Automation

 View Only

 vCenter Firewall Rule creation

Jump to  Best Answer
terpstrajs's profile image
terpstrajs posted Nov 07, 2024 03:27 PM

I am trying to import vCenter firewall rules using Get-CisService com.vmware.appliance.networking.firewall.inbound.  I'm new to this, so i'm looking for some help that i haven't been able to find with Google searching.  

I've figured out how to connect and view the current rules but i'm struggling how to set new rules. Any guidance on how to set the rule list?

I start with this:

$CISFirewall = Get-CisService -Name 'com.vmware.appliance.networking.firewall.inbound'

Then i used this to get the Firewall list, but them i'm not sure how i format the Set() method.  I'm hoping to import the entire list in 1 go and overwrite what is there.

$CISFirewall.Get()

Thanks!

LucD's profile image
LucD  Best Answer

With the PowerCLI 13.* releases the new module VMware.Sdk.vSphere.Appliance.Networking makes this somewhat easier (instead of using the CIS services).

Provided you have a CSV file with the following layout

address,prefix,policy,interface
192.168.10.77,24,ACCEPT,nic0
192.168.100.88,24,IGNORE,nic0
192.168.2.200,16,REJECT,nic0
192.168.1.66,24,RETURN,nic0


you can do something like this

$rules = @()

Import-Csv -Path .\rules.csv -PipelineVariable row |
ForEach-Object -Process {
  $rules += Initialize-NetworkingFirewallInboundRule -Address $row.address -Prefix $row.prefix -Policy $row.policy -InterfaceName $row.interface
}
$body = Initialize-NetworkingFirewallInboundSetRequestBody -Rules $rules
Invoke-SetNetworkingFirewallInbound -NetworkingFirewallInboundSetRequestBody $body -WithHttpInfo


With $result.StatusCode -ne 500 you can check if the call succeeded.