Hi,
I have a script which enables us to upload 4k worth of firewall rules, but every time it executes, all existing rules are over written.
Is this something to do with the API or just a scripting issue - if so, can anyone suggest how to append on to the existing set?
Update:
So obviously the following line seems to create a new instance of the firewall:
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
Because the next 3 lines after are setting the main firewall parameters again - something you wouldn't need to do if we were just adding new rules to the existing firewall.
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
Is there a way to use a PowerShell command such as add-member rather than new-object?
param (
[parameter(Mandatory = $true, HelpMessage="vCD Server")][alias("-server","s")][ValidateNotNullOrEmpty()][string[]]$CIServer,
[parameter(Mandatory = $true, HelpMessage="Org")][alias("-vOrg","o")][ValidateNotNullOrEmpty()][string[]]$orgName,
[parameter(Mandatory = $true, HelpMessage="OrgNet")][alias("-orgNet","n")][ValidateNotNullOrEmpty()][string[]]$orgNet,
[parameter(Mandatory = $true, HelpMessage="CSV Path")][alias("-file","f")][ValidateNotNullOrEmpty()][string[]]$csvFile
)
# Add in the VI Toolkit
if ( (Get-PSSnapin -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue) -eq $null ) {
Add-PSsnapin VMware.VimAutomation.Core
}
if ( (Get-PSSnapin -Name VMware.VimAutomation.Cloud -ErrorAction SilentlyContinue) -eq $null ) {
Add-PSsnapin VMware.VimAutomation.Cloud
}
try {
Connect-CIServer -Server $CIServer 2>&1 | out-null
} catch {
Exit
}
#Search EdgeGW
try {
$myOrgNet = Get-Org -Name $orgName | Get-OrgNetwork -Name $orgNet
$edgeHREF = $myOrgNet.ExtensionData.EdgeGateway.Href
$edgeView = Search-Cloud -QueryType EdgeGateway -ErrorAction Stop | Get-CIView | where {$_.href -eq $edgeHREF}
} catch {
[System.Windows.Forms.MessageBox]::Show("Exception: " + $_.Exception.Message + " - Failed item:" + $_.Exception.ItemName ,"Error.",0,[System.Windows.Forms.MessageBoxIcon]::Exclamation)
Exit
}
#Item to Configure Services
$edgeView.Configuration.EdgeGatewayServiceConfiguration
$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = @()
Ipcsv -path $csvFile |
foreach-object
{
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
$rowNum = $_.Num -as [int]
$fwService.FirewallRule[$rowNum].description = $_.Descr
$fwService.FirewallRule[$rowNum].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
switch ($_.Proto)
{
"tcp" { $fwService.FirewallRule[$rowNum].protocols.tcp = $true }
"udp" { $fwService.FirewallRule[$rowNum].protocols.udp = $true }
"any" { $fwService.FirewallRule[$rowNum].protocols.any = $true }
default { $fwService.FirewallRule[$rowNum].protocols.any = $true }
}
$fwService.FirewallRule[$rowNum].sourceip = $_.SrcIP
if ($_.SrcPort -eq "any" ) { $srcPort = "-1" } else { $srcPort = $_.SrcPort }
$fwService.FirewallRule[$rowNum].sourceport = $srcPort
$fwService.FirewallRule[$rowNum].destinationip = $_.DstIP
$fwService.FirewallRule[$rowNum].destinationportrange = $_.DstPortRange
$fwService.FirewallRule[$rowNum].policy = $_.Policy
#$fwService.FirewallRule[$rowNum].direction = $_.Direction
#$fwService.FirewallRule[$rowNum].MatchOnTranslate = [System.Convert]::ToBoolean($_.MatchOnTranslate)
$fwService.FirewallRule[$rowNum].isenabled = [System.Convert]::ToBoolean($_.isEnabled)
$fwService.FirewallRule[$rowNum].enablelogging = [System.Convert]::ToBoolean($_.EnableLogging)
}
#configure Edge
$edgeView.ConfigureServices($fwService)
Thanks,
Scott.
