Solved: Re: Adding a new Firewall Rule in each ESX hosts - Page 3

Vimal348 · ‎07-29-2020

Hello,

Can someone please help me on this:
We have almost 400 ESX hosts sitting in multiple vCenters. As a part of syslog configuration we have to add a new rule in each ESX hosts since we are using a different port for its communication as per syslog team. Some of the esx hosts already have that Firewall rule created. But many of them are missing.

Here I have the ESX hosts name (FQDN) in one notepad, that require the new firewall rule needed. Lets say notepad name is; 'ESXhostName' and its location is: D:\ESX

To create new Firewall rule in esx host, I have copied the firewall xml file (Lets say it name is: 'CompanyFirewall') in my local drive: D:\File\CompanyFirewall.xml

This is the xml file:

<id>concast backport</id>

<direction>outbound</direction>

</rule>

<required>false</required>

</service>

Task:

Adding this xml file in each esx hosts is time consuming. Hence can someone please help me creating a script that I can

> Get the esx hosts from that notepad and

> login with root credentials and

> copy the xml file from my local drive and paste it in the esx hosts firewall location: /etc/vmware/firewall and (Not sure how can it possible)

> Refresh the firewall for each esx host (We may need to modify this command as per the script)

Got the below commands for refreshing the firewall from this link: vSphere PowerCLI - Configure syslog on VMware ESXi hosts and Enable security profile firewall | vGee...

$esxcli = Get-EsxCli -VMHost esxi002.vcloud-lab.com -V2

$esxcli.network.firewall.refresh.Invoke()

> Disconnect the host from the session

> Get the next host from the notepad and do the same task again

Vimal348 · ‎08-05-2020

Also to work the command: esxcli network firewall refresh, I have to remove that '-ErrorAction Stop' from the script;

This worked too

$session = New-SSHSession -ComputerName $esxFQDN -Credential $cred –AcceptKey

Invoke-SSHCommand -SSHSession $session -Command ' esxcli network firewall refresh'

LucD · ‎08-05-2020

Then use the 1st script.
This has been going on long enough

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

LucD · ‎08-05-2020

When the file copy fails in the Try-Catch, the SSH session will not be executed for that ESXi node.

I'm wondering, have you ever used PowerSHell/PowerCLI before?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Vimal348 · ‎08-05-2020

Sure, thank you very much.

Your second script also worked perfectly except that SSH display for the incorrect password.

I really appreciate your time with this matter. Thank you very much again. I am going to create one more script for copying that file in all the esx hosts in the vCenter using your scripts.

Once again, Thank you very much...

Vimal348 · ‎08-05-2020

No, I have not. This is my beginning. I am in the very initial stage. Very recently started using power shell

LucD · ‎08-05-2020

No problem.
You didn't pick an easy task to start :smileygrin:

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Vimal348 · ‎08-05-2020

Yes, I know. My situations demanded. This is my second one going through.

But I really appreciate your time for this script and the explanations. Thank you.

All

Adding a new Firewall Rule in each ESX hosts