search

vmware-archive / powernsx

PowerShell module that abstracts the VMware NSX-v API to a set of easily used PowerShell functions
173 stars 90 forks source link

export the firewall section and import firewall #553

Closed vTechworld closed 6 years ago

vTechworld commented 6 years ago

Hi Need to import the firewall section with rules and export it into other DC putting all applied on any.

Is there any way we can do this. Please help me.

Thanks, vTechworld

nmbradford commented 6 years ago

Sure, PowerNSX gives you all the building blocks necessary to do this, but it is still a bespoke process to construct a script that will do exactly what you need.

From experience, you will learn that you need to consider all the things that firewall rules rely on and how you are going to migrate them first (ip sets, services, service groups, security groups etc) as well as how you want to translate between DC1 and DC2 (for instance, if VM1 is a member of SG1 in site one, what do you want to do for SG1 in site 2 as part of the migration - VM1 is not 'known' in site 2). Needless to say this isnt necessarily trivial, but the complexity depends completely on how your security policy is put together, and something that is outside the scope of PowerNSX itself.

Good luck!