======== xmlcheck ======== WatchGuard policy XML check utility. xmlcheck is used to find duplicate aliases and services xmlcheck is part of `WatchGuard Toolbox Project `_ Installation ------------ Prerequisites ............. this php projects needs composer for building the class autoloader and and ensuring the SimpleXML extension is installed. .. code-block:: shell ~/xmlcheck$ composer install Loading composer repositories with package information Updating dependencies (including require-dev) Nothing to install or update Writing lock file Generating autoload files ~/xmlcheck$ Usage ----- .. code-block:: shell $ ./xmlcheck.php Command summary --------------- .. code-block:: shell xmlcheck v0.8 Usage: ./xmlcheck.php args|commands -h, --help this help file -i, --infile filename inputfile filename -f, --file filename inputfile filename commands: --alias aliasname print alias aliasname --list-aliases lists all aliases --list-policies lists all policies --list-types lists all services(policy types) --list-tags lists all tags --list-nats lists all nats --list-tunnels lists all BOVPN (Gateway-)Tunnels --info lists general info --warnings lists warnings (differences to best practice) internal commands: --fwcheck output full information used for communication with fwcheck filters: these filters need --list-policy, may be used multiple times and together. --filter-name name only show policies matching name (regexp) --filter-exclude-name name only show policies not matching name (regexp) --filter-type type only show policies matching type --filter-exclude-type type only show policies not matching type --filter-to alias only show policies using alias in to --filter-from alias only show policies using alias in from --filter-action action only show policies using action (Deny|Allow|Proxy) --filter-tag tag only show policies using tag these filters need --list-types, may be used multiple times and together. --filter-type type only show types matching type --filter-port port only show types using port (e.g. '25/tcp') special filters --filter-port-mail only show policies having ports 25/110/143/465/587/993/995 example: --list-policies --filter-type HTTPS --filter-to Any-External \ --filter-from Any-Trusted --filter-from Any-Optional will display policies of type HTTPS from (Any-Trusted or Any-Optional) to Any-External options: -v, --verbose verbose output -E, --enabled only show enabled policies (= skip disabled policies) -D, --disabled only show disabled policies (= skip enabled policies) -N, --nospace change spaces to dots in policy name output -u, --unused only show unused (aliases/tags/etc.) --json currently only available with info - output in json format --json-pretty same as --json, but uses JSON_PRETTY_PRINT debug: --simplexmlout print SimpleXML structure as read from xmlfile Listing aliases --------------- .. code-block:: shell $ ./xmlcheck.php -i -l $ ./xmlcheck.php -i --listaliases Description ........... List all aliases from the xml file. Options ....... -v, --verbose verbose output -u, --unused show only unused objects Arguments ......... -i, --infile filename inputfile filename (mandatory) Display single alias -------------------- .. code-block:: shell $ ./xmlcheck.php -i -a Description ........... Displays one single alias. Options ....... -v, --verbose verbose output Arguments ......... -i, --infile filename inputfile filename (mandatory) Listing services ---------------- .. code-block:: shell $ ./xmlcheck.php -i -s $ ./xmlcheck.php -i --listservices Description ........... List all services from the xml file. Options ....... -v, --verbose verbose output -u, --unused show only unused objects Arguments ......... -i, --infile filename inputfile filename (mandatory) Listing tags ---------------- .. code-block:: shell $ ./xmlcheck.php -i -t $ ./xmlcheck.php -i --listtags Description ........... List all tags from the xml file. Options ....... -v, --verbose verbose output -u, --unused show only unused objects Arguments ......... -i, --infile filename inputfile filename (mandatory) Listing policies ---------------- .. code-block:: shell $ ./xmlcheck.php -i -p $ ./xmlcheck.php -i --listpolicies Description ........... List all policies from the xml file. Options ....... -v, --verbose verbose output -E, --enabled only show enabled policies (= skip disabled policies) -D, --disabled only show disabled policies (= skip enabled policies) Arguments ......... -i, --infile filename inputfile filename (mandatory) API documentation & download ---------------------------- * `phpdoc api documentation `_ * `github repository `_ Changelog --------- * 2025-07-07 - v0.8 - added json output and lots of parameters to explore * 2020-07-27 - v0.4 - added -E and -D for enabled/disabled policies * 2019-09-11 - v0.3 - fixed "--listtags --unused" - now correct if more than one tag per policy * 2019-09-06 v0.2 - added --listtags * 2019-08-24 v0.1 - initial release