search

vmware-archive / powernsx

PowerShell module that abstracts the VMware NSX-v API to a set of easily used PowerShell functions
173 stars 89 forks source link

Altering a FW rules executionOrder has no effect. #499

Open gruffled opened 6 years ago

gruffled commented 6 years ago

I'm trying to shuffle the order of FW rules in a SecurityPolicy object, however the changes are not reflected in the GUI when pushed back using Set-NsxSecurityPolicy . The code is..

$policy = Get-NsxSecurityPolicy -Name $PolicyName
$fwRules = ($policy.actionsByCategory | Where-Object -Property category -eq firewall).action
foreach ($rule in $fwRules){
    if ($rule.name -eq "myRule"){
        $rule.executionOrder = "1"
    }
    else {
        $rule.executionOrder = ([int]$rule.executionOrder + 1).ToString()
    }
}
Set-NsxSecurityPolicy -Policy $policy -NoConfirm

The object of the above is to put myRule to the top and shuffle everything else down by one. Examining the $policy object afterwards the executionOrder is set correctly but ignored it seems. Note though that the XML rule node is still last in the ordering. I would hope that this wouldn't make a difference though.

gruffled commented 6 years ago

So, I've just read this in the API doc...

Output-only Parameters
• executionOrder - Defines the sequence in which actions belonging to an executionOrderCategory are executed.
Note that this is not an input parameter and its value is implied by the index in the list.

This implies to me that changing the execution order alone isn't enough (which is rubbish by the way). It also implies that reordering the rule node in the policy XML might work.

gruffled commented 6 years ago

So, reordering the XML does reorder the rules.