Appending Firewall Rules to vShield Edge with PowerCLI Script

Hi,

I have a script which enables us to upload 4k worth of firewall rules, but every time it executes, all existing rules are over written.

Is this something to do with the API or just a scripting issue - if so, can anyone suggest how to append on to the existing set?

param (

[parameter(Mandatory = $true, HelpMessage="vCD Server")][alias("-server","s")][ValidateNotNullOrEmpty()][string[]]$CIServer,

[parameter(Mandatory = $true, HelpMessage="Org")][alias("-vOrg","o")][ValidateNotNullOrEmpty()][string[]]$orgName,

[parameter(Mandatory = $true, HelpMessage="OrgNet")][alias("-orgNet","n")][ValidateNotNullOrEmpty()][string[]]$orgNet,

[parameter(Mandatory = $true, HelpMessage="CSV Path")][alias("-file","f")][ValidateNotNullOrEmpty()][string[]]$csvFile

)

# Add in the VI Toolkit

if ( (Get-PSSnapin -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue) -eq $null ) {

Add-PSsnapin VMware.VimAutomation.Core

}

if ( (Get-PSSnapin -Name VMware.VimAutomation.Cloud -ErrorAction SilentlyContinue) -eq $null ) {

Add-PSsnapin VMware.VimAutomation.Cloud

}

try {

Connect-CIServer -Server $CIServer 2>&1 | out-null

} catch {

Exit

}

#Search EdgeGW

try {

  $myOrgNet = Get-Org -Name $orgName | Get-OrgNetwork -Name $orgNet

  $edgeHREF = $myOrgNet.ExtensionData.EdgeGateway.Href

  $edgeView = Search-Cloud -QueryType EdgeGateway -ErrorAction Stop | Get-CIView | where {$_.href -eq $edgeHREF}

} catch {

[System.Windows.Forms.MessageBox]::Show("Exception: " + $_.Exception.Message + " - Failed item:" + $_.Exception.ItemName ,"Error.",0,[System.Windows.Forms.MessageBoxIcon]::Exclamation)

  Exit

}

#Item to Configure Services

$edgeView.Configuration.EdgeGatewayServiceConfiguration

$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice

$fwService.DefaultAction = "drop"

$fwService.LogDefaultAction = $false

$fwService.IsEnabled = $true

$fwService.FirewallRule = @()

Ipcsv -path $csvFile |

foreach-object

{

$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule

$rowNum = $_.Num -as [int]

$fwService.FirewallRule[$rowNum].description = $_.Descr

$fwService.FirewallRule[$rowNum].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols

switch ($_.Proto)

{

"tcp" { $fwService.FirewallRule[$rowNum].protocols.tcp = $true }

"udp" { $fwService.FirewallRule[$rowNum].protocols.udp = $true }

"any" { $fwService.FirewallRule[$rowNum].protocols.any = $true }

default { $fwService.FirewallRule[$rowNum].protocols.any = $true }

}

$fwService.FirewallRule[$rowNum].sourceip = $_.SrcIP

if ($_.SrcPort -eq "any" ) { $srcPort = "-1" } else { $srcPort = $_.SrcPort }

$fwService.FirewallRule[$rowNum].sourceport = $srcPort

$fwService.FirewallRule[$rowNum].destinationip = $_.DstIP

$fwService.FirewallRule[$rowNum].destinationportrange = $_.DstPortRange

$fwService.FirewallRule[$rowNum].policy = $_.Policy

#$fwService.FirewallRule[$rowNum].direction = $_.Direction

#$fwService.FirewallRule[$rowNum].MatchOnTranslate = [System.Convert]::ToBoolean($_.MatchOnTranslate)

$fwService.FirewallRule[$rowNum].isenabled = [System.Convert]::ToBoolean($_.isEnabled)

$fwService.FirewallRule[$rowNum].enablelogging = [System.Convert]::ToBoolean($_.EnableLogging)

}

#configure Edge

$edgeView.ConfigureServices($fwService)

Thanks,

Scott.