Home
  •  

Firewall Port Check

Microsoft.Windows.FileServices.Service.iSCSITarget.6.2.FirewallCheck (UnitMonitorType)

Element properties:

RunAsDefault
AccessibilityInternal
Support Monitor RecalculateFalse

Member Modules:

ID Module Type TypeId RunAs 
Script DataSource Microsoft.Windows.TimedScript.PropertyBagProvider Default
PortNotOpenFilter ConditionDetection System.ExpressionFilter Default
PortOpenFilter ConditionDetection System.ExpressionFilter Default

Overrideable Parameters:

IDParameterTypeSelectorDisplay NameDescription
IntervalSecondsint$Config/IntervalSeconds$Frequency (seconds)
SyncTimestring$Config/SyncTime$Sync Time
TimeoutSecondsstring$Config/TimeoutSeconds$Script timeout (seconds)
PortNumberint$Config/PortNumber$TCP port to check

Source Code:

<UnitMonitorType ID="Microsoft.Windows.FileServices.Service.iSCSITarget.6.2.FirewallCheck" Accessibility="Internal">

  <MonitorTypeStates>

    <MonitorTypeState ID="FirewallPortNotOpen"/>

    <MonitorTypeState ID="FirewallPortOpen"/>

  </MonitorTypeStates>

  <Configuration>

    <xsd:element name="IntervalSeconds" type="xsd:integer"/>

    <xsd:element name="SyncTime" type="xsd:string"/>

    <xsd:element name="TimeoutSeconds" type="xsd:integer"/>

    <xsd:element name="PortNumber" type="xsd:integer"/>

  </Configuration>

  <OverrideableParameters>

    <OverrideableParameter ID="IntervalSeconds" Selector="$Config/IntervalSeconds$" ParameterType="int"/>

    <OverrideableParameter ID="SyncTime" Selector="$Config/SyncTime$" ParameterType="string"/>

    <OverrideableParameter ID="TimeoutSeconds" Selector="$Config/TimeoutSeconds$" ParameterType="string"/>

    <OverrideableParameter ID="PortNumber" Selector="$Config/PortNumber$" ParameterType="int"/>

  </OverrideableParameters>

  <MonitorImplementation>

    <MemberModules>

      <DataSource ID="Script" TypeID="Windows!Microsoft.Windows.TimedScript.PropertyBagProvider">

        <IntervalSeconds>$Config/IntervalSeconds$</IntervalSeconds>

        <SyncTime>$Config/SyncTime$</SyncTime>

        <ScriptName>iSCSI62.FirewallCheck.js</ScriptName>

        <Arguments>$Config/PortNumber$</Arguments>

        <ScriptBody><Script>





//

// constants and globals

//

var NET_FW_RULE_DIR_IN = 1;

var NET_FW_IP_PROTOCOL_TCP = 6;

var NET_FW_IP_PROTOCOL_ANY = 256;

var NET_FW_ACTION_BLOCK = 0;

var NET_FW_ACTION_ALLOW = 1;

var iSCSIPort = 3260;

var PortOpeningEnabled = false;







var wshShell = new ActiveXObject("WScript.Shell");

var wshEnv = wshShell.Environment("Process");

var BinaryPath = wshEnv("SYSTEMROOT") + "\\system32\\svchost.exe";



//

// set the iSCSI port if passed as a parameter

//

if (WScript.Arguments.Length == 1)

{

	iSCSIPort = WScript.Arguments(0);

}





//

// Advanced-Firewall;

//

var objFWPolicy2 = new ActiveXObject("HNetCfg.FwPolicy2");

for (var FWRules = new Enumerator(objFWPolicy2.Rules);

     !FWRules.atEnd();

     FWRules.moveNext())

{

    var objRule = FWRules.item();



    //

    // look if a rule allows the service binary

    //

    if ( true  == objRule.Enabled &amp;&amp;

         NET_FW_ACTION_ALLOW == objRule.Action &amp;&amp;

         NET_FW_RULE_DIR_IN == objRule.Direction &amp;&amp;

         (NET_FW_IP_PROTOCOL_ANY == objRule.Protocol ||

          NET_FW_IP_PROTOCOL_TCP == objRule.Protocol) &amp;&amp;

         ( iSCSIPort == objRule.LocalPorts) )

    {	



        if ( BinaryPath.toLowerCase() == objRule.ApplicationName.toLowerCase() )

        {

            PortOpeningEnabled = true;

        }

    }

}





//

// return results to HealthService

//



var obiScOpsMgrAPI = new ActiveXObject("MOM.ScriptAPI");

var objPropBag     = obiScOpsMgrAPI.CreatePropertyBag();



objPropBag.AddValue("PortOpeningEnabled", PortOpeningEnabled);

obiScOpsMgrAPI.Return(objPropBag);



          </Script></ScriptBody>

        <TimeoutSeconds>$Config/TimeoutSeconds$</TimeoutSeconds>

      </DataSource>

      <ConditionDetection ID="PortNotOpenFilter" TypeID="System!System.ExpressionFilter">

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="Boolean">Property[@Name='PortOpeningEnabled']</XPathQuery>

            </ValueExpression>

            <Operator>NotEqual</Operator>

            <ValueExpression>

              <Value Type="Boolean">true</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </ConditionDetection>

      <ConditionDetection ID="PortOpenFilter" TypeID="System!System.ExpressionFilter">

        <Expression>

          <SimpleExpression>

            <ValueExpression>

              <XPathQuery Type="Boolean">Property[@Name='PortOpeningEnabled']</XPathQuery>

            </ValueExpression>

            <Operator>Equal</Operator>

            <ValueExpression>

              <Value Type="Boolean">true</Value>

            </ValueExpression>

          </SimpleExpression>

        </Expression>

      </ConditionDetection>

    </MemberModules>

    <RegularDetections>

      <RegularDetection MonitorTypeStateID="FirewallPortNotOpen">

        <Node ID="PortNotOpenFilter">

          <Node ID="Script"/>

        </Node>

      </RegularDetection>

      <RegularDetection MonitorTypeStateID="FirewallPortOpen">

        <Node ID="PortOpenFilter">

          <Node ID="Script"/>

        </Node>

      </RegularDetection>

    </RegularDetections>

  </MonitorImplementation>

</UnitMonitorType>