Sonicwall Script Generator – Create Multiple Address Objects and add them to an Address Group | Phy2Vir

An IT Blog covering anything from Physical to Virtual in I.T

Sonicwall Script Generator – Create Multiple Address Objects and add them to an Address Group

Today I needed to create a number of Address Objects on some SonicWall firewalls and add them to an Address Group.

The addresses were the ones used by Up Time Robot. These needed to be whitelisted to allow the service to monitor the links’ uptime.

This was going to take very long to do via the WebUI. I needed to come up with a re-usable solution which would allow me to use the SonicWall CLI via SSH.

I have come up with the below script which will load a csv files which contains a list of Host addresses and/or Network addresses under the Header “IPAddress” as shown in the screenshot below. It is assumed that the values are correct as no checks are done except to determine the address object type

Format of CSV File

31/03/2021 I have updated the script below to support FQDN addresses in the CSV file. It has also been updated to use regex matching to determine what the entry in the csv input file is.

Used the below links to get the necessary expressions:

Hostname FQDN validation : https://www.regextester.com/103452

Validate an ip address: https://www.regextester.com/22

Ip with netmask: https://www.regextester.com/94015

So this is the Script:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
##############Customisation Variables###############
$AddressGroupName="UPTimeRobot_IPs"
$AddressObjectHostName="UpTimeRobot_Host"
$AddressObjectNetworkName="UpTimeRobot_Network"
$AddressObjectFQDNName="UpTimeRobot_FQDN"
$Zone="WAN"
$CSVFilePath="c:\scripts\uptimerobot_ips.csv" 
$OutputFilePath="c:\scripts\SW_cmds.txt"
####################################################
#regex patters
$ipregex="^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$"
$networkregex = "^((\d){1,3}\.){3}(\d){1,3}\/(\d){1,3}"
$fqdnregex="(?=^.{4,253}$)(^((?!-)[a-zA-Z0-9-]{0,62}[a-zA-Z0-9]\.)+[a-zA-Z]{2,63}$)"
#Keep Track of Network Addresses in the List
$NetworkAddresscount=0
#Keep Track of Host Addresses in the List
$IPAddresscount=0
#Keep Track of FQDN Addresses in the List
$FQDNcount=0
#Create Output File
New-Item $OutputFilePath -ItemType file -Force
 
#CSV File with list of IP, Network or FQDN address under the IPAddress Header 
$csv = Import-Csv $CSVFilePath
#Enter Configuration Mode
Add-Content $OutputFilePath "configure"
 
ForEach ($IP in $csv.IPAddress)
{
#check if entry is a Network Address
if ( $IP -match $networkregex )
{
 
$NetworkAddresscount++
Write-Host "Network Address: "$IP
#Split IP and Mask
$ipadd,$mask = $IP.Split('/')
#Generate the command to Create the Address Object. Change zone and object name as required in the Variables Section
Add-Content $OutputFilePath "address-object ipv4 $AddressObjectNetworkName$NetworkAddresscount network $ipadd /$mask zone $Zone"
}
#Else check if the Entry is an IP address
else
{
if ($IP -match $ipregex) 
{
$IPAddresscount++
Write-Host "IP Address: " $IP
#Generate the command to Create the Address Object. Change zone and object name as required in the Variables Section
Add-Content $OutputFilePath "address-object ipv4 $AddressObjectHostName$IPAddresscount host $IP zone $Zone"
}
else
{
if ($IP -match $fqdnregex)
{
$FQDNcount++
Write-Host "FQDN Address: " $IP
#Generate the command to Create the Address Object. Change zone and object name as required in the Variables Section
Add-Content $OutputFilePath "address-object fqdn $AddressObjectFQDNName$FQDNcount domain $IP zone $Zone"
Add-Content $OutputFilePath "exit" #Currently this is required for FQDN Entries in CLI.
}
}
}
}
#Exit the Configuration Mode
Add-Content $OutputFilePath "exit"
#Yes when Prompted to Commit Changes
Add-Content $OutputFilePath "yes"
 
#Add Address Objects to Address Group
#Enter Configuration Mode
Add-Content $OutputFilePath "configure"
#Create or Modify the Address Group. Change Address Group Name as needed. Avoid space...not tested
Add-Content $OutputFilePath "address-group ipv4 $AddressGroupName"
#Reset the Address Counts
$FQDNcount=0
$NetworkAddresscount=0
$IPAddresscount=0
#Go through the CSV entries again and generate the respective commands to add the Address Objects to the Address Group
ForEach ($IP in $csv.IPAddress)
{
if ( $IP -match $networkregex )
{
$NetworkAddresscount++
Add-Content $OutputFilePath "address-object ipv4 $AddressObjectNetworkName$NetworkAddresscount"
}
else
{
if ($IP -match $ipregex) 
{
$IPAddresscount++
Add-Content $OutputFilePath "address-object ipv4 $AddressObjectHostName$IPAddresscount"
}
else
{
if ($IP -match $fqdnregex)
{
$FQDNcount++
Add-Content $OutputFilePath "address-object ipv4 $AddressObjectFQDNName$FQDNcount"
}
}
}
}
#Exit the Address Group configuration
Add-Content $OutputFilePath "exit"
#Exit the Configuration Mode
Add-Content $OutputFilePath "exit"
#Yes when Prompted to Commit Changes
Add-Content $OutputFilePath "yes"

The script will check each entry to see if it is an IP address, Network or FQDN with the use of regular expressions. If there is a “/” in the IPAddress for example 192.168.0.0/24, it will treat is as a network address.

When the script is executing it is generating a list of commands and appending them to a text file. In this case SW_cmds.txt.

The file contains the below text which as you can see can be copied and pasted into an SSH session, connected with a SonicWall Firewall, after logging in.

configure
address-object ipv4 UpTimeRobot_Host1 host 18.221.56.27 zone WAN
address-object ipv4 UpTimeRobot_Host2 host 34.233.66.117 zone WAN
address-object ipv4 UpTimeRobot_Host3 host 46.101.250.135 zone WAN
address-object ipv4 UpTimeRobot_Host4 host 46.137.190.132 zone WAN
address-object ipv4 UpTimeRobot_Host5 host 52.60.129.180 zone WAN
address-object ipv4 UpTimeRobot_Host6 host 54.64.67.106 zone WAN
address-object ipv4 UpTimeRobot_Host7 host 54.67.10.127 zone WAN
address-object ipv4 UpTimeRobot_Host8 host 54.79.28.129 zone WAN
address-object ipv4 UpTimeRobot_Host9 host 54.94.142.218 zone WAN
address-object ipv4 UpTimeRobot_Network1 network 63.143.42.240 /28 zone WAN
address-object ipv4 UpTimeRobot_Network2 network 69.162.124.224 /28 zone WAN
address-object ipv4 UpTimeRobot_Host10 host 104.131.107.63 zone WAN
address-object ipv4 UpTimeRobot_Host11 host 122.248.234.23 zone WAN
address-object ipv4 UpTimeRobot_Host12 host 128.199.195.156 zone WAN
address-object ipv4 UpTimeRobot_Host13 host 138.197.150.151 zone WAN
address-object ipv4 UpTimeRobot_Host14 host 139.59.173.249 zone WAN
address-object ipv4 UpTimeRobot_Host15 host 146.185.143.14 zone WAN
address-object ipv4 UpTimeRobot_Host16 host 159.203.30.41 zone WAN
address-object ipv4 UpTimeRobot_Host17 host 159.89.8.111 zone WAN
address-object ipv4 UpTimeRobot_Host18 host 165.227.83.148 zone WAN
address-object ipv4 UpTimeRobot_Host19 host 178.62.52.237 zone WAN
address-object ipv4 UpTimeRobot_Host20 host 188.226.183.141 zone WAN
address-object ipv4 UpTimeRobot_Host21 host 216.144.250.150 zone WAN
address-object ipv4 UpTimeRobot_Network3 network 216.245.221.80 /28 zone WAN
exit
yes
configure
address-group ipv4 UPTimeRobot_IPs
address-object ipv4 UpTimeRobot_Host1
address-object ipv4 UpTimeRobot_Host2
address-object ipv4 UpTimeRobot_Host3
address-object ipv4 UpTimeRobot_Host4
address-object ipv4 UpTimeRobot_Host5
address-object ipv4 UpTimeRobot_Host6
address-object ipv4 UpTimeRobot_Host7
address-object ipv4 UpTimeRobot_Host8
address-object ipv4 UpTimeRobot_Host9
address-object ipv4 UpTimeRobot_Network1
address-object ipv4 UpTimeRobot_Network2
address-object ipv4 UpTimeRobot_Host10
address-object ipv4 UpTimeRobot_Host11
address-object ipv4 UpTimeRobot_Host12
address-object ipv4 UpTimeRobot_Host13
address-object ipv4 UpTimeRobot_Host14
address-object ipv4 UpTimeRobot_Host15
address-object ipv4 UpTimeRobot_Host16
address-object ipv4 UpTimeRobot_Host17
address-object ipv4 UpTimeRobot_Host18
address-object ipv4 UpTimeRobot_Host19
address-object ipv4 UpTimeRobot_Host20
address-object ipv4 UpTimeRobot_Host21
address-object ipv4 UptimeRobot_Network3
exit
exit
yes

As you can see it is very straight forward and should be easy to follow.

Hopefully it will help others when they are looking to perform the same task or similar on a SonicWall firewall or other vendor appliance.

Let us know in the comments if you use/modify it.


20 Comments

  • Thank you very much for creating this script!! 🙂 🙂
    I will use it to do 70+ objects and 2 groups for Zoom (ugh ugh UGH!!). 🙂 🙂

  • Awesome! Thank you very much for this. I added the following { Single Quote followed by Double Quote Ex: ‘” } to the line creating named entries, so I could have spaces in the names.

    Here is a example of the change on LINE 40 of your code. I added my changes before the $AddressObjectHostName and after $IP, which nets output with Quotes surrounding the name.

    Add-Content $OutputFilePath “address-object ipv4 `”$AddressObjectHostName $IP`” host $IP zone $Zone”

    Example Output:
    address-object ipv4 “Block 8.208.96.47” host 8.208.96.47 zone WAN

  • I am attempting to use this script for SolarWinds IP’s to exclude in Geo-IP protection however when I run the script right off the bat it returns the following parse error:

    At C:\admin\generate_addresses.ps1:28 char:1
    + Write-Host “Network Address: “$IP
    + ~~~~~~~~
    Unexpected token ‘Write-Host’ in expression or statement.
    + CategoryInfo : ParserError: ( : ) [], ParseException
    + FullyQualifiedErrorId : Unexpected Token

    I’ve tried googling but cannot get past this.

    • Hi Fred,
      Most probably it is the “” can you change them as when copying and pasting sometimes they are changed to a different format and they cause errors.
      If that doesn’t work can you try on a different pc?

      • I made sure they were proper quotations and got the error. I changed them to single quotes and still got the error. I then copied the script and csv to another machine and tried from there, same error. Happens when PS is ran as admin or not.

        I would truly love for this to work but I’m getting near the point where I just start hacking ’em in manually in the SW

          • Absolutely understand your point. I copy/paste from this page but there could be something else going on.

            I ran the following in PS by itself:
            Write-Host “Network Address: “$IP

            And that did not fail, so I do not think it is the formatting. I will continue to look into this. Thank you.

          • Brian, you were right. Copy/pasting somehow added a ‘ at the end of line 27. Remove it and the script completed successfully. Thanks for your replies!

  • what if you have a grouping of address objects that have IP (host), networks, range and FQDN ? how would you code that to work?
    sorry not very good at programming. but I do have a SW that has about 900 IPs spread across several groups that i need to export out of one sonicwall and import into another.

    • Hi Mike,
      I have updated the script to support FQDN addresses.
      The sonicwall CLI needs and exit after each FQDN entry at least on SonicOS 6.5. It may also be taht FQDN entries are not supported on previous versions of SonicOS.
      Hope it helps you and others.

    • Hi Josh,
      No. Don’t have a use for it and not an expert on it. You can modify the script to do ipv6 if you want.
      Have a look at the SonicwallOS cli guide to get the commands

Leave a Reply to tom Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Free Advertisement

    Advertisements
    hostifi.net
  • Advertisements
    Microsoft Office 365 Backup
  • Advertisements
  • Google Ads

    Advertisements
  • Connect with me

  • Site Menu

  • Follow me on Twitter

  • Advertisements