Skip to content

Configure Firewall Exceptions on distribution points

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#noparams
#noexample
#expectedoutput:Configure_Firewall_Pass
#----------------------------------------------------------------------------#
#  Name: .\Configure_DP_Windows_Firewall.ps1                    
#  Version: 1.0
#  Created by: Vikram Bedi
#
#  Input Arguments: 
#           None
#  Output: .\Configure_Firewall.Log
#           Returns "Configure_Firewall_Pass" string on successful completion
#
#  Purpose:
#    1. Configure Firewall Exceptions
#---------------------------- OutputToLog -----------------------------------#

$Servers = 'DC01'

$Sessions = New-PSSession -ComputerName $Servers


Invoke-Command -Session $Sessions -ScriptBlock  {
  function OutputToLog
  {
    param ($msg,$comp)
    if($msg)
    {
      $msg = $msg.ToString()
    }
    else
    {
      $msg = 'Unknown Exception'
    }
    if($comp)
    {
      $comp = $comp.ToString()
    }
    else
    {
      $comp = '-'
    }
    Write-Host (Get-Date) $msg
    Add-Content -Value ('<![LOG[' + $msg + ']LOG]!><time=""' + (Get-Date -Format H:m:s.000+000) + '"" date=""' + (Get-Date -Format MM-dd-yyyy ) + '"" component=""'+$comp+'"" context="""" type=""1"" thread="""" file="""">' ) $OutputToLog -Force -ErrorAction SilentlyContinue
  }
  $global:OutputToLog = ($Myinvocation.MyCommand.Definition) -replace '.ps1', '.log'
  $ErrorActionPreference = 'Stop'

  OutputToLog 'Started :- [Configure_DP_Windows_Firewall.ps1] ** Parameters :: None' 'Started'
  OutputToLog "Running as :- $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)" 'Started'
  #------------------------------- Start --------------------------------------#

  function configure-firewall
  {
    param($name,$protocol,$localPorts,$description,$direction)

    $FWRules = (New-Object -ComObject HNetCfg.FwPolicy2).rules

    if($FWRules | Where-Object -FilterScript {
        $_.Name -eq $name
    })
    {
      OutputToLog "Skipping :- A Firewall rule with name $name already exists" 'Configure_DP_Windows_Firewall_Rule'
    }
    else
    {
      # Create an instance of the firewall rule object
      $fwrule = New-Object -ComObject HNetCfg.FwRule

      # Set the firewall rule properties
      $fwrule.Name = $name
      $fwrule.Protocol = $protocol
      $fwrule.LocalPorts = $localPorts
      $fwrule.Description = $description
      $fwrule.Direction = $direction
      $fwrule.Grouping = 'ConfigMgr_Exceptions'
      $fwrule.Enabled = $true # Rule Enabled
      $fwrule.Profiles = 7 #All Profiles
      $fwrule.Action = 1 # Allow connections

      # Create an instance of the firewall policy object
      try
      {
        $fwpolicy = New-Object -ComObject HNetCfg.FwPolicy2
        $fwpolicy.Rules.Add($fwrule)
        OutputToLog "Completed :- A Firewall rule $name created" 'Configure_DP_Windows_Firewall_Rule'
      }
      catch
      {
        OutputToLog "Error while creating Firewall rule $name" 'Configure_DP_Windows_Firewall_Rule'
      }
    }
  }
  # Protocol  TCP = 6 ; UDP = 17
  # Direction Inbound = 1 ; Outbound = 2

  try
  {
    configure-firewall SQL_TCP_Inbound 6 1433 Open_SQL_TCP_Port 1 # Inbound TCP
    configure-firewall SQL_UDP_Inbound 17 1433 Open_SQL_UDP_Port 1 # Inbound UDP

    configure-firewall SQL_TCP_Outbound 6 1433 Open_SQL_TCP_Port 2 # Outbound TCP
    configure-firewall SQL_UDP_Outbound 17 1433 Open_SQL_UDP_Port 2 # Outbound UDP

    configure-firewall BGB_TCP_Inbound 6 10123 Open_BGB_TCP_Port 1 # Inbound TCP

    configure-firewall SSB_TCP_Inbound 6 4022 Open_BGB_TCP_Port 1 # Inbound TCP
    configure-firewall SSB_UDP_Inbound 17 4022 Open_BGB_UDP_Port 1 # Inbound UDP

    configure-firewall SSB_TCP_Outbound 6 4022 Open_BGB_TCP_Port 2 # Outbound TCP
    configure-firewall SSB_UDP_Outbound 17 4022 Open_BGB_UDP_Port 2 # Outbound UDP

    OutputToLog 'Configure_DP_Windows_Firewall_Pass' 'Overall_Status'
  }
  catch
  {
    $Exception = ' Line ( ' + $_.InvocationInfo.ScriptLineNumber +' ) : '+ '{0}, {1}' -f  $_.Exception.GetType().FullName, $( $_.Exception.Message -replace "'" )
    OutputToLog "Fail : Unable to configure firewall rules . Details:$Exception"
    OutputToLog 'Configure_Firewall_Fail' 'Overall_Status'
  }

  OutputToLog 'Completed :- Configure Windows DP Firewall' 'Completed'
  #------------------------------- End ----------------------------------------#
}