Closed Mooihoek closed 5 years ago
Hi @Mooihoek
There is no cmdlet for this for the moment...
For "wait", you can look Set-NsxEdge and edit manually the EdgeFirewallRules
Any idea when this will be supported? Manually configuring FW rules isnt really an option.
Do you have look via Set-NsxEdge ?
i can try to look...
Only Set-NsxEdgeFirewall, can only alter the default rule. Not sure set-nsxedge will work?
I work
for example
>$edge = get-nsxedge ALG-Edge
>$edge.features.firewall.firewallRules.firewallRule
id : 131074
ruleTag : 131074
name : firewall
ruleType : internal_high
enabled : true
loggingEnabled : false
description : firewall
action : accept
source : source
id : 131075
ruleTag : 131075
name : ALG-Rule
ruleType : user
enabled : true
loggingEnabled : false
description :
matchTranslated : false
action : accept
id : 131073
ruleTag : 131073
name : default rule for ingress traffic
ruleType : default_policy
enabled : true
loggingEnabled : false
description : default rule for ingress traffic
action : accept
>$edge.features.firewall.firewallRules.firewallRule[1]
id : 131075
ruleTag : 131075
name : ALG-Rule
ruleType : user
enabled : true
loggingEnabled : false
description :
matchTranslated : false
action : accept
>$edge.features.firewall.firewallRules.firewallRule[1].action = "deny"
>$edge | Set-NsxEdge
>$edge = get-nsxedge ALG-Edge
>$edge.features.firewall.firewallRules.firewallRule[1]
id : 131075
ruleTag : 131075
name : ALG-Rule
ruleType : user
enabled : true
loggingEnabled : false
description :
matchTranslated : false
action : deny
Get-NsxEdge have all configuration setting of a Edge (and you can modified a setting and push with Set-NsxEdge)
thanks very helpful thanks, is this documented anywhere? Any change of seeing the full script you used for this?
Documentation about what ?
it is a the full script for modified a Edge Firewall Rules.
I start to look to add a Set-NSXEdgeFirewallRule
FYI, i start to work on Set-NsxEdgeFirewallRule -> https://github.com/alagoutte/powernsx/commit/1bb786a12ebe0d764e9154876d2675cdf6f9adfe
You can try (i need to write test before summit...)
thanks great, do you have a simple example, e.g connect to NSX Manager, Query Edge, set Edge FW rule?
if you look the link, there is some example how to set a rule
and for connect / query, it is always the same method
When will it be possible to change the configuration of an existing Firewall Rule in the Edge from Allow/Deny?
I can change the default rule but what about other rules?
Get-NsxEdge Edge01 | Get-NsxEdgeFirewall | Set-NsxEdgeFirewall -DefaultRuleAction deny