I would like to create a script that can help me to get From the vSphere Client select the ESXi Host the properties for each enabled service for Firewall and review the incoming requests where it is allowed from "All" IPs.
the ENV. is very huge and we need on the first step identify the configuration and then found a way via script to set the correct configuration
any idea?
Something like this perhaps?
ForEach-Object -Process {
$esxcli = Get-EsxCli -VMHost $esx -V2
$esxcli.network.firewall.ruleset.rule.list.Invoke() |
Select @{N='VMHost';E={$esx.Name}},RuleSet,
@{N='Enabled';E={$esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid="$($_.Ruleset)"}).Enabled}},
Direction,Protocol,PortBegin,PortEnd,PortType
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Something like this perhaps?
ForEach-Object -Process {
$esxcli = Get-EsxCli -VMHost $esx -V2
$esxcli.network.firewall.ruleset.rule.list.Invoke() |
Select @{N='VMHost';E={$esx.Name}},RuleSet,
@{N='Enabled';E={$esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid="$($_.Ruleset)"}).Enabled}},
Direction,Protocol,PortBegin,PortEnd,PortType
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thank you
can I add information AllowedIP Addresses after PortType?
Sure, try like this
ForEach-Object -Process {
$esxcli = Get-EsxCli -VMHost $esx -V2
$esxcli.network.firewall.ruleset.rule.list.Invoke() |
select @{N = 'VMHost'; E = { $esx.Name } }, RuleSet,
@{N = 'Enