Automation

 View Only
  • 1.  VMware host firewall rulesetid that contains a space.

    Posted Mar 08, 2019 08:31 PM

    Another question on running a PowerCLI script to change the firewall settings on a VMware Host.

    When I run the script below and the "rulesetid" does not contain any spaces, it runs just fine.

    However, if the rulesetid has a space I get the following error message:

    Message: EsxCLI.CLIFault.summary;
    InnerText: Invalid Ruleset Id.EsxCLI.CLIFault.summary
    At line:1 char:1
    + $ESXcli.network.firewall.ruleset.set.Invoke($arguments1)
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OperationStopped: (:) [], MethodFault
        + FullyQualifiedErrorId : VMware.VimAutomation.Sdk.Types.V1.ErrorHandling.VimException.MethodFault

    The output for the hash table is:

    Name                           Value
    ----                           -----    
    allowedall        False 
    rulsetid                       SSH Client

    I have also set the $Security.Name variable in quotes ($Security.'Name' and $Security."Name") which resulted in the rulesetid to be in quotes ("SSH Client).

    foreach ($Security in $SecurityProfile1) {

        $arguments1 = @{"rulesetid"= $Security.Name
                        "allowedall" = $Security.Allowed}    

    $ESXcli.network.firewall.ruleset.set.Invoke($arguments1)
    $ESXcli.network.firewall.ruleset.allowedip.add.Invoke($arguments2)
    }

    Any suggestions, etc. would be greatly appreciated.

    Thanks.



  • 2.  RE: VMware host firewall rulesetid that contains a space.

    Posted Mar 08, 2019 09:05 PM

    Can you give a bit more context?

    Did you add the new rules directly into the services.xml on the ESXi node?

    Where is the content of $SecurityProfile1 coming from? Is that something you read in from a file?

    And is there a specific reason you need a blank in the new FW rule?



  • 3.  RE: VMware host firewall rulesetid that contains a space.

    Posted Mar 08, 2019 09:21 PM

    No, I did not add the rules to the services.xml file on the ESXi node.

    The content for $SecurityProfile1 is coming from a .csv file which has the headers "Name" for the rulessetid and "Allowed" for the allowedall values. The PowerCLI line in the script is: $SecurityProfile1 = Import-Csv -Path 'C:\Test.csv

    If you are asking about a space between SSH and Client, the space is present in the name when seen in vSphere Web Client and when I pull the firewall information with PowerCLI using Get-VMHostFirewallException -VMHost <VMHostName>



  • 4.  RE: VMware host firewall rulesetid that contains a space.
    Best Answer

    Posted Mar 08, 2019 09:41 PM

    The name your seeing in the Web Client and via the Get-VMHostFirewallException is not the rulesetid but the Summary field.

    The rulesetid that you need in $esxcli.network.firewall.ruleset.set, is in fact the Name field coming from $esxcli.network.firewall.ruleset.list.

    For the 'SSH Client' that rulesetid is in fact sshClient.

    I would suggest you update your CSV with the real rulesetid.

    In fact you can create a table for that

    $esxName = 'MyEsx'

    Get-VMHost -Name $esxName |

       Get-VMHostFirewallException |

      Select Name, @{N = 'rulesetid'; E = {$_.Extensiondata.Key}}



  • 5.  RE: VMware host firewall rulesetid that contains a space.

    Posted Mar 09, 2019 04:31 PM

    Worked like a charm!!!!!

    Thanks!