-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathUpdate-Datagroup.ps1
113 lines (93 loc) · 3.74 KB
/
Update-Datagroup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# Set variables...
$User = "<f5-admin>"
$Pass = "<f5-password>"
$F5ManagementAddress = "<f5-management-ip-or-dns>"
$DataGroup = "Exchange_Online_Nodes"
# Generate authentication token
$pair = "$($user):$($pass)"
$encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
$basicAuthValue = "Basic $encodedCreds"
$Headers = @{
Authorization = $basicAuthValue
}
# Use this section if your F5 management management interface doesn't use a trusted TLS cert.
# If you use valid certificates - well done! You can comment out or delete this section...
### START ignore invalid TLS certificate block ###
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback = @"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
public static void Ignore()
{
if(ServicePointManager.ServerCertificateValidationCallback ==null)
{
ServicePointManager.ServerCertificateValidationCallback +=
delegate
(
Object obj,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors
)
{
return true;
};
}
}
}
"@
Add-Type $certCallback
}
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12;
[ServerCertificateValidationCallback]::Ignore()
### END ignore invalid TLS certificate block ###
# Invoke request
$URI = "https://$F5ManagementAddress/mgmt/tm/ltm/data-group/internal/$DataGroup"
$Response = Invoke-RestMethod -Uri $URI -Headers $Headers
Write-Host ("These are the records in the `"" + $datagroup + "`" data group...") -ForegroundColor Yellow
$DataGroupIPs = $Response.records.name
$DataGroupIPs
# Get Exchange Online SMTP IP ranges
# Generate random number to insert into ClientRequestID
$Random = Get-Random -Minimum 100000000000 -Maximum 999999999999
# Define the URL to query. We'll get all Exchange-related data and exclude IPv6 addresses
$ExchangeQueryURL = "https://endpoints.office.com/endpoints/Worldwide?ServiceAreas=Exchange&NoIPv6=true&ClientRequestId=b10c5ed1-bad1-445f-b386-$Random"
# Create an array which includes the TCP ports we'll filter on
$TCPPorts = @('25','587')
# Get the data
$ExchangeData = Invoke-RestMethod -Uri $ExchangeQueryURL -Method Get
# Filter to just extract IP addresses
$MailRelayIPs = ($ExchangeData | Where-Object {$TCPPorts -contains $_.tcpPorts} | Select ips).ips | Sort-Object
Write-Host
Write-Host ("These are IP addresses associated with Exchange Online SMTP...") -ForegroundColor Yellow
$MailRelayIPs
If (Compare-Object $MailRelayIPs $DataGroupIPs) {
Write-Host
Write-Host "Data group needs to be updated!!!" -ForegroundColor Red
$UpdateGroup = $true
} Else {
Write-Host
Write-Host "Data group is in sync with Microsoft's service IPs" -ForegroundColor Green
}
# Update the data group if F5 and Microsoft-stated addresses differ...
If (Compare-Object $MailRelayIPs $DataGroupIPs) {
Write-Host "Press a key to update the data group, or CTRL+C to exit" -ForegroundColor Yellow
Pause
$Template = '{"records":[]}' | ConvertFrom-Json
ForEach ($IP in $MailRelayIPs) {
$JsonDataAdd = @"
{
"name": "$IP",
"data": ""
}
"@
$Template.records += (ConvertFrom-Json $JsonDataAdd)
}
# Execute the update
Invoke-RestMethod -Uri $URI -Headers $Headers -Body ($Template | ConvertTo-Json) -Method Put -ContentType 'application/json'
}