search

vmware-archive / powernsx

PowerShell module that abstracts the VMware NSX-v API to a set of easily used PowerShell functions
173 stars 90 forks source link

Unable to add multiple networks in New-NsxEdgeFirewallRule #659

Closed AlexDubel closed 2 years ago

AlexDubel commented 2 years ago

Is your feature request related to a problem? Please describe.

Hi, I am trying to add multiple networks in one firewall rule. I have $NewNetPrefix variable with all my networks. $FwRulesInEdge = "Allow ICMP", "Allow Web" $NewNetPrefix = "192.168.1.0/24", "192.168.2.0/24", "192.168.3.0/24", "192.168.4.0/24", "192.168.5.0/24", "192.168.6.0/24" I am trying to use the command below but unfortunately unsucsesfully. New-NsxEdgeFirewallRule -EdgeFireWall $FwRule -Name "$($FwRulesInEdge[0])" -Action accept -Source $NewNetPrefix -Comment "Allow Ping to outside world" -Service "ICMP" I have tried 

$NewNetPrefix
[string]$NewNetPrefix
[string[]]$NewNetPrefix
[object]$NewNetPrefix

But no luck. I have tried to add one network only and other networks via Add-NsxFirewallRuleMember command but also no luck. Please help.

Describe the solution you'd like

Add all networks in one command. Add networks to existing firewall rule via Add-NsxFirewallRuleMember.

Describe alternatives you've considered

No response

Additional context

No response

alagoutte commented 2 years ago

Hi @AlexDubel

Do you have an error ?

can you add -Debug to the command ?

AlexDubel commented 2 years ago

I apologize for the delay with the answer. My test environment was utterly smashed. I just recovered it. 

[String[]]$NewNet = "192.168.1.0/24", "192.168.2.0/24", "192.168.3.0/24", "192.168.4.0/24", "192.168.5.0/24", "192.168.6.0/24", "192.168.7.0/24", "192.168.8.0/24", "10.1.10.0/24", "192.168.99.0/24"
$FwRulesInEdge = "Allow ICMP", "Allow Web"

The command is New-NsxEdgeFirewallRule -EdgeFireWall $FwRule -Name "$($FwRulesInEdge[0])" -Action accept -Source "$($NewNet)" -Comment "Allow Ping to outside world" -Service "ICMP"
The error is

New-NsxEdgeFirewallRule: C:\Users\oldubel\Documents\PowerShell\vCloud\New-Org-vCloud-create-11.ps1:237:111
Line |
 237 |  … me "$($FwRulesInEdge[0])" -Action accept -Source "$($NewNet)" -Commen …
     |                                                     ~~~~~~~~~~~~
     | Cannot validate argument on parameter 'Source'. Member is not a supported type.  Specify an object of type
     | VirtualWire,ClusterComputeResource,ResourcePool,MACSet,DistributedVirtualPortgroup,SecurityGroup,IPSet,VirtualApp,Network,DirectoryGroup,SecurityTag,VirtualMachine,Datacenter,Vnic.
alagoutte commented 2 years ago

Why do you are adding [String[]] before $newnet ?

AlexDubel commented 2 years ago

Why do you are adding [String[]] before $newnet ?

I have the same result without [string[]].

$NewNet = "192.168.1.0/24", "192.168.2.0/24", "192.168.3.0/24", "192.168.4.0/24", "192.168.5.0/24", "192.168.6.0/24", "192.168.7.0/24", "192.168.8.0/24", "10.1.10.0/24", "192.168.99.0/24"
...
Creating Allow ICMP rule.
New-NsxEdgeFirewallRule: C:\Users\oldubel\Documents\PowerShell\vCloud\New-Org-vCloud-create-11.ps1:237:111
Line |
 237 |  … me "$($FwRulesInEdge[0])" -Action accept -Source "$($NewNet)" -Commen …
     |                                                     ~~~~~~~~~~~~
     | Cannot validate argument on parameter 'Source'. Member is not a supported type.  Specify an object of type
     | VirtualWire,ClusterComputeResource,ResourcePool,MACSet,DistributedVirtualPortgroup,SecurityGroup,IPSet,VirtualApp,Network,DirectoryGroup,SecurityTag,VirtualMachine,Datacenter,Vnic.
AlexDubel commented 2 years ago

That construction (with pipeline) is working. $myedge = Get-NsxEdge | Where-Object {$PSItem.name -like "$OrgEdgeName"} Get-NsxEdgeFirewall -Edge $myedge | New-NsxEdgeFirewallRule -Name "SomeName" ` -Action accept -Source $($NewNet) -Comment "Allow Ping to outside world" -Service "ICMP"