Firewall Port Check
Microsoft.Windows.FileServices.Service.iSCSITarget.10.0.FirewallCheck (UnitMonitorType)
Element properties: Member Modules:
Overrideable Parameters:
Source Code: <UnitMonitorType ID="Microsoft.Windows.FileServices.Service.iSCSITarget.10.0.FirewallCheck" Accessibility="Internal">
<MonitorTypeStates>
<MonitorTypeState ID="FirewallPortNotOpen"/>
<MonitorTypeState ID="FirewallPortOpen"/>
</MonitorTypeStates>
<Configuration>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="IntervalSeconds" type="xsd:integer"/>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="SyncTime" type="xsd:string"/>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="TimeoutSeconds" type="xsd:integer"/>
<xsd:element xmlns:xsd="http://www.w3.org/2001/XMLSchema" name="PortNumber" type="xsd:integer"/>
</Configuration>
<OverrideableParameters>
<OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int"/>
<OverrideableParameter ID="SyncTime" Selector="$Config/SyncTime$" ParameterType="string"/>
<OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="string"/>
<OverrideableParameter ID="PortNumber" Selector="$Config/PortNumber$" ParameterType="int"/>
</OverrideableParameters>
<MonitorImplementation>
<MemberModules>
<DataSource ID="Script" TypeID="Windows!Microsoft.Windows.TimedScript.PropertyBagProvider">
<IntervalSeconds>$Config/IntervalSeconds$</IntervalSeconds>
<SyncTime>$Config/SyncTime$</SyncTime>
<ScriptName>iSCSI62.FirewallCheck.js</ScriptName>
<Arguments>$Config/PortNumber$</Arguments>
<ScriptBody><Script>
//
// constants and globals
//
var NET_FW_RULE_DIR_IN = 1;
var NET_FW_IP_PROTOCOL_TCP = 6;
var NET_FW_IP_PROTOCOL_ANY = 256;
var NET_FW_ACTION_BLOCK = 0;
var NET_FW_ACTION_ALLOW = 1;
var iSCSIPort = 3260;
var PortOpeningEnabled = false;
var wshShell = new ActiveXObject("WScript.Shell");
var wshEnv = wshShell.Environment("Process");
var BinaryPath = wshEnv("SYSTEMROOT") + "\\system32\\svchost.exe";
//
// set the iSCSI port if passed as a parameter
//
if (WScript.Arguments.Length == 1)
{
iSCSIPort = WScript.Arguments(0);
}
//
// Advanced-Firewall;
//
var objFWPolicy2 = new ActiveXObject("HNetCfg.FwPolicy2");
for (var FWRules = new Enumerator(objFWPolicy2.Rules);
!FWRules.atEnd();
FWRules.moveNext())
{
var objRule = FWRules.item();
//
// look if a rule allows the service binary
//
if ( true == objRule.Enabled &&
NET_FW_ACTION_ALLOW == objRule.Action &&
NET_FW_RULE_DIR_IN == objRule.Direction &&
(NET_FW_IP_PROTOCOL_ANY == objRule.Protocol ||
NET_FW_IP_PROTOCOL_TCP == objRule.Protocol) &&
( iSCSIPort == objRule.LocalPorts) )
{
if ( BinaryPath.toLowerCase() == objRule.ApplicationName.toLowerCase() )
{
PortOpeningEnabled = true;
}
}
}
//
// return results to HealthService
//
var obiScOpsMgrAPI = new ActiveXObject("MOM.ScriptAPI");
var objPropBag = obiScOpsMgrAPI.CreatePropertyBag();
objPropBag.AddValue("PortOpeningEnabled", PortOpeningEnabled);
obiScOpsMgrAPI.Return(objPropBag);
</Script> </ScriptBody>
<TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>
</DataSource>
<ConditionDetection ID="PortNotOpenFilter" TypeID="System!System.ExpressionFilter">
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Boolean">Property[@Name='PortOpeningEnabled']</XPathQuery>
</ValueExpression>
<Operator>NotEqual</Operator>
<ValueExpression>
<Value Type="Boolean">true</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
<ConditionDetection ID="PortOpenFilter" TypeID="System!System.ExpressionFilter">
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Boolean">Property[@Name='PortOpeningEnabled']</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value Type="Boolean">true</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</ConditionDetection>
</MemberModules>
<RegularDetections>
<RegularDetection MonitorTypeStateID="FirewallPortNotOpen">
<Node ID="PortNotOpenFilter">
<Node ID="Script"/>
</Node>
</RegularDetection>
<RegularDetection MonitorTypeStateID="FirewallPortOpen">
<Node ID="PortOpenFilter">
<Node ID="Script"/>
</Node>
</RegularDetection>
</RegularDetections>
</MonitorImplementation>
</UnitMonitorType>