = getNSObjects ($config -match "link ssl certKey $certKey ") "ssl certKey" foreach ($cert in $CACert) { if ($cert -notmatch $certKey) {$CACert = $cert} } if ($CACert) { addNSObject "ssl cert" ($config -match "add ssl certKey $CACert") "ssl certKey" addNSObject "ssl link" ($config -match "link ssl certKey $certKey") "ssl certKey" $certKey = $CACert } # Intermediate certs are sometimes linked to other intermediates $CACert = getNSObjects ($config -match "link ssl certKey $CACert ") "ssl certKey" foreach ($cert in $CACert) { if ($cert -notmatch $certKey) {$CACert = $cert} } if ($CACert) { addNSObject "ssl cert" ($config -match "add ssl certKey $CACert") "ssl certKey" addNSObject "ssl link" ($config -match "link ssl certKey $certKey") "ssl certKey" $certKey = $CACert } # Intermedicate certs are sometimes linked to root certs $CACert = getNSObjects ($config -match "link ssl certKey $CACert ") "ssl certKey" foreach ($cert in $CACert) { if ($cert -notmatch $certKey) {$CACert = $cert} } if ($CACert) { addNSObject "ssl cert" ($config -match "add ssl certKey $CACert") "ssl certKey" addNSObject "ssl link" ($config -match "link ssl certKey $certKey") "ssl certKey" } } } # Get Azure Key Vaults from HSM Keys if ($NSObjects."ssl hmsKey") { foreach ($hmsKey in $NSObjects."ssl hmsKey") { addNSObject "azure keyvault" (getNSObjects ($config -match "add ssl hsmKey $hsmKey ") "azure keyvault" "-keystore") } # Get callout root certificates addNSObject "ssl cert" ($config -match "bind ssl cacertGroup ns_callout_certs ") "ssl certKey" } # Get Azure Applications from Azure Key Vaults if ($NSObjects."azure keyvault") { foreach ($vault in $NSObjects."azure keyVault") { addNSObject "azure application" (getNSObjects ($config -match "add azure keyVault $vault ") "azure application" "-azureApplication") } } # Get Objects linked to Monitors if ($NSObjects.monitor) { foreach ($monitor in $NSObjects.monitor) { $monitorConfig = $config -match " monitor $monitor " addNSObject "netProfile" (getNSObjects $monitorConfig "netProfile" "-netProfile") addNSObject "ns trafficDomain" (getNSObjects $monitorConfig "ns trafficDomain" "-td") addNSObject "aaa kcdAccount" (getNSObjects $monitorConfig "aaa kcdAccount" "-kcdAccount") addNSObject "ssl profile" (getNSObjects $monitorConfig "ssl profile" "-sslProfile") addNSObject "lb metricTable" (getNSObjects $monitorConfig "lb metricTable" "-metricTable") } } # Get VPN Clientless Profiles from VPN Clientless Policies if ($NSObjects."vpn clientlessAccessPolicy") { foreach ($policy in $NSObjects."vpn clientlessAccessPolicy") { addNSObject "vpn clientlessAccessProfile" (getNSObjects ($config -match " vpn clientlessAccessPolicy $policy ") "vpn clientlessAccessProfile" -position 4) } } # Get Rewrite PolicyLabels from VPN Clientless Profiles if ($NSObjects."vpn clientlessAccessProfile") { foreach ($Profile in $NSObjects."vpn clientlessAccessProfile") { addNSObject "rewrite policylabel" (getNSObjects ($config -match " vpn clientlessAccessProfile $Profile ") "rewrite policylabel" -position 4) } } # Get global filter bindings, filter actions, and forwarding services if ($config -match "enable ns feature.* CF") { addNSObject "filter policy" (getNSObjects ($config -match "bind filter global ") "filter policy") if ($NSObjects."filter policy") { # Get Filter Actions from Filter Policies foreach ($policy in $NSObjects."filter policy") { addNSObject "filter action" (getNSObjects ($config -match "filter policy $policy ") "filter action") } # Get Forwarding Services from Filter Actions foreach ($action in $NSObjects."filter action") { addNSObject "service" (getNSObjects ($config -match "filter action $action ") "service" "forward") } } } if ($config -match "enable ns feature.* IC") { $NSObjects."cache parameter" = @("enable ns feature IC") # Get Cache Policies from Global Cache Bindings addNSObject "cache policylabel" (getNSObjects ($config -match "bind cache global ") "cache policylabel") addNSObject "cache Policy" (getNSObjects ($config -match "bind cache global ") "cache Policy") addNSObject "cache parameter" ($config -match "set cache parameter ") "cache parameter" addNSObject "cache global" ($config -match "bind cache global ") "cache global" } else { $NSObjects."cache parameter" = @("# *** Integrated Caching feature is not enabled. Cache Global bindings skipped.") } # Get Cache Policies from Cache Policy Labels if ($NSObjects."cache policylabel") { foreach ($policy in $NSObjects."cache policylabel") { addNSObject "cache Policy" (getNSObjects ($config -match " $policy ") "cache Policy") } } # Get Cache Content Groups from Cache Policies if ($NSObjects."cache policy") { foreach ($policy in $NSObjects."cache policy") { addNSObject "cache contentGroup" (getNSObjects ($config -match " $policy ") "cache contentGroup") } } # Get Cache Selectors from Cache Content Groups if ($NSObjects."cache contentGroup") { foreach ($policy in $NSObjects."cache contentGroup") { addNSObject "cache selector" (getNSObjects ($config -match " $policy ") "cache selector") } } # Get Global Responder Bindings addNSObject "responder policy" (getNSObjects ($config -match "bind responder global ") "responder policy") addNSObject "responder policylabel" (getNSObjects ($config -match "bind responder global ") "responder policylabel") # Get Responder Policies from Responder Policy Labels if ($NSObjects."responder policylabel") { foreach ($policy in $NSObjects."responder policylabel") { addNSObject "responder Policy" (getNSObjects ($config -match " $policy ") "responder Policy") } } # Get Responder Actions and Responder Global Settings if ($NSObjects."responder policy") { $matchExpression = getMatchExpression $NSObjects."responder policy" $filteredConfig = $config -match " responder policy $matchExpression " addNSObject "responder action" (getNSObjects ($filteredConfig) "responder action") addNSObject "audit messageaction" (getNSObjects ($filteredConfig) "audit messageaction" "-logAction") addNSObject "ns assignment" (getNSObjects ($filteredConfig) "ns assignment") if ($config -match "enable ns feature.* RESPONDER") { $NSObjects."responder param" = @("enable ns feature RESPONDER") } else { $NSObjects."responder param" = @("# *** Responder feature is not enabled") } addNSObject "responder param" ($config -match "set responder param ") "responder param" addNSObject "responder global" ($config -match "bind responder global ") "responder global" } # Get Rewrite Policies from Global Rewrite Bindings addNSObject "rewrite policy" (getNSObjects ($config -match "bind rewrite global ") "rewrite policy") addNSObject "rewrite policylabel" (getNSObjects ($config -match "bind rewrite global ") "rewrite policylabel") # Get Rewrite Policies from Rewrite Policy Labels if ($NSObjects."rewrite policylabel") { $matchExpression = getMatchExpression $NSObjects."rewrite policylabel" addNSObject "rewrite Policy" (getNSObjects ($config -match " $matchExpression ") "rewrite Policy") } # Get Rewrite Actions and Rewrite Global Settings if ($NSObjects."rewrite policy") { $matchExpression = getMatchExpression $NSObjects."rewrite policy" $filteredConfig = $config -match "rewrite policy $matchExpression " addNSObject "rewrite action" (getNSObjects ($filteredConfig) "rewrite action") addNSObject "audit messageaction" (getNSObjects ($filteredConfig) "audit messageaction" "-logAction") if ($config -match "enable ns feature.* rewrite") { $NSObjects."rewrite param" = @("enable ns feature rewrite") } else { $NSObjects."rewrite param" = @("# *** Rewrite feature is not enabled") } addNSObject "rewrite param" ($config -match "set rewrite param ") "rewrite param" addNSObject "rewrite global" ($config -match "bind rewrite global ") "rewrite global" } # Get Compression Policies from Global Compression Bindings addNSObject "cmp policy" (getNSObjects ($config -match "bind cmp global ") "cmp policy") addNSObject "cmp policylabel" (getNSObjects ($config -match "bind cmp global ") "cmp policylabel") # Get Compression Policies from Compression Policy Labels if ($NSObjects."cmp policylabel") { foreach ($policy in $NSObjects."cmp policylabel") { addNSObject "cmp policy" (getNSObjects ($config -match "cmp policylabel $policy ") "cmp policy") } } # Get Compression Actions and Compression Global Settings if ($NSObjects."cmp policy") { foreach ($policy in $NSObjects."cmp policy") { addNSObject "cmp action" (getNSObjects ($config -match "cmp policy $Pplicy ") "cmp action") addNSObject "audit messageaction" (getNSObjects ($config -match "cmp policy $policy") "audit messageaction" "-logAction") } if ($config -match "enable ns feature.* cmp") { $NSObjects."cmp parameter" = @("enable ns feature cmp") } else { $NSObjects."cmp parameter" = @("# *** Compression feature is not enabled") } addNSObject "cmp parameter" ($config -match "set cmp parameter ") "cmp parameter" addNSObject "cmp global" ($config -match "bind cmp global ") "cmp global" } # Get global bound Traffic Management Policies $filteredConfig = $config -match "bind tm global" addNSObject "tm trafficPolicy" (getNSObjects ($filteredConfig) "tm trafficPolicy") addNSObject "tm sessionPolicy" (getNSObjects ($filteredConfig) "tm sessionPolicy") addNSObject "audit syslogPolicy" (getNSObjects ($filteredConfig) "audit syslogPolicy") addNSObject "audit nslogPolicy" (getNSObjects ($filteredConfig) "audit nslogPolicy") addNSObject "tm global" ($filteredConfig) "tm global" # Get AAA Traffic Actions from AAA Traffic Policies if ($NSObjects."tm trafficPolicy") { $matchExpression = getMatchExpression $NSObjects."tm trafficPolicy" addNSObject "tm trafficAction" (getNSObjects ($config -match " $matchExpression ") "tm trafficAction" -position 4) } # Get KCD Accounts and SSO Profiles from AAA Traffic Actions if ($NSObjects."tm trafficAction") { $matchExpression = getMatchExpression $NSObjects."tm trafficAction" $filteredConfig = $config -match "tm trafficAction $matchExpression " addNSObject "aaa kcdAccount" (getNSObjects ($filteredConfig) "aaa kcdAccount" "-kcdAccount") addNSObject "tm formSSOAction" (getNSObjects ($filteredConfig) "tm formSSOAction" "-formSSOAction") addNSObject "tm samlSSOProfile" (getNSObjects ($filteredConfig) "tm samlSSOProfile" "-samlSSOProfile") } # Get Authorization Policies from Authorization Policy Labels if ($NSObjects."authorization policylabel") { foreach ($policy in $NSObjects."authorization policylabel") { addNSObject "authorization policy" (getNSObjects ($config -match "authorization policy $policy ") "authorization policy") addNSObject "audit messageaction" (getNSObjects ($config -match "authorization policy $policy") "audit messageaction" "-logAction") } } # Get SmartControl Actions from SmartControl Policies if ($NSObjects."ica policy") { foreach ($policy in $NSObjects."ica policy") { addNSObject "ica action" (getNSObjects ($config -match "ica policy $policy ") "ica action" -position 4) addNSObject "audit messageaction" (getNSObjects ($config -match "ica policy $policy") "audit messageaction" "-logAction") } # Get SmartControl Access Profiles from SmartControl Actions if ($NSObjects."ica action") { foreach ($policy in $NSObjects."ica action") { addNSObject "ica accessprofile" (getNSObjects ($config -match " $policy ") "ica accessprofile" -position 4) } } } # Get VPN Traffic Actions from VPN Traffic Policies if ($NSObjects."vpn trafficPolicy") { foreach ($policy in $NSObjects."vpn trafficPolicy") { addNSObject "vpn trafficAction" (getNSObjects ($config -match " $policy ") "vpn trafficAction" -position 4) } } # Get KCD Accounts and SSO Profiles from VPN Traffic Actions if ($NSObjects."vpn trafficAction") { foreach ($profile in $NSObjects."vpn trafficAction") { addNSObject "aaa kcdAccount" (getNSObjects ($config -match "vpn trafficAction $profile ") "aaa kcdAccount" "-kcdAccount") addNSObject "vpn formSSOAction" (getNSObjects ($config -match "vpn trafficAction $profile ") "vpn formSSOAction" "-formSSOAction") addNSObject "vpn samlSSOProfile" (getNSObjects ($config -match "vpn trafficAction $profile ") "vpn samlSSOProfile" "-samlSSOProfile") } } # Get PCoIP and RDP Profiles, and AlwaysOn Profiles from VPN Session Actions if ($NSObjects."vpn sessionAction") { foreach ($policy in $NSObjects."vpn sessionAction") { addNSObject "vpn pcoipProfile" (getNSObjects ($config -match " $policy ") "vpn pcoipProfile" -position 4) addNSObject "rdp clientprofile" (getNSObjects ($config -match " $policy ") "rdp clientprofile" -position 4) addNSObject "vpn alwaysONProfile" (getNSObjects ($config -match " $policy ") "vpn alwaysONProfile" "-alwaysONProfileName") } } # Get AAA Session Actions if ($NSObjects."tm sessionPolicy") { foreach ($policy in $NSObjects."tm sessionPolicy") { addNSObject "tm sessionAction" (getNSObjects ($config -match " $policy ") "tm sessionAction") } } # Get KCD Accounts from AAA Session Actions if ($NSObjects."tm sessionAction") { foreach ($profile in $NSObjects."tm sessionAction") { addNSObject "aaa kcdAccount" (getNSObjects ($config -match "tm sessionAction $profile ") "aaa kcdAccount" "-kcdAccount") } } # Get Appflow Policies from Global Appflow Bindings addNSObject "appflow policy" (getNSObjects ($config -match "bind appflow global ") "appflow policy") addNSObject "appflow policylabel" (getNSObjects ($config -match "bind appflow global ") "appflow policylabel") # Get Appflow Policies from Appflow Policy Labels if ($NSObjects."appflow policylabel") { foreach ($policy in $NSObjects."appflow policylabel") { addNSObject "appflow Policy" (getNSObjects ($config -match " $policy ") "appflow Policy") } } # Get Appflow Actions from AppFlow Policies # Get AppFlow Global Settings if ($NSObjects."appflow policy") { foreach ($policy in $NSObjects."appflow policy") { addNSObject "appflow action" (getNSObjects ($config -match " $policy ") "appflow action") } # Get AppFlow Collector if ($NSObjects."appflow action") { foreach ($action in $NSObjects."appflow action") { addNSObject "appflow collector" (getNSObjects ($config -match " $action ") "appflow collector" "-collectors") } } if ($config -match "enable ns feature.* appflow") { $NSObjects."appflow param" = @("enable ns feature appflow") } else { $NSObjects."appflow param" = @("# *** AppFlow feature is not enabled") } addNSObject "appflow param" ($config -match "set appflow param ") addNSObject "appflow global" ($config -match "bind appflow global ") "appflow global" } # Get AppQoE Actions from AppQoE Policies # Get AppQoE Global Settings if ($NSObjects."appqoe policy") { foreach ($policy in $NSObjects."appqoe policy") { addNSObject "appqoe action" (getNSObjects ($config -match " $policy ") "appqoe action") } if ($config -match "enable ns feature.* appqoe") { $NSObjects."appqoe parameter" = @("enable ns feature appqoe") } else { $NSObjects."appqoe parameter" = @("# *** AppQoE feature is not enabled") } addNSObject "appqoe parameter" ($config -match "appqoe parameter") "appqoe parameter" addNSObject "appqoe parameter" ($config -match "set qos parameters") "appqoe parameter" } # Get AppFW Policies from Global AppFW Bindings addNSObject "appfw policy" (getNSObjects ($config -match "bind appfw global ") "appfw Policy") addNSObject "appfw policylabel" (getNSObjects ($config -match "bind appfw global ") "appfw policylabel") # Get AppFW Policies from AppFW Policy Labels if ($NSObjects."appfw policylabel") { foreach ($policy in $NSObjects."appfw policylabel") { addNSObject "appfw policy" (getNSObjects ($config -match " $policy ") "appfw policy") } } # Get AppFW Profiles from AppFW Policies if ($NSObjects."appfw policy") { foreach ($policy in $NSObjects."appfw policy") { addNSObject "appfw profile" (getNSObjects ($config -match "appfw policy $policy ") "appfw profile") addNSObject "audit messageaction" (getNSObjects ($config -match "appfw policy $policy") "audit messageaction" "-logAction") } if ($config -match "enable ns feature.* appfw") { $NSObjects."appfw parameter" = @("enable ns feature appfw") } else { $NSObjects."appfw parameter" = @("# *** AppFW feature is not enabled") } addNSObject "appfw parameter" ($config -match "set appfw settings") "appfw parameter" addNSObject "appfw global" ($config -match "bind appfw global ") "appfw global" } # Get Bot Policies from Global Bot Bindings addNSObject "bot policy" (getNSObjects ($config -match "bind bot global ") "bot Policy") addNSObject "bot policylabel" (getNSObjects ($config -match "bind bot global ") "bot policylabel") # Get Bot Policies from Bot Policy Labels if ($NSObjects."bot policylabel") { foreach ($policy in $NSObjects."bot policylabel") { addNSObject "bot policy" (getNSObjects ($config -match " $policy ") "bot policy") } } # Get Bot Profiles from Bot Policies if ($NSObjects."bot policy") { foreach ($policy in $NSObjects."bot policy") { addNSObject "bot profile" (getNSObjects ($config -match "bot policy $policy ") "bot profile") addNSObject "audit messageaction" (getNSObjects ($config -match "bot policy $policy") "audit messageaction" "-logAction") } if ($config -match "enable ns feature.