VMware Cloud Community
SCharchouf
Hot Shot
Hot Shot
‎11-16-2020 08:43 AM

Get-VMHostFirewallException

I'm not sure if I'm on the correct way or no, so I'm asking for some guidance 🙂 

I'm trying to get all enabled services in all ESXi / vCenter in order to check if the service is set to "AllIP" or to specific IP 

#Connect to vCenter Server

Connect-VIServer = "vCenter1","vCenter2","vCenter3","vCenter4"

$VMHosts= Get-VMHost | Get-VMHostFirewallException | Where-Object {$_.Enabled -and ($_.ExtensionData.AllowedHosts.AllIP)}
$Results= @()

foreach ($VMHost in $VMHosts) {

}

Reply
0 Kudos
7 Replies
LucD
Leadership
Leadership
‎11-16-2020 08:53 AM

I'm not sure what the actual question is and why you have an empty foreach loop in that snippet.

All the info is there

Connect-VIServer = "vCenter1","vCenter2","vCenter3","vCenter4"

Get-VMHost | 
Get-VMHostFirewallException | 
Where-Object {$_.Enabled -and $_.ExtensionData.AllowedHosts.AllIP} |
Select @{N='VMHost';E={$_.VMHost.Name}}, 
    Name, Protocols, IncomingPorts, OutgoingPorts, ServiceRunning


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
SCharchouf
Hot Shot
Hot Shot
‎11-16-2020 09:11 AM

I thought we should do the same for all esxi in each vCenter.
Reply
0 Kudos
LucD
Leadership
Leadership
‎11-16-2020 09:13 AM

The Get-VMHost should do that.
Unless your vCenters are not configured in LinkedMode, then you will have to run the same for each vCenter


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
SCharchouf
Hot Shot
Hot Shot
‎11-16-2020 09:19 AM

that's what I was going to say, plus I'm trying to get the output per vcenter.

I'm trying to do my best, so far I think my level has improved a lot 🙂
Reply
0 Kudos
LucD
Leadership
Leadership
‎11-16-2020 09:23 AM

If you get all the ESXi nodes for all vCenters, you can include the vCenter.

Connect-VIServer = "vCenter1","vCenter2","vCenter3","vCenter4"

Get-VMHost | 
Get-VMHostFirewallException | 
Where-Object {$_.Enabled -and $_.ExtensionData.AllowedHosts.AllIP} |
Select @{N='vCenter';E={([uri]$_.VMHost.ExtensionData.Client.ServiceUrl).Host}},
    @{N='VMHost';E={$_.VMHost.Name}}, 
    Name, Protocols, IncomingPorts, OutgoingPorts, ServiceRunning


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
SCharchouf
Hot Shot
Hot Shot
‎11-16-2020 09:37 AM

it's possible to add the information related to IP?
I mean if it's set to All IP?
maybe it's me who is poorly expressed on the subject but here is the idea. in fact when you access "System", "Firewall" we find this information:
Service Name
TCP ports
UDP ports
Allowed IP addresses
Reply
0 Kudos
LucD
Leadership
Leadership
‎11-16-2020 09:45 AM

If you filter on AllIP there are no individual allowed IP addresses in the result.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply