Description:
The script configures everything that is necessary to configure an IKE load balancer for a the head office (including DMZ network, VRRP & route).
List of used variables:
Add-in code:
/**
* @param {Config} config
* @param {Context} context
* Do not edit this comment or parameter types. Required for code suggestions
*/
exports.main = function (config, context) {
// Required variables:
// VRID = string
// VRRP_IP = string
// VRRP_PRIO = string
// DMZ_IP = string
// DMZ_GW = string
// LOAD_PASSWORD = string
if
(context.network.isCentralGateway) {
// /Setup/TCP-IP/Network-list/
var
networkList = config.getTableByOid(
"1.2.7.30"
);
var
rowDmz = networkList.createNewRow();
rowDmz.setByOid(
"1"
,
"DMZ"
);
//Network-name
rowDmz.setByOid(
"2"
, context.vars.
DMZ_IP
);
//IP-Address
rowDmz.setByOid(
"3"
,
"255.255.255.0"
);
//IP-Netmask
rowDmz.setByOid(
"4"
,
"1"
);
//VLAN-ID
rowDmz.setByOid(
"5"
,
"256"
);
//Interface (257 = LAN-2)
rowDmz.setByOid(
"6"
,
"0"
);
//Src-check (0 = Loose)
rowDmz.setByOid(
"7"
,
"2"
);
//Type (2 = DMZ)
rowDmz.setByOid(
"8"
,
"0"
);
//Rtg-Tag
rowDmz.setByOid(
"9"
,
"demilitarized zone"
);
//Comment
networkList.addOrMerge(rowDmz);
// /Setup/IP-Router/IP-Routing-Table/
var
routingTable = config.getTableByOid(
"1.2.8.2"
);
var
routeToGw = routingTable.createNewRow();
routeToGw.setByOid(
"1"
,
"255.255.255.255"
);
//IP-Address
routeToGw.setByOid(
"2"
,
"0.0.0.0"
);
//IP-Netmask
routeToGw.setByOid(
"8"
,
"0"
);
//Rtg-tag
routeToGw.setByOid(
"6"
,
"0"
);
//Active (No (1), Yes (0), Semi (2))
routeToGw.setByOid(
"3"
, context.vars.
DMZ_GW
);
//Peer-or-IP
routeToGw.setByOid(
"4"
,
"0"
);
//Distance
routeToGw.setByOid(
"5"
,
"0"
);
//Masquerade (No (0), on (1), intranet (2))
routeToGw.setByOid(
"7"
,
""
);
//Comment
routingTable.addOrMerge(routeToGw);
config.setScalarByOid(
"1.2.102.12"
,
"DMZ"
);
//Loopback-Adresse für LMC
config.setScalarByOid(
"1.2.8.21.1"
,
"1"
);
//VRRP Operating
config.setScalarByOid(
"1.2.8.21.3"
,
"30"
);
//VRRP Reconnect-Delay
// /Setup/IP-Router/VRRP/VRRP-List
var
vrrpList = config.getTableByOid(
"1.2.8.21.2"
);
var
vrrpRow = vrrpList.createNewRow();
vrrpRow.setByOid(
"1"
, context.vars.
VRID
);
//VRID
vrrpRow.setByOid(
"2"
, context.vars.
VRRP_IP
);
//Virtual IP
vrrpRow.setByOid(
"3"
, context.vars.
VRRP_PRIO
);
//VRRP Prio
vrrpList.addOrMerge(vrrpRow);
config.setScalarByOid(
"1.2.19.50.1"
,
"1"
);
//VPN Loadbalancer Operating
// /Setup/VPN/Load-Balancer/Instances
var
lbInstances = config.getTableByOid(
"1.2.19.50.2"
);
var
lbInstance = lbInstances.createNewRow();
lbInstance.setByOid(
"1"
, context.vars.
VRID
);
//VRID
lbInstance.setByOid(
"2"
, context.vars.
DMZ_IP
);
//Redirect-Target
lbInstance.setByOid(
"4"
,
"DEFAULT"
);
//Message-Profile
lbInstances.addOrMerge(lbInstance);
// /Setup/VPN/Load-Balancer/Message-Profiles
var
messageProfiles = config.getTableByOid(
"1.2.19.50.3"
);
var
profile = messageProfiles.createNewRow();
profile.setByOid(
"1"
,
"DEFAULT"
);
//Profile-Name
profile.setByOid(
"2"
,
"DMZ"
);
//Interface
profile.setByOid(
"3"
,
"239.255.22.11"
);
//Address
profile.setByOid(
"4"
,
"1987"
);
//Port
profile.setByOid(
"5"
,
"2000"
);
//Interval
profile.setByOid(
"6"
,
"3000"
);
//Holdtime
profile.setByOid(
"7"
,
"5"
);
//Replay-Window
profile.setByOid(
"8"
,
"15"
);
//Max-Time-Skew
profile.setByOid(
"9"
, context.vars.
LOAD_PASSWORD
);
//Secret
profile.setByOid(
"10"
,
"3"
);
//Cipher (3 = AES-256-CGM)
profile.setByOid(
"11"
,
"1"
);
//HMAC (1 = 96-Bits)
messageProfiles.addOrMerge(profile);
}
};
|
|---|
Add-in as JSON file:
ike_load_balancer.json
