1 person found this helpful
The problem is if you add any rules though vShield Manager on the Edge Gateway firewall tab they are removed any time you edit the Edge in vCloud Director.
Correct. This is expected because vCD keeps a list of all the rules and pushes out the full list each time the rule set is updated.
Dose anyone have any experience with this or have a good way to template, automate or improve the provisioning process of Edge devices?
You can use the vCloud REST API to create and push out the rules. There might be some of a learning curve to get there, but the features are present to allow you to automate creating an Edge Gateway with firewall rules without having to click a bunch of things.
I'm fairly certain that you'll find assistance via searching around for what you need automation wise. There is likely PowerCLI, REST, or other coded options if you can find them.
That was the answer i was afraid of, was hoping i could get away without any scripting or API integration.
I'll see what i can fined!
I did give that a read but was hoping there was a non script based answer, because I'm lazy : )
I originally asked the question in the other thread that been linked to this one. I eventually came up with some scripts that do export/import of vShield Edge FW and NAT rules via the vCloud API.
I hope these are of some use to others.
vCloud API and PowerCLI – Import/Export vShield Edge NAT rules
vCloud API and PowerCLI – Import/Export vShield Edge FW Rules
Importing and Exporting vApp FW Rules