VMware Networking Community
TarunGuptaAccen
Enthusiast
Enthusiast
Jump to solution

Powernsx :Script to create a universal firewall rule in universal Firewall section (not use service composer )

Hi team ,

   i am newbie in automation so seeking help here .  I want to create a universal firewall rule in universal firewall section .   I came to know that i can leverage NSX API to create a firewall rule in a universal section , but i have no idea how to automate that .

Requirement

1. Source  :universal IP set ( not an IP address)

2 . Destination : Universal IP set

3. Applied to : Universal Logical Switch .

Below is what i tried :

I am able to publish a rule any any  using  "New-NSXfirewall rule

New-NsxFirewallRule -Name "tgtg" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch | Out-Null

But when i specify a source /destination i get below error.

New-NsxFirewallRule -Name "tgtg" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch -Source $ipset.objectId -Destination $ipset.objectId

Error :

PowerCLI H:\tarun> New-NsxFirewallRule -Name "tgtg" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch -Source (Get-NsxIpSet -Name "Tarun")

The property 'id' cannot be found on this object. Verify that the property exists.

At H:\powernsx-master\module\PowerNSX.psm1:27927 char:13

+             $ExistingIds = @($Section.rule.id)

+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [], PropertyNotFoundException

    + FullyQualifiedErrorId : PropertyNotFoundStrict

invoke-nsxwebrequest : Invoke-NsxWebRequest : The NSX API response received indicates a failure. 400 : Bad Request : Response Body:

{"errorCode":100030,"details":"Precondition failed. Please update the current configuration with latest generation

Number.","rootCauseString":null,"moduleName":"vShield App","errorData":null}

At H:\powernsx-master\module\PowerNSX.psm1:27956 char:21

+ ... $response = invoke-nsxwebrequest -method "put" -uri $URI -body $body  ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidResult: (Invoke-NsxWebRequest:String) [Invoke-NsxWebRequest], InternalNsxApiException

    + FullyQualifiedErrorId : NsxAPIFailureResult,Invoke-NsxWebRequest

API call to NSX was successful, but was unable to interpret NSX API response as xml.

At H:\powernsx-master\module\PowerNSX.psm1:27962 char:13

+             throw "API call to NSX was successful, but was unable to  ...

+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : OperationStopped: (API call to NSX...esponse as xml.:String) [], RuntimeException

    + FullyQualifiedErrorId : API call to NSX was successful, but was unable to interpret NSX API response as xml.

PowerCLI H:\tarun> ^C

PowerCLI H:\tarun> New-NsxFirewallRule -Name "tgtg" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch -Source (Get-NsxIpSet -Name "Tarun")^C

PowerCLI H:\tarun> New-NsxFirewallRule -Name "tgtg-1" -Action allow -Direction inout -EnableLogging -Section $section -AppliedTo $logicalswitch -Source (Get-NsxIpSet -Name "Tarun")

The property 'id' cannot be found on this object. Verify that the property exists.

At H:\powernsx-master\module\PowerNSX.psm1:27927 char:13

+             $ExistingIds = @($Section.rule.id)

+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [], PropertyNotFoundException

    + FullyQualifiedErrorId : PropertyNotFoundStrict

invoke-nsxwebrequest : Invoke-NsxWebRequest : The NSX API response received indicates a failure. 400 : Bad Request : Response Body:

{"errorCode":100030,"details":"Precondition failed. Please update the current configuration with latest generation

Number.","rootCauseString":null,"moduleName":"vShield App","errorData":null}

At H:\powernsx-master\module\PowerNSX.psm1:27956 char:21

+ ... $response = invoke-nsxwebrequest -method "put" -uri $URI -body $body  ...

+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : InvalidResult: (Invoke-NsxWebRequest:String) [Invoke-NsxWebRequest], InternalNsxApiException

    + FullyQualifiedErrorId : NsxAPIFailureResult,Invoke-NsxWebRequest

API call to NSX was successful, but was unable to interpret NSX API response as xml.

At H:\powernsx-master\module\PowerNSX.psm1:27962 char:13

+             throw "API call to NSX was successful, but was unable to  ...

+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : OperationStopped: (API call to NSX...esponse as xml.:String) [], RuntimeException

    + FullyQualifiedErrorId : API call to NSX was successful, but was unable to interpret NSX API response as xml.

//

LucD​ /PowerCLI team .: please help me out here if you have a script  to create a  NSX universal firewall rule in a universal section ..

Requirement again  :

Requirement

1. Source  :universal IP set ( not an IP address)

2 . Destination : Universal IP set(( not an IP address))

3. Applied to : Universal Logical Switch .

I was going through Github and found a similar article which says i have to invoke-webrequest , then get the Etag header of section and append that section ..like a API call ..  is there any powerNSX Cmdlet i can just use to create a firewall rule in universal section .

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
TarunGuptaAccen
Enthusiast
Enthusiast
Jump to solution

Thanks @lucd ,

  I posted the same on GitHub   ,the link you pasted. and got reply there .

View solution in original post

Reply
0 Kudos
2 Replies
LucD
Leadership
Leadership
Jump to solution

Hi,
I'm afraid my NSX foo is not that strong to help you here.
As a suggestion, why don't you open an Issue with your question on the github PowerNSX repo?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

TarunGuptaAccen
Enthusiast
Enthusiast
Jump to solution

Thanks @lucd ,

  I posted the same on GitHub   ,the link you pasted. and got reply there .

Reply
0 Kudos