search

vmware-archive / powernsx

PowerShell module that abstracts the VMware NSX-v API to a set of easily used PowerShell functions
173 stars 90 forks source link

Allow/Deny Edge Firewall #565

Closed Mooihoek closed 5 years ago

Mooihoek commented 5 years ago

When will it be possible to change the configuration of an existing Firewall Rule in the Edge from Allow/Deny?

I can change the default rule but what about other rules?

Get-NsxEdge Edge01 | Get-NsxEdgeFirewall | Set-NsxEdgeFirewall -DefaultRuleAction deny

alagoutte commented 5 years ago

Hi @Mooihoek

There is no cmdlet for this for the moment...

For "wait", you can look Set-NsxEdge and edit manually the EdgeFirewallRules

Mooihoek commented 5 years ago

Any idea when this will be supported? Manually configuring FW rules isnt really an option.

alagoutte commented 5 years ago

Do you have look via Set-NsxEdge ?

i can try to look...

Mooihoek commented 5 years ago

Only Set-NsxEdgeFirewall, can only alter the default rule. Not sure set-nsxedge will work?

alagoutte commented 5 years ago

I work

for example 

>$edge = get-nsxedge ALG-Edge
>$edge.features.firewall.firewallRules.firewallRule
id             : 131074
ruleTag        : 131074
name           : firewall
ruleType       : internal_high
enabled        : true
loggingEnabled : false
description    : firewall
action         : accept
source         : source

id              : 131075
ruleTag         : 131075
name            : ALG-Rule
ruleType        : user
enabled         : true
loggingEnabled  : false
description     : 
matchTranslated : false
action          : accept

id             : 131073
ruleTag        : 131073
name           : default rule for ingress traffic
ruleType       : default_policy
enabled        : true
loggingEnabled : false
description    : default rule for ingress traffic
action         : accept

>$edge.features.firewall.firewallRules.firewallRule[1]     

id              : 131075
ruleTag         : 131075
name            : ALG-Rule
ruleType        : user
enabled         : true
loggingEnabled  : false
description     : 
matchTranslated : false
action          : accept

>$edge.features.firewall.firewallRules.firewallRule[1].action = "deny"
>$edge | Set-NsxEdge
>$edge = get-nsxedge ALG-Edge                                         
>$edge.features.firewall.firewallRules.firewallRule[1]                

id              : 131075
ruleTag         : 131075
name            : ALG-Rule
ruleType        : user
enabled         : true
loggingEnabled  : false
description     : 
matchTranslated : false
action          : deny

Get-NsxEdge have all configuration setting of a Edge (and you can modified a setting and push with Set-NsxEdge)

Mooihoek commented 5 years ago

thanks very helpful thanks, is this documented anywhere? Any change of seeing the full script you used for this?

alagoutte commented 5 years ago

Documentation about what ?

it is a the full script for modified a Edge Firewall Rules.

I start to look to add a Set-NSXEdgeFirewallRule

alagoutte commented 5 years ago

FYI, i start to work on Set-NsxEdgeFirewallRule -> https://github.com/alagoutte/powernsx/commit/1bb786a12ebe0d764e9154876d2675cdf6f9adfe

You can try (i need to write test before summit...)

Mooihoek commented 5 years ago

thanks great, do you have a simple example, e.g connect to NSX Manager, Query Edge, set Edge FW rule?

alagoutte commented 5 years ago

if you look the link, there is some example how to set a rule

and for connect / query, it is always the same method