Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
try
{
$EncryptedPassword = "Encrypted Password"
$SecurePassword = $EncryptedPassword | ConvertTo-SecureString
$Marshal = [System.Runtime.InteropServices.Marshal]
$Bstr = $Marshal::SecureStringToBSTR($SecurePassword)
$Password = $Marshal::PtrToStringAuto($Bstr)
$Marshal::ZeroFreeBSTR($Bstr)
$Firewall1 = "FQDN Of Firewall 1"
$Firewall2 = "FQDN Of Firewall 2"
$VPNTunnelName = "Name of VPN Tunnel in Palo Alto Firewall"
# Disable SSL certificate checking so we can connect to servers using a cert signed by a private CA
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
#Set Powershell to use TLS1.2 when connecting to the Firewall
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
# Check State and make sure query is run against Active Firewall, if there is a problem with the HA State create error alert in PRTG and exit
$CheckFW1State = @{uri = "https://$Firewall1/api/?type=op&cmd=<show><high-availability><state></state></high-availability></show>&key=$Password";
Method = 'GET';
}
[xml]$CheckFW1StateXML = invoke-restmethod @CheckFW1State
$CurrentFW1State = $CheckFW1StateXML.response.result.group.'local-info'.state
$CheckFW2State = @{uri = "https://$Firewall2/api/?type=op&cmd=<show><high-availability><state></state></high-availability></show>&key=$Password";
Method = 'GET';
}
[xml]$CheckFW2StateXML = invoke-restmethod @CheckFW2State
$CurrentFW2State = $CheckFW2StateXML.response.result.group.'local-info'.state
If ($CurrentFW1State -eq 'active' -And $CurrentFW2State -eq 'passive') {
$ActiveFW = $Firewall1
}
ElseIf ($CurrentFW1State -eq 'passive' -And $CurrentFW2State -eq 'active') {
$ActiveFW = $Firewall2
}
Else {
Write-Host "<prtg>"
Write-Host "<result>"
"<channel>FW_HA</channel>"
"<value>1</value>"
"<showChart>1</showChart>"
"<showTable>1</showTable>"
"<LimitMaxError>0</LimitMaxError>"
"<LimitMode>1</LimitMode>"
"</result>"
Write-Host "<result>"
"<channel>$VPNTunnelName</channel>"
"<value>0</value>"
"<showChart>1</showChart>"
"<showTable>1</showTable>"
"<LimitMaxError>0</LimitMaxError>"
"<LimitMode>1</LimitMode>"
"</result>"
Write-Host "</prtg>"
Exit
}
# GET VPN Tunnel State
$VPNTunnelState = @{uri = "https://$ActiveFW/api/?type=op&cmd=<show><vpn><ipsec-sa><tunnel>$VPNTunnelName</tunnel></ipsec-sa></vpn></show>&key=$Password";
Method = 'GET';
}
[xml]$VPNTunnelStateXML = invoke-restmethod @VPNTunnelState
$VPNTunnelStateTest = $VPNTunnelStateXML.SelectSingleNode("//response/result/error")
If ($VPNTunnelStateTest -ne $null) {
$VPNTunnelStateResult = 1
}
Else {
$VPNTunnelStateResult = 0
}
# XML Output for PRTG
Write-Host "<prtg>"
Write-Host "<result>"
"<channel>FW_HA</channel>"
"<value>0</value>"
"<showChart>1</showChart>"
"<showTable>1</showTable>"
"<LimitMaxError>0</LimitMaxError>"
"<LimitMode>1</LimitMode>"
"</result>"
Write-Host "<result>"
"<channel>$VPNTunnelName</channel>"
"<value>$VPNTunnelStateResult</value>"
"<showChart>1</showChart>"
"<showTable>1</showTable>"
"<LimitMaxError>0</LimitMaxError>"
"<LimitMode>1</LimitMode>"
"</result>"
Write-Host "</prtg>"
}
#If try code block fails then throw an error to PRTG
catch
{
Write-Host "<prtg>"
Write-host "<error>1</error>"
Write-Host "<text>Sensor Error</text>"
Write-Host "</prtg>"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.