* Bot") { $NSObjects."bot parameter" = @("enable ns feature Bot") } else { $NSObjects."bot parameter" = @("# *** Bot Management feature is not enabled") } addNSObject "bot parameter" ($config -match "set appfw settings") "bot parameter" addNSObject "bot global" ($config -match "bind appfw global ") "bot global" } # Get Login Schemas from Login Schema Policies if ($NSObjects."authentication loginSchemaPolicy") { foreach ($policy in $NSObjects."authentication loginSchemaPolicy") { addNSObject "authentication loginSchema" (getNSObjects ($config -match "authentication loginSchemaPolicy $policy ") "authentication loginSchema") addNSObject "audit messageaction" (getNSObjects ($config -match "authentication loginSchemaPolicy $policy") "audit messageaction" "-logAction") } } # Get KCD Accounts from Database Profiles if ($NSObjects."db dbProfile") { foreach ($profile in $NSObjects."db dbProfile") { addNSObject "aaa kcdAccount" (getNSObjects ($config -match " db dbProfile $profile ") "aaa kcdAccount") } } # Get Transform Policies from Global Transform Bindings addNSObject "transform policy" (getNSObjects ($config -match "bind transform global ") "transform policy") addNSObject "transform policylabel" (getNSObjects ($config -match "bind transform global ") "transform policylabel") # Get Transform Policies from Transform Policy Labels if ($NSObjects."transform policylabel") { foreach ($policy in $NSObjects."transform policylabel") { addNSObject "transform policy" (getNSObjects ($config -match " $policy ") "transform policy") } } # Get Transform Actions and Profiles from Transform Policies if ($NSObjects."transform policy") { foreach ($policy in $NSObjects."transform policy") { addNSObject "transform action" (getNSObjects ($config -match " transform policy $policy ") "transform action") addNSObject "audit messageaction" (getNSObjects ($config -match "transform policy $policy") "audit messageaction" "-logAction") } foreach ($action in $NSObjects."transform action") { addNSObject "transform profile" (getNSObjects ($config -match " transform action $action ") "transform profile") } addNSObject "transform global" ($config -match "bind transform global ") "transform global" } # If FEO feature is enabled, get global FEO settings addNSObject "feo policy" (getNSObjects ($config -match "bind feo global ") "feo Policy") # Get FEO Actions from FEO Policies # Get FEO Global Settings if ($NSObjects."feo policy") { foreach ($policy in $NSObjects."feo policy") { addNSObject "feo action" (getNSObjects ($config -match " feo policy $policy ") "feo action") } if ($config -match "enable ns feature.* feo") { $NSObjects."feo parameter" = @("enable ns feature feo") } else { $NSObjects."feo parameter" = @("# feo feature is not enabled") } addNSObject "feo parameter" ($config -match "set feo param ") "feo parameter" addNSObject "feo global" ($config -match "bind feo global ") "feo global" } # Get Spillover Actions from Spillover Policies if ($NSObjects."spillover policy") { foreach ($policy in $NSObjects."spillover policy") { addNSObject "spillover action" (getNSObjects ($config -match " spillover policy $policy ") "spillover action") } } # Get Audit Syslog Actions from Audit Syslog Policies if ($NSObjects."audit syslogpolicy") { foreach ($policy in $NSObjects."audit syslogpolicy") { addNSObject "audit syslogaction" (getNSObjects ($config -match " audit syslogpolicy $policy ") "audit syslogaction") } addNSObject "audit syslogactionglobal" ($config -match "audit syslogParams ") "audit syslogactionglobal" addNSObject "audit syslogactionglobal" ($config -match "bind audit syslogactionglobal ") "audit syslogactionglobal" addNSObject "audit syslogactionglobal" ($config -match "bind audit syslogGlobal ") "audit syslogactionglobal" } # Get Audit Nslog Policies from Global Audit Nslog Bindings addNSObject "audit nslogpolicy" (getNSObjects ($config -match "bind audit nslogglobal ") "audit nslogpolicy") # Get Audit Nslog Actions from Audit Nslog Policies if ($NSObjects."audit nslogpolicy") { foreach ($policy in $NSObjects."audit nslogpolicy") { addNSObject "audit nslogaction" (getNSObjects ($config -match " audit nslogpolicy $policy ") "audit nslogaction") } addNSObject "audit nslogactionglobal" ($config -match "bind audit syslogactionglobal ") "audit nslogactionglobal" } # Get SSL Policies from Global SSL Bindings addNSObject "ssl policy" (getNSObjects ($config -match "bind ssl global ") "ssl policy") addNSObject "ssl policylabel" (getNSObjects ($config -match "bind ssl global ") "ssl policylabel") # Get SSL Policies from SSL Policy Labels if ($NSObjects."ssl policylabel") { foreach ($policy in $NSObjects."ssl policylabel") { addNSObject "ssl policy" (getNSObjects ($config -match " $policy ") "ssl policy") } } # Get SSL Actions from SSL Policies if ($NSObjects."ssl policy") { foreach ($ssl in $NSObjects."ssl policy") { addNSObject "ssl action" (getNSObjects ($config -match " $ssl ") "ssl action") } addNSObject "ssl global" ($config -match "bind ssl global ") "ssl global" } # Get SSL Log Profiles from SSL Actions if ($NSObjects."ssl action") { foreach ($ssl in $NSObjects."ssl action") { addNSObject "ssl logprofile" (getNSObjects ($config -match " $ssl ") "ssl logprofile" "-ssllogprofile") } } # Get SSL Global Settings if ($config -match "enable ns feature.* ssl") { $NSObjects."ssl parameter" = @("enable ns feature ssl") } else { $NSObjects."ssl parameter" = @("# ssl feature is not enabled") } addNSObject "ssl parameter" ($config -match "set ssl parameter") "ssl parameter" addNSObject "ssl parameter" ($config -match "set ssl fips") "ssl parameter" addNSObject "ssl parameter" ($config -match "set ssl profile ns_default_ssl_profile_backend") "ssl parameter" # Get Ciphers from SSL profiles if ($NSObjects."ssl profile") { foreach ($ssl in $NSObjects."ssl profile") { addNSObject "ssl cipher" (getNSObjects ($config -match "bind ssl profile $ssl ") "ssl cipher" "-cipherName") } } # Get Global Policy Parameters addNSObject "policy param" ($config -match "set policy param") "policy param" # Get ACLs and RNAT addNSObject "ns acl" ($config -match "ns acl") "ns acl" addNSObject "ns acl" ($config -match "ns simpleacl") "ns acl" addNSObject "rnat" (getNSObjects ($config -match "rnat ") "rnat") # Get Limit Selectors from Limit Identifiers if ($NSObjects."ns limitIdentifier") { foreach ($identifier in $NSObjects."ns limitIdentifier") { addNSObject "ns limitSelector" (getNSObjects ($config -match "ns limitIdentifier $identifier ") "ns limitSelector" "-selectorName") addNSObject "stream selector" (getNSObjects ($config -match "ns limitIdentifier $identifier ") "stream selector") } } # Get Stream Selectors from Stream Identifiers if ($NSObjects."stream identifier") { foreach ($identifier in $NSObjects."ns limitIdentifier") { addNSObject "ns limitSelector" (getNSObjects ($config -match "stream identifier $identifier ") "ns limitSelector") addNSObject "stream selector" (getNSObjects ($config -match "stream identifier $identifier ") "stream selector") } } # Output Extracted Config #cls "`nExtracted Objects" $NSObjects.GetEnumerator() | sort-object -Property Name write-host "`nBuilding Config...`n " if ($outputFile -and ($outputFile -ne "screen")) { "# Extracted Config for: " + ($vservers -join ", ") + "`n`n" | out-file $outputFile } else { "# Extracted Config for: " + ($vservers -join ", ") + "`n`n" } # System Settings if ($NSObjects."ns config" ) { outputObjectConfig "NSIP" "ns config" "raw"} if ($NSObjects."ns hostName" ) { outputObjectConfig "Hostname" "ns hostName" "raw"} if ($NSObjects."ha node" ) { outputObjectConfig "High Availability Nodes" "HA node" "raw"} if ($NSObjects."ha rpcNode" ) { outputObjectConfig "High Availability RPC Nodes" "ha rpcNode" "ns rpcNode"} if ($NSObjects."ns feature" ) { outputObjectConfig "Enabled Features" "ns feature" "raw"} if ($NSObjects."ns mode" ) { outputObjectConfig "Enabled Modes" "ns mode" "raw"} if ($NSObjects."system parameter" ) { outputObjectConfig "CEIP" "system parameter" "raw"} if ($NSObjects."ns encryptionParams" ) { outputObjectConfig "System Encryption Parameters" "ns encryptionParams" "raw"} if ($NSObjects."system user" ) { outputObjectConfig "System Users" "system user"} if ($NSObjects."system group" ) { outputObjectConfig "System Groups" "system group"} if ($NSObjects."interface" ) { outputObjectConfig "Interfaces" "interface" "raw"} if ($NSObjects."channel" ) { outputObjectConfig "Channels" "channel" "raw"} if ($NSObjects."ns ip" ) { outputObjectConfig "IP Addresses" "ns ip"} if ($NSObjects."vlan" ) { outputObjectConfig "VLANs" "vlan"} if ($NSObjects."vrid" ) { outputObjectConfig "VMACs" "vrid"} if ($NSObjects."ns partition" ) { outputObjectConfig "Partitions" "ns partition" -explainText "Partition configs are in /nsconfig/partitions" } if ($NSObjects."ns pbr" ) { outputObjectConfig "Policy Based Routes (PBRs)" "ns pbr" "raw"} if ($NSObjects."route" ) { outputObjectConfig "Routes" "route" "raw"} if ($NSObjects."mgmt ssl service" ) { outputObjectConfig "Internal Management Services SSL Settings" "mgmt ssl service" "ssl service"} if ($NSObjects."snmp trap" ) { outputObjectConfig "SNMP Traps" "snmp trap" "raw"} if ($NSObjects."snmp community" ) { outputObjectConfig "SNMP Communities" "snmp community" "raw"} if ($NSObjects."snmp manager" ) { outputObjectConfig "SNMP Managers" "snmp manager" "raw"} if ($NSObjects."snmp alarm" ) { outputObjectConfig "SNMP Alarms" "snmp alarm" "raw"} # Policy Expression Components and Profiles Output if ($NSObjects."ns acl" ) { outputObjectConfig "Global ACLs" "ns acl" "raw" } if ($NSObjects."rnat" ) { outputObjectConfig "Global RNAT" "rnat" } if ($NSObjects."ns variable" ) { outputObjectConfig "Variables" "ns variable" } if ($NSObjects."ns assignment" ) { outputObjectConfig "Variable Assignments" "ns assignment" } if ($NSObjects."ns limitSelector" ) { outputObjectConfig "Rate Limiting Selectors" "ns limitSelector" } if ($NSObjects."ns limitIdentifier" ) { outputObjectConfig "Rate Limiting Identifiers" "ns limitIdentifier" } if ($NSObjects."stream selector" ) { outputObjectConfig "Action Analytics Selectors" "stream selector" } if ($NSObjects."stream identifier" ) { outputObjectConfig "Action Analytics Identifiers" "stream identifier" } if ($NSObjects."policy param" ) { outputObjectConfig "Policy Global Params" "policy param" "raw" } if ($NSObjects."policy patset" ) { outputObjectConfig "Policy Pattern Sets" "policy patset" } if ($NSObjects."policy dataset" ) { outputObjectConfig "Policy Data Sets" "policy dataset" } if ($NSObjects."policy map" ) { outputObjectConfig "Policy Maps" "policy map" } if ($NSObjects."policy stringmap" ) { outputObjectConfig "Policy String Maps" "policy stringmap" } if ($NSObjects."policy urlset" ) { outputObjectConfig "Policy URL Sets" "policy urlset" } if ($NSObjects."policy httpCallout" ) { outputObjectConfig "HTTP Callouts" "policy httpCallout" } if ($NSObjects."policy expression" ) { outputObjectConfig "Policy Expressions" "policy expression" } if ($NSObjects."dns addRec" ) { outputObjectConfig "DNS Address Records" "dns addRec" } if ($NSObjects."dns nsRec" ) { outputObjectConfig "DNS Name Server Records" "dns nsRec"} if ($NSObjects."dns cnameRec" ) { outputObjectConfig "DNS CNAME Records" "dns cnameRec"} if ($NSObjects."dns soaRec" ) { outputObjectConfig "DNS SOA Records" "dns soaRec"} if ($NSObjects."ns tcpProfile" ) { outputObjectConfig "TCP Profiles" "ns tcpProfile" } if ($NSObjects."ns httpProfile" ) { outputObjectConfig "HTTP Profiles" "ns httpProfile" } if ($NSObjects."db dbProfile" ) { outputObjectConfig "Database Profiles" "db dbProfile" } if ($NSObjects."netProfile" ) { outputObjectConfig "Net Profiles" "netProfile" } if ($NSObjects."ns trafficDomain" ) { outputObjectConfig "Traffic Domains" "ns trafficDomain" } if ($NSObjects."ipset" ) { outputObjectConfig "IP Sets" "ipset" } if ($NSObjects."analytics profile" ) { outputObjectConfig "Analytics Profiles" "analytics profile" } if ($NSObjects."audit messageaction" ) { outputObjectConfig "Log Messages" "audit messageaction" } # Policies Output if ($NSObjects."appflow param" ) { outputObjectConfig "Appflow Global Params" "appflow param" "raw" } if ($NSObjects."appflow collector" ) { outputObjectConfig "Appflow Collectors" "appflow collector" } if ($NSObjects."appflow action" ) { outputObjectConfig "Appflow Actions" "appflow action" } if ($NSObjects."appflow policy" ) { outputObjectConfig "Appflow Policies" "appflow policy" } if ($NSObjects."appflow policylabel" ) { outputObjectConfig "Appflow Policy Labels" "appflow policylabel" } if ($NSObjects."appflow