Hi team ,
i am newbie in automation so seeking help here . I want to create a universal firewall rule in universal firewall section . I came to know that i can leverage NSX API to create a firewall rule in a universal section , but i have no idea how to automate that .
Requirement
1. Source :universal IP set ( not an IP address)
2 . Destination : Universal IP set
3. Applied to : Universal Logical Switch .
Below is what i tried :
I am able to publish a rule any any using "New-NSXfirewall rule
New-NsxFirewallRule -Name "tgtg" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch | Out-Null
But when i specify a source /destination i get below error.
New-NsxFirewallRule -Name "tgtg" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch -Source $ipset.objectId -Destination $ipset.objectId
Error :
PowerCLI H:\tarun> New-NsxFirewallRule -Name "tgtg" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch -Source (Get-NsxIpSet -Name "Tarun")
The property 'id' cannot be found on this object. Verify that the property exists.
At H:\powernsx-master\module\PowerNSX.psm1:27927 char:13
+ $ExistingIds = @($Section.rule.id)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
invoke-nsxwebrequest : Invoke-NsxWebRequest : The NSX API response received indicates a failure. 400 : Bad Request : Response Body:
{"errorCode":100030,"details":"Precondition failed. Please update the current configuration with latest generation
Number.","rootCauseString":null,"moduleName":"vShield App","errorData":null}
At H:\powernsx-master\module\PowerNSX.psm1:27956 char:21
+ ... $response = invoke-nsxwebrequest -method "put" -uri $URI -body $body ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (Invoke-NsxWebRequest:String) [Invoke-NsxWebRequest], InternalNsxApiException
+ FullyQualifiedErrorId : NsxAPIFailureResult,Invoke-NsxWebRequest
API call to NSX was successful, but was unable to interpret NSX API response as xml.
At H:\powernsx-master\module\PowerNSX.psm1:27962 char:13
+ throw "API call to NSX was successful, but was unable to ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (API call to NSX...esponse as xml.:String) [], RuntimeException
+ FullyQualifiedErrorId : API call to NSX was successful, but was unable to interpret NSX API response as xml.
PowerCLI H:\tarun> ^C
PowerCLI H:\tarun> New-NsxFirewallRule -Name "tgtg" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch -Source (Get-NsxIpSet -Name "Tarun")^C
PowerCLI H:\tarun> New-NsxFirewallRule -Name "tgtg-1" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch -Source (Get-NsxIpSet -Name "Tarun")
The property 'id' cannot be found on this object. Verify that the property exists.
At H:\powernsx-master\module\PowerNSX.psm1:27927 char:13
+ $ExistingIds = @($Section.rule.id)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], PropertyNotFoundException
+ FullyQualifiedErrorId : PropertyNotFoundStrict
invoke-nsxwebrequest : Invoke-NsxWebRequest : The NSX API response received indicates a failure. 400 : Bad Request : Response Body:
{"errorCode":100030,"details":"Precondition failed. Please update the current configuration with latest generation
Number.","rootCauseString":null,"moduleName":"vShield App","errorData":null}
At H:\powernsx-master\module\PowerNSX.psm1:27956 char:21
+ ... $response = invoke-nsxwebrequest -method "put" -uri $URI -body $body ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (Invoke-NsxWebRequest:String) [Invoke-NsxWebRequest], InternalNsxApiException
+ FullyQualifiedErrorId : NsxAPIFailureResult,Invoke-NsxWebRequest
API call to NSX was successful, but was unable to interpret NSX API response as xml.
At H:\powernsx-master\module\PowerNSX.psm1:27962 char:13
+ throw "API call to NSX was successful, but was unable to ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (API call to NSX...esponse as xml.:String) [], RuntimeException
+ FullyQualifiedErrorId : API call to NSX was successful, but was unable to interpret NSX API response as xml.
//
LucD /PowerCLI team .: please help me out here if you have a script to create a NSX universal firewall rule in a universal section ..
Requirement again :
Requirement
1. Source :universal IP set ( not an IP address)
2 . Destination : Universal IP set(( not an IP address))
3. Applied to : Universal Logical Switch .
I was going through Github and found a similar article which says i have to invoke-webrequest , then get the Etag header of section and append that section ..like a API call .. is there any powerNSX Cmdlet i can just use to create a firewall rule in universal section .
Thanks @lucd ,
I posted the same on GitHub ,the link you pasted. and got reply there .
Hi,
I'm afraid my NSX foo is not that strong to help you here.
As a suggestion, why don't you open an Issue with your question on the github PowerNSX repo?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks @lucd ,
I posted the same on GitHub ,the link you pasted. and got reply there .