VMware Aria Automation Orchestrator

 View Only

  • 1.  Creating a firewall rule on NSX manager from VRO

    Posted Jun 06, 2018 12:38 AM

    Hi All,

    Created a work flow using existing workflow "Create Firewall Layer 3 Section" and entered the values for all the inputs. But its failing to execute with the following error.

    |  'output': name=firewallSection type=NSX:FirewallSection value=null

    |  'no inputs'

    --workflow: 'Create Firewall Layer 3 Section' (ccaf987f-fd4b-458f-8118-71bfe8692128)

      |  'input': name=connection type=NSX:Connection value=dunes://service.dunes.ch/CustomSDKObject?id='3869bbfb-bf38-42fe-80cd-514fc481bdd2'&dunesName='NSX:Connection'

      |  'input': name=sectionName type=string value=SecurityPolicy-Global :: NSX Service Composer - Firewall

      |  'input': name=listRules type=Array/CompositeType(ruleName:string,enabled:boolean,action:string,direction:string,packetType:string,logging:boolean,appliedToList:Array/string,isSourcesExcluded:boolean,sourcesList:Array/string,isDestinationsExcluded:boolean,destinationsList:Array/string,services:Array/string,serviceGroups:Array/string):NSXFirewallSectionRulesWithSAndSG value=#{#CompositeType(ruleName:string,enabled:boolean,action:string,direction:string,packetType:string,logging:boolean,appliedToList:Array/string,isSourcesExcluded:boolean,sourcesList:Array/string,isDestinationsExcluded:boolean,destinationsList:Array/string,services:Array/string,serviceGroups:Array/string):NSXFirewallSectionRulesWithSAndSG##[#packetType#=#string#icmp#+#appliedToList#=#Array##{#string#any#}##+#destinationsList#=#Array##{#string#any#}##+#isSourcesExcluded#=#boolean#false#+#serviceGroups#=#Any#Any#__NULL__#+#sourcesList#=#Array##{#string#any#}##+#isDestinationsExcluded#=#boolean#false#+#services#=#Any#Any#__NULL__#+#enabled#=#boolean#false#+#ruleName#=#string#TestRule#+#action#=#string#Allow#+#logging#=#boolean#false#+#direction#=#string#Any#]##}#

      |  'input': name=operation type=string value=insert_after

      |  'input': name=anchorId type=string value=

      |  'input': name=autoSaveDraft type=string value=true

      |  'output': name=firewallSection type=NSX:FirewallSection value=null

      |  'no attributes'

    *** End of execution stack.

    Lot of variables are unknown and I could not find any documentation. Please help. I am listing some of them below.

    1. Connection: Gave NSX connection information
    2. sectionToGet = Ignored it
    3. sectionName = Input name of the firewall group.
    4. operation = insert_after
    5. autoSaveDraft = true
    6. anchorId = not sure what should be the value

    Also while creating firewall rule, following inputs need to be given and I don't find any documentation to input these values. Please help.

    1. ruleName = TestRule
    2. action = Allow
    3. direction = Any (not sure of all the available values)
    4. packetType = icmp
    5. appliedToList = any
    6. isSourcesExcluded = no
    7. sourcesList = any
    8. is DestinationsExcluded = no
    9. destinationsList = any
    10. services = I didn’t provide any value
    11. serviceGroups = I didn’t provide any value

    Thanks,

    Sarath



  • 2.  RE: Creating a firewall rule on NSX manager from VRO

    Broadcom Employee
    Posted Jun 06, 2018 05:41 PM

    Hi,

    The NSX plug-in is not implemented/supported by vRO team, and I'm not sure whether NSX guys are visiting vRO forums regularly, so you may want to post the same question also on NSX community forum, which is available at https://communities.vmware.com/community/vmtn/nsx



  • 3.  RE: Creating a firewall rule on NSX manager from VRO

    Broadcom Employee
    Posted Oct 18, 2018 04:47 PM

    Hi,

    Not sure if you were able to figure out what is the expected value of the anchor id, but in case you're still wondering.

    The anchor id should be equal to the Id of the Firewall Section that match where you wish to add the new section (before or after)

    For example, if you wish to add a section before the default section - layer 3 you would add the id (in my case) 1003

    These Firewall Section Id's can be found either via

    • the vRO NSX plugin inventory (see attachment)
    • REST API
      • https://[NSX Manager FQDN]/api/4.0/firewall/globalroot-0/config/layer3sections?name=L3 - Default Section
        • "section" id="1003"
    • Also available if you hit the information button in the firewall section (see attachment)

    Thanks!



  • 4.  RE: Creating a firewall rule on NSX manager from VRO

    Posted Feb 14, 2023 08:17 PM
      |   view attached

    I am using below mentioned composite type input variable in my vRO 7.6 to get details of multiple FIrewall Rules in one request . However when I use this workflow as XaaS from vRA ..array/string variable inside composite Type variable is not appear as array in vRA request form instead it appears as plain text box .

    Any solution for this or is any bug here ? Response is highly appreciated 

    Composite Type input Variable :

    input': name=listRules type=Array/CompositeType(ruleName:string,enabled:boolean,action:string,direction:string,packetType:string,logging:boolean,appliedToList:Array/string,isSourcesExcluded:boolean,sourcesList:Array/string,isDestinationsExcluded:boolean,destinationsList:Array/string,services:Array/string,serviceGroups:Array/string):