global" ) { outputObjectConfig "Appflow Global Bindings" "appflow global" "raw" } if ($NSObjects."rewrite param" ) { outputObjectConfig "Rewrite Global Parameters" "rewrite param" "raw" } if ($NSObjects."rewrite action" ) { outputObjectConfig "Rewrite Actions" "rewrite action" } if ($NSObjects."rewrite policy" ) { outputObjectConfig "Rewrite Policies" "rewrite policy" } if ($NSObjects."rewrite policylabel" ) { outputObjectConfig "Rewrite Policy Labels" "rewrite policylabel" } if ($NSObjects."rewrite global" ) { outputObjectConfig "Rewrite Global Bindings" "rewrite global" "raw" } if ($NSObjects."responder param" ) { outputObjectConfig "Responder Global Parameters" "responder param" "raw" } if ($NSObjects."responder action" ) { outputObjectConfig "Responder Actions" "responder action" } if ($NSObjects."responder policy" ) { outputObjectConfig "Responder Policies" "responder policy" } if ($NSObjects."responder policylabel" ) { outputObjectConfig "Responder Policy Labels" "responder policylabel" } if ($NSObjects."responder global" ) { outputObjectConfig "Responder Global Bindings" "responder global" "raw" } if ($NSObjects."appqoe parameter" ) { outputObjectConfig "AppQoE Global Parameters" "appqoe parameter" "raw"} if ($NSObjects."appqoe action" ) { outputObjectConfig "AppQoE Actions" "appqoe action" } if ($NSObjects."appqoe policy" ) { outputObjectConfig "AppQoE Policies" "appqoe policy" } if ($NSObjects."feo parameter" ) { outputObjectConfig "Front-End Optimization Global Parameters" "feo parameter" "raw"} if ($NSObjects."feo action" ) { outputObjectConfig "Front-End Optimization Actions" "feo action" } if ($NSObjects."feo policy" ) { outputObjectConfig "Front-End Optimization Policies" "feo policy" } if ($NSObjects."feo global" ) { outputObjectConfig "Front-End Optimization Global Bindings" "feo global" } if ($NSObjects."cache parameter" ) { outputObjectConfig "Cache Global Parameters" "cache parameter" "raw" } if ($NSObjects."cache selector" ) { outputObjectConfig "Cache Selectors" "cache selector" } if ($NSObjects."cache contentGroup" ) { outputObjectConfig "Cache Content Groups" "cache contentGroup" } if ($NSObjects."cache policy" ) { outputObjectConfig "Cache Policies" "cache policy" } if ($NSObjects."cache policylabel" ) { outputObjectConfig "Cache Policy Labels" "cache policylabel" } if ($NSObjects."cache global" ) { outputObjectConfig "Cache Global Bindings" "cache global" "raw" } if ($NSObjects."cmp parameter" ) { outputObjectConfig "Compression Global Parameters" "cmp parameter" "raw" } if ($NSObjects."cmp policy" ) { outputObjectConfig "Compression Policies" "cmp policy" } if ($NSObjects."cmp policylabel" ) { outputObjectConfig "Compression Policy Labels" "cmp policylabel" } if ($NSObjects."cmp global" ) { outputObjectConfig "Compression Global Bindings" "cmp global" "raw" } if ($NSObjects."appfw parameter" ) { outputObjectConfig "AppFW Global Settings" "appfw parameter" "raw" } if ($NSObjects."appfw profile" ) { outputObjectConfig "AppFW Profiles" "appfw profile" ` -explainText ("Some portions of AppFw Profile are not in the config file.`nManually export/import Signatures Object" + ` "`nManually export/import the AppFW Import Objects (e.g. HTML Error, XML Schema)") } if ($NSObjects."appfw policy" ) { outputObjectConfig "AppFW Policies" "appfw policy" } if ($NSObjects."appfw policylabel" ) { outputObjectConfig "AppFW Policy Labels" "appfw policylabel" } if ($NSObjects."appfw global" ) { outputObjectConfig "AppFW Global Bindings" "appfw global" "raw" } if ($NSObjects."bot parameter" ) { outputObjectConfig "Bot Management Global Settings" "bot parameter" "raw" } if ($NSObjects."bot profile" ) { outputObjectConfig "Bot Management Profiles" "bot profile" ` -explainText ("Some portions of Bot Profiles are not in the config file.`nManually export/import Signatures Object") } if ($NSObjects."bot policy" ) { outputObjectConfig "Bot Management Policies" "bot policy" } if ($NSObjects."bot policylabel" ) { outputObjectConfig "Bot Management Policy Labels" "bot policylabel" } if ($NSObjects."bot global" ) { outputObjectConfig "Bot Management Global Bindings" "bot global" "raw" } if ($NSObjects."transform profile" ) { outputObjectConfig "Transform Profiles" "transform profile" } if ($NSObjects."transform action" ) { outputObjectConfig "Transform Actions" "transform action" } if ($NSObjects."transform policy" ) { outputObjectConfig "Transform Policies" "transform policy" } if ($NSObjects."transform policylabel" ) { outputObjectConfig "Transform Policy Labels" "transform policylabel" } if ($NSObjects."transform global" ) { outputObjectConfig "Transform Global Bindings" "transform global" "raw" } if ($NSObjects."filter action" ) { outputObjectConfig "Filter Actions" "filter action" } if ($NSObjects."filter policy" ) { outputObjectConfig "Filter Policies" "filter policy" } if ($NSObjects."filter global" ) { outputObjectConfig "Filter Global Bindings" "filter global" "raw" } if ($NSObjects."audit syslogaction" ) { outputObjectConfig "Audit Syslog Actions" "audit syslogaction" } if ($NSObjects."audit syslogpolicy" ) { outputObjectConfig "Audit Syslog Policies" "audit syslogpolicy" } if ($NSObjects."audit nslogaction" ) { outputObjectConfig "Audit NSLog Actions" "audit nslogaction" } if ($NSObjects."audit nslogpolicy" ) { outputObjectConfig "Audit NSLog Policies" "audit nslogpolicy" } if ($NSObjects."audit syslogactionglobal" ) { outputObjectConfig "Global Audit Syslog Bindings" "audit syslogactionglobal" "raw" } # SSL Output if ($NSObjects."ssl parameter" ) { outputObjectConfig "SSL Global Parameters" "ssl parameter" "raw" } if ($NSObjects."ssl cipher" ) { outputObjectConfig "SSL Cipher Groups" "ssl cipher" } if ($NSObjects."ssl fipsKey" ) { outputObjectConfig "SSL FIPS Keys" "ssl fipsKey" } if ($NSObjects."ssl cert" ) { outputObjectConfig "Certs" "ssl cert" "raw" ` -explainText "Get certificate files from /nsconfig/ssl" } if ($NSObjects."ssl link" ) { outputObjectConfig "Cert Links" "ssl link" "raw" } if ($NSObjects."ssl profile" ) { outputObjectConfig "SSL Profiles" "ssl profile" } if ($NSObjects."ssl logprofile" ) { outputObjectConfig "SSL Log Profiles" "ssl logprofile" } if ($NSObjects."ssl action" ) { outputObjectConfig "SSL Actions" "ssl action" } if ($NSObjects."ssl policy" ) { outputObjectConfig "SSL Policies" "ssl policy" } # AAA Output if ($NSObjects."vpn portaltheme" ) { outputObjectConfig "Portal Themes" "vpn portaltheme" ` -explainText "Portal Theme customizations are not in the NetScaler config file and instead are stored in /var/netscaler/logon/themes/{ThemeName}" } if ($NSObjects."authentication param" ) { outputObjectConfig "AAA Global Settings" "authentication param" "raw" } if ($NSObjects."authorization policy" ) { outputObjectConfig "Authorization Policies" "authorization policy" } if ($NSObjects."authorization policylabel" ) { outputObjectConfig "Authorization Policies" "authorization policylabel" } if ($NSObjects."authentication pushService" ) { outputObjectConfig "OTP Push Service" "authentication pushService" } if ($NSObjects."aaa kcdAccount" ) { outputObjectConfig "KCD Accounts" "aaa kcdAccount" } if ($NSObjects."authentication ldapAction" ) { outputObjectConfig "LDAP Actions" "authentication ldapAction" ` -explainText "LDAP certificate verification Root certificates are in /nsconfig/truststore" } if ($NSObjects."authentication ldapPolicy" ) { outputObjectConfig "LDAP Policies" "authentication ldapPolicy" } if ($NSObjects."authentication radiusAction" ) { outputObjectConfig "RADIUS Actions" "authentication radiusAction" } if ($NSObjects."authentication radiusPolicy" ) { outputObjectConfig "RADIUS Policies" "authentication radiusPolicy" } if ($NSObjects."authentication OAuthAction" ) { outputObjectConfig "OAuth Actions" "authentication OAuthAction" } if ($NSObjects."authentication samlAction" ) { outputObjectConfig "SAML Actions" "authentication samlAction" } if ($NSObjects."authentication samlIdPProfile" ) { outputObjectConfig "SAML IdP Profiles" "authentication samlIdPProfile" } if ($NSObjects."authentication certAction" ) { outputObjectConfig "Cert Actions" "authentication certAction" } if ($NSObjects."authentication dfaAction" ) { outputObjectConfig "Delegaged Forms Authentication Actions" "authentication dfaAction" } if ($NSObjects."authentication epaAction" ) { outputObjectConfig "Endpoint Analysis Actions" "authentication epaAction" } if ($NSObjects."authentication negotiateAction" ) { outputObjectConfig "Negotiate (Kerberos) Actions" "authentication negotiateAction" } if ($NSObjects."authentication storefrontAuthAction" ) { outputObjectConfig "StorefrontAuth Actions" "authentication storefrontAuthAction" } if ($NSObjects."authentication tacacsAction" ) { outputObjectConfig "TACACS Actions" "authentication tacacsAction" } if ($NSObjects."authentication tacacsPolicy" ) { outputObjectConfig "TACACS Policies" "authentication tacacsPolicy" } if ($NSObjects."authentication localPolicy" ) { outputObjectConfig "Local Authentication Policies" "authentication localPolicy" } if ($NSObjects."authentication webAuthAction" ) { outputObjectConfig "Web Auth Actions" "authentication webAuthAction" } if ($NSObjects."authentication emailAction" ) { outputObjectConfig "Email (SSPR) Actions" "authentication emailAction" } if ($NSObjects."authentication noAuthAction" ) { outputObjectConfig "NoAuth Actions" "authentication noAuthAction" } if ($NSObjects."authentication captchaAction" ) { outputObjectConfig "Captcha Actions" "authentication captchaAction" } if ($NSObjects."authentication adfsProxyProfile" ) { outputObjectConfig "ADFS Proxy Profile" "authentication adfsProxyProfile" } if ($NSObjects."authentication samlPolicy" ) { outputObjectConfig "SAML Authentication Policies" "authentication samlPolicy" } if ($NSObjects."authentication policy" ) { outputObjectConfig "Advanced Authentication Policies" "authentication policy" } if ($NSObjects."authentication loginSchema" ) { outputObjectConfig "Login Schemas" "authentication loginSchema" } if ($NSObjects."authentication loginSchemaPolicy" ) { outputObjectConfig "Login Schema Policies" "authentication loginSchemaPolicy" } if ($NSObjects."authentication policylabel" ) { outputObjectConfig "Authentication Policy Labels" "authentication policylabel" } if ($NSObjects."tm sessionAction" ) { outputObjectConfig "AAA Session Profiles" "tm sessionAction" } if ($NSObjects."tm sessionPolicy" ) { outputObjectConfig "AAA Session Policies" "tm sessionPolicy" } if ($NSObjects."authentication vserver" ) { outputObjectConfig "Authentication Virtual Servers" "authentication vserver" } if ($NSObjects."authentication authnProfile" ) { outputObjectConfig "Authentication Profiles" "authentication authnProfile" } if ($NSObjects."tm formSSOAction" ) { outputObjectConfig "AAA Form SSO Profiles" "tm formSSOAction" } if ($NSObjects."tm samlSSOProfile" ) { outputObjectConfig "AAA SAML SSO Profiles" "tm samlSSOProfile" } if ($NSObjects."tm trafficAction" ) { outputObjectConfig "AAA Traffic Profiles" "tm trafficAction" } if ($NSObjects."tm trafficPolicy" ) { outputObjectConfig "AAA Traffic Policies" "tm trafficPolicy" } if ($NSObjects."tm global" ) { outputObjectConfig "AAA Global Bindings" "tm global" "raw" } # Load Balancing output if ($NSObjects."lb parameter" ) { outputObjectConfig "Load Balancing Global Parameters" "lb parameter" "raw" } if ($NSObjects."lb metricTable" ) { outputObjectConfig "Metric Tables" "lb metricTable" } if ($NSObjects."lb profile" ) { outputObjectConfig "Load Balancing Profiles" "lb profile" } if ($NSObjects."monitor" ) { outputObjectConfig "Monitors" "monitor" } if ($NSObjects."server" ) { outputObjectConfig "Servers" "server" } if ($NSObjects."service" ) { outputObjectConfig "Services" "service" } if ($NSObjects."serviceGroup" ) { outputObjectConfig "Service Groups" "serviceGroup" } if ($NSObjects."lb vserver" ) { outputObjectConfig "Load Balancing Virtual Servers" "lb vserver" } if ($NSObjects."lb group" ) { outputObjectConfig "Persistency Group" "lb group" } # Content Switching Output if ($NSObjects."cs parameter" ) { outputObjectConfig "Content Switching Parameters" "cs parameter" "raw" } if ($NSObjects."cs action" ) { outputObjectConfig "Content Switching Actions" "cs action" } if ($NSObjects."cs policy" ) { outputObjectConfig "Content Switching Policies" "cs policy" } if ($NSObjects."cs policylabel" ) { outputObjectConfig "Content Switching Policy Labels" "cs policylabel" } # Citrix Gateway Output if ($NSObjects."vpn intranetApplication" ) { outputObjectConfig "Citrix Gateway Intranet Applications" "vpn intranetApplication" } if ($NSObjects."aaa preauthenticationaction" ) { outputObjectConfig "Preauthentication Profiles" "aaa preauthenticationaction" } if ($NSObjects."aaa preauthenticationpolicy" ) { outputObjectConfig "Preauthentication Policies" "aaa preauthenticationpolicy" } if ($NSObjects."vpn eula" ) { outputObjectConfig "Citrix Gateway EULA" "vpn eula" } if ($NSObjects."vpn clientlessAccessProfile" ) { outputObjectConfig "Citrix Gateway Clientless Access Profiles" "vpn clientlessAccessProfile" } if ($NSObjects."vpn clientlessAccessPolicy" ) { outputObjectConfig "Citrix Gateway Clientless Access Policies" "vpn clientlessAccessPolicy" } if ($NSObjects."rdp clientprofile" ) { outputObjectConfig "Citrix Gateway RDP Profiles" "rdp clientprofile" } if ($NSObjects."vpn pcoipProfile" ) { outputObjectConfig "Citrix Gateway PCoIP Profiles" "vpn pcoipProfile" } if ($NSObjects."vpn pcoipVserverProfile" ) { outputObjectConfig "Citrix Gateway VServer PCoIP Profiles" "vpn pcoipVserverProfile" } if ($NSObjects."vpn formSSOAction" ) { outputObjectConfig "Citrix Gateway Form SSO Profiles" "vpn formSSOAction" } if ($NSObjects."vpn samlSSOProfile" ) { outputObjectConfig "Citrix Gateway SAML SSO Profiles" "vpn samlSSOProfile" } if ($NSObjects."vpn trafficAction" ) { outputObjectConfig "Citrix Gateway Traffic Profiles" "vpn trafficAction" } if ($NSObjects."vpn trafficPolicy" ) { outputObjectConfig "Citrix Gateway Traffic Policies" "vpn trafficPolicy" } if ($NSObjects."vpn alwaysONProfile" ) { outputObjectConfig "Citrix Gateway AlwaysON Profiles" "vpn alwaysONProfile" } if ($NSObjects."vpn sessionAction" ) { outputObjectConfig "Citrix Gateway Session Profiles" "vpn sessionAction" } if ($NSObjects."vpn sessionPolicy" ) { outputObjectConfig "Citrix Gateway Session Policies" "vpn sessionPolicy" } if ($NSObjects."ica accessprofile" ) { outputObjectConfig "Citrix Gateway SmartControl Access Profiles" "ica accessprofile" } if ($NSObjects."ica action" ) { outputObjectConfig "Citrix Gateway SmartControl Actions" "ica action" } if ($NSObjects."ica policy" ) { outputObjectConfig "Citrix Gateway SmartControl Policies" "ica policy" } if ($NSObjects."vpn url" ) { outputObjectConfig "Citrix Gateway Bookmarks" "vpn url" } if ($NSObjects."vpn parameter" ) { outputObjectConfig "Citrix Gateway Global Settings" "vpn parameter" "raw" } if ($NSObjects."clientless domains" ) { outputObjectConfig "Citrix Gateway Clientless Domains" "clientless domains" "raw" } if ($NSObjects."vpn nextHopServer" ) { outputObjectConfig "Citrix Gateway Next Hop Servers" "vpn nextHopServer" } if ($NSObjects."vpn vserver" ) { outputObjectConfig "Citrix Gateway Virtual Servers" "vpn vserver" } if ($NSObjects."vpn global" ) { outputObjectConfig "Citrix Gateway Global Bindings" "vpn global" "raw" } if ($NSObjects."aaa group" ) { outputObjectConfig "AAA Groups" "aaa group" } # GSLB Output if ($NSObjects."adns service" ) { outputObjectConfig "ADNS Services" "adns service" "raw" } if ($NSObjects."gslb site" ) { outputObjectConfig "GSLB Sites" "gslb site" } if ($NSObjects."ns rpcNode" ) { outputObjectConfig "GSLB RPC Nodes" "ns rpcNode" } if ($NSObjects."dns view" ) { outputObjectConfig "DNS Views" "dns view" } if ($NSObjects."dns action" ) { outputObjectConfig "DNS Actions" "dns action" } if ($NSObjects."dns policy" ) { outputObjectConfig "DNS Policies" "dns policy" } if ($NSObjects."dns global" ) { outputObjectConfig "DNS Global Bindings" "dns global" "raw"} if ($NSObjects."gslb location" ) { outputObjectConfig "GSLB Locations (Static Proximity)" "gslb location" "raw" } if ($NSObjects."gslb parameter" ) { outputObjectConfig "GSLB Parameters" "gslb parameter" "raw" } if ($NSObjects."gslb service" ) { outputObjectConfig "GSLB Services" "gslb service" } if ($NSObjects."gslb vserver" ) { outputObjectConfig "GSLB Virtual Servers" "gslb vserver" } if ($NSObjects."cr policy" ) { outputObjectConfig "Cache Redirection Policies" "cr policy" } if ($NSObjects."cr vserver" ) { outputObjectConfig "Cache Redirection Virtual Servers" "cr vserver" } if ($NSObjects."cs vserver" ) { outputObjectConfig "Content Switching Virtual Servers" "cs vserver" } if ($NSObjects."ssl vserver" ) { outputObjectConfig "SSL Virtual Servers" "ssl vserver" } # Global System Bindings - can't bind until objects are created if ($NSObjects."system global" ) { outputObjectConfig "System Global Bindings" "system global" "raw"} if ($NSObjects."dns nameServer" ) { outputObjectConfig "DNS Name Servers" "dns nameServer" } if ($outputFile -and ($outputFile -ne "screen")) { # Convert file EOLs to UNIX format so file can be batch imported to NetScaler $text = [IO.File]::ReadAllText($outputFile) -replace "`r`n", "`n" [IO.File]::WriteAllText($outputFile, $text) } if ($textEditor -and ($outputFile -and ($outputFile -ne "screen"))) { # Open Text Editor #if (Test-Path $textEditor -PathType Leaf){ write-host "`nOpening Output file `"$outputFile`" using `"$textEditor`" ..." start-process -FilePath $textEditor -ArgumentList "`"$outputFile`"" <#} else { write-host "`nText Editor not found: `"$textEditor`"" write-host "`nCan't open output file: `"$outputFile`"" }#> }