From f94f6cb62035ebe8065661e163c0f456e8e185b4 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 13 Feb 2024 21:25:08 +0100 Subject: [PATCH] policy(Tests): Continue Tests for Security Profile... --- Tests/integration/FirewallPolicy.Tests.ps1 | 318 +++++++++++++++++++++ 1 file changed, 318 insertions(+) diff --git a/Tests/integration/FirewallPolicy.Tests.ps1 b/Tests/integration/FirewallPolicy.Tests.ps1 index edc5fe3dd..ba05f83be 100644 --- a/Tests/integration/FirewallPolicy.Tests.ps1 +++ b/Tests/integration/FirewallPolicy.Tests.ps1 @@ -1228,6 +1228,324 @@ Describe "Configure Firewall Policy" { $policy.nat | Should -Be "disable" } + It "Set Policy $pester_policy1 (with action deny)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -action deny + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.action | Should -Be "deny" + } + + It "Set Policy $pester_policy1 (with action accept)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -action accept + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.action | Should -Be "accept" + } + + It "Set Policy $pester_policy1 (with action deny and log)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -action deny -logtraffic all + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.action | Should -Be "deny" + $policy.logtraffic | Should -Be "all" + } + + It "Set Policy $pester_policy1 (with action accept and logtraffic disable)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -action accept -logtraffic disable + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.action | Should -Be "accept" + $policy.logtraffic | Should -Be "disable" + } + + It "Set Policy $pester_policy1 (with logtraffic all)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -logtraffic all + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.logtraffic | Should -Be "all" + } + + It "Set Policy $pester_policy1 (with logtraffic utm)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -logtraffic utm + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.logtraffic | Should -Be "utm" + } + + It "Set Policy $pester_policy1 (status disable)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -status:$false + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.status | Should -Be "disable" + } + + It "Set Policy $pester_policy1 (status enable)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -status + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.status | Should -Be "enable" + } + + It "Set Policy $pester_policy1 (with 1 service : HTTP)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -service HTTP + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.service.name | Should -Be "HTTP" + } + + It "Set Policy $pester_policy1 (with 2 services : SSH, HTTPS)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -service SSH, HTTPS + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.service.name | Should -BeIn "SSH", "HTTPS" + } + + It "Set Policy $pester_policy1 (with 1 service : ALL))" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -service ALL + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.service.name | Should -Be "all" + } + + #Add Schedule ? need API + It "Set Policy $pester_policy1 (with schedule none)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -schedule none + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.schedule | Should -Be "none" + } + + It "Set Policy $pester_policy1 (with schedule always)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -schedule always + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.schedule | Should -Be "always" + } + + It "Set Policy $pester_policy1 (with comments)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -comments "Modify via PowerFGT" + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.comments | Should -Be "Modify via PowerFGT" + } + + It "Set Policy $pester_policy1 (with comments: null)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -comments "" + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.comments | Should -BeNullOrEmpty + } + + #Disable missing API for create IP Pool + It "Set Policy $pester_policy1 (with IP Pool)" -skip:$true { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -ippool "MyIPPool" + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.ippool | Should -Be "enable" + $policy.poolname | Should -Be "MyIPPool" + } + + It "Set Policy $pester_policy1 (with data (1 field))" { + $data = @{ "logtraffic-start" = "enable" } + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -data $data + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'logtraffic-start' | Should -Be "enable" + } + + It "Set Policy $pester_policy1 (with data (2 fields))" { + $data = @{ "logtraffic-start" = "disable" ; "comments" = "Modify via PowerFGT and -data" } + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -data $data + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.comments | Should -Be "Modify via PowerFGT and -data" + $policy.'logtraffic-start' | Should -Be "disable" + } + + It "Set Policy $pester_policy1 (with SSL/SSH Profile: certificate-inspection)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -sslsshprofile certificate-inspection + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'ssl-ssh-profile' | Should -Be "certificate-inspection" + } + + It "Add Policy $pester_policy1 (with SSL/SSH Profile: deep-inspection)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -sslsshprofile deep-inspection + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'ssl-ssh-profile' | Should -Be "deep-inspection" + } + + It "Set Policy $pester_policy1 (with SSL/SSH Profile: no-inspection)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -sslsshprofile no-inspection + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'ssl-ssh-profile' | Should -Be "no-inspection" + } + + It "Set Policy $pester_policy1 (with AV Profile: default)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -avprofile default + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'av-profile' | Should -Be "default" + } + + It "Set Policy $pester_policy1 (with AV Profile: null)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -avprofile "" + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'av-profile' | Should -BeNullOrEmpty + } + + It "Set Policy $pester_policy1 (with Web Filter Profile: default)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -webfilterprofile default + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'webfilter-profile' | Should -Be "default" + } + + It "Set Policy $pester_policy1 (with Web Filter Profile: null)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -webfilterprofile "" + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'webfilter-profile' | Should -BeNullOrEmpty + } + + It "Set Policy $pester_policy1 (with DNS Filter Profile: default)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -dnsfilterprofile default + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'dnsfilter-profile' | Should -Be "default" + } + + It "Set Policy $pester_policy1 (with DNS Filter Profile: null)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -dnsfilterprofile "" + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'dnsfilter-profile' | Should -Be "" + } + + It "Set Policy $pester_policy1 (with IP Sensor: default)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -ipssensor default + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'ips-sensor' | Should -Be "default" + } + + It "Set Policy $pester_policy1 (with IP Sensor: null)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -ipssensor "" + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'ips-sensor' | Should -BeNullOrEmpty + } + + It "Set Policy $pester_policy1 (with Application List: default)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -applicationlist default + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'application-list' | Should -Be "default" + } + + It "Set Policy $pester_policy1 (with Application List: null)" { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -applicationlist "" + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'utm-status' | Should -Be "enable" + $policy.'application-list' | Should -BeNullOrEmpty + } + + It "Set Policy $pester_policy1 (with inspection-mode: proxy)" -skip:($fgt_version -lt "6.2.0") { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -inspectionmode proxy + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'inspection-mode' | Should -Be "proxy" + } + + It "Set Policy $pester_policy1 (with inspection-mode: flow)" -skip:($fgt_version -lt "6.2.0") { + $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -inspectionmode flow + @($p).count | Should -Be "1" + $policy = Get-FGTFirewallPolicy -name $pester_policy1 + $policy.name | Should -Be $pester_policy1 + $policy.uuid | Should -Not -BeNullOrEmpty + $policy.'inspection-mode' | Should -Be "flow" + } + It "Set Name" { $p = Get-FGTFirewallPolicy -name $pester_policy1 | Set-FGTFirewallPolicy -name "pester_address_change" @($p).count | Should -Be "1"