VMware Cloud Community
shaffan331987
Enthusiast
Enthusiast
‎12-10-2014 06:25 AM
Jump to solution

Can you copy the firewall settings from one host (or text file) to another

Basically i want to be able to grab the firewall settings from one ESXi host and pipe it to another host.  I am using host profiles and realize that the host profiles won't actually delete a firewall setting if it's not listed in the host profile, so we can get in a situation where a new firewall setting has been added and the host profile won't remove it.  Thanks!

0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
‎12-10-2014 10:13 AM
Jump to solution

Indeed, the cmdlet apparently can only be used to enable/disable specific rules on the same ESXi node.

My mistake.

Then I'm afraid you will have to revert to using SSH, see for example ESXi Custom Firewall Rule – Automation using Powercli and PLINK


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

0 Kudos
4 Replies
LucD
Leadership
Leadership
‎12-10-2014 09:56 AM
Jump to solution

Doesn't this do the trick ?

Get-VMHostFirewallException -VMHost SourceEsx | Set-VMHostFirewallException -VMHost TargetEsx


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
shaffan331987
Enthusiast
Enthusiast
‎12-10-2014 10:03 AM
Jump to solution

Nope.  It seems that set-vmhostfirewallexception is just used for setting specific settings:

Set-VMHostFirewallException : A parameter cannot be found that matches

parameter name 'vmhost'.

0 Kudos
LucD
Leadership
Leadership
‎12-10-2014 10:13 AM
Jump to solution

Indeed, the cmdlet apparently can only be used to enable/disable specific rules on the same ESXi node.

My mistake.

Then I'm afraid you will have to revert to using SSH, see for example ESXi Custom Firewall Rule – Automation using Powercli and PLINK


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Ninesunz
Contributor
Contributor
‎06-09-2022 11:22 AM
Jump to solution

$esxcliSource = Get-EsxCli -vmhost <your source esxi host>
     foreach($esxhost in $hosts){
     $esxcliTarget = Get-EsxCli -vmhost $esxhost
     $fwset = $esxcliSource.network.firewall.ruleset.allowedip.list.invoke() | ?{$_.allowedipaddresses -notlike "All"} | foreach {$_.ruleset}
     foreach($rule in $fwset){
          $ips = $esxcliSource.network.firewall.ruleset.allowedip.list($rule) | foreach{$_.allowedipaddresses}
          $esxcliTarget.network.firewall.ruleset.set($false,$true,$rule)
          foreach($ip in $ips){
               $esxcliTarget.network.firewall.ruleset.allowedip.add($ip,$rule)
          }
      }
}

0 Kudos