IKE Load Balancer
The script configures everything that is necessary to configure an IKE load balancer for a the head office (including DMZ network, VRRP and route).
/**
* @param {Config} config
* @param {Context} context
* Do not edit this comment or parameter types. Required for code suggestions
*/
exports.main = function (config, context) {
// Required variables:
// VRID = string
// VRRP_IP = string
// VRRP_PRIO = string
// DMZ_IP = string
// DMZ_GW = string
// LOAD_PASSWORD = string
if (context.network.isCentralGateway) {
// /Setup/TCP-IP/Network-list/
var networkList = config.getTableByOid("1.2.7.30");
var rowDmz = networkList.createNewRow();
rowDmz.setByOid("1", "DMZ"); //Network-name
rowDmz.setByOid("2", context.vars.DMZ_IP); //IP-Address
rowDmz.setByOid("3", "255.255.255.0"); //IP-Netmask
rowDmz.setByOid("4", "1"); //VLAN-ID
rowDmz.setByOid("5", "256"); //Interface (257 = LAN-2)
rowDmz.setByOid("6", "0"); //Src-check (0 = Loose)
rowDmz.setByOid("7", "2"); //Type (2 = DMZ)
rowDmz.setByOid("8", "0"); //Rtg-Tag
rowDmz.setByOid("9", "demilitarized zone"); //Comment
networkList.addOrMerge(rowDmz);
// /Setup/IP-Router/IP-Routing-Table/
var routingTable = config.getTableByOid("1.2.8.2");
var routeToGw = routingTable.createNewRow();
routeToGw.setByOid("1", "255.255.255.255"); //IP-Address
routeToGw.setByOid("2", "0.0.0.0"); //IP-Netmask
routeToGw.setByOid("8", "0"); //Rtg-tag
routeToGw.setByOid("6", "0"); //Active (No (1), Yes (0), Semi (2))
routeToGw.setByOid("3", context.vars.DMZ_GW); //Peer-or-IP
routeToGw.setByOid("4", "0"); //Distance
routeToGw.setByOid("5", "0"); //Masquerade (No (0), on (1), intranet (2))
routeToGw.setByOid("7", ""); //Comment
routingTable.addOrMerge(routeToGw);
config.setScalarByOid("1.2.102.12", "DMZ"); //Loopback-Adresse für LMC
config.setScalarByOid("1.2.8.21.1", "1"); //VRRP Operating
config.setScalarByOid("1.2.8.21.3", "30"); //VRRP Reconnect-Delay
// /Setup/IP-Router/VRRP/VRRP-List
var vrrpList = config.getTableByOid("1.2.8.21.2");
var vrrpRow = vrrpList.createNewRow();
vrrpRow.setByOid("1", context.vars.VRID); //VRID
vrrpRow.setByOid("2", context.vars.VRRP_IP); //Virtual IP
vrrpRow.setByOid("3", context.vars.VRRP_PRIO); //VRRP Prio
vrrpList.addOrMerge(vrrpRow);
config.setScalarByOid("1.2.19.50.1", "1"); //VPN Loadbalancer Operating
// /Setup/VPN/Load-Balancer/Instances
var lbInstances = config.getTableByOid("1.2.19.50.2");
var lbInstance = lbInstances.createNewRow();
lbInstance.setByOid("1", context.vars.VRID); //VRID
lbInstance.setByOid("2", context.vars.DMZ_IP); //Redirect-Target
lbInstance.setByOid("4", "DEFAULT"); //Message-Profile
lbInstances.addOrMerge(lbInstance);
// /Setup/VPN/Load-Balancer/Message-Profiles
var messageProfiles = config.getTableByOid("1.2.19.50.3");
var profile = messageProfiles.createNewRow();
profile.setByOid("1", "DEFAULT"); //Profile-Name
profile.setByOid("2", "DMZ"); //Interface
profile.setByOid("3", "239.255.22.11"); //Address
profile.setByOid("4", "1987"); //Port
profile.setByOid("5", "2000"); //Interval
profile.setByOid("6", "3000"); //Holdtime
profile.setByOid("7", "5"); //Replay-Window
profile.setByOid("8", "15"); //Max-Time-Skew
profile.setByOid("9", context.vars.LOAD_PASSWORD); //Secret
profile.setByOid("10", "3"); //Cipher (3 = AES-256-CGM)
profile.setByOid("11", "1"); //HMAC (1 = 96-Bits)
messageProfiles.addOrMerge(profile);
}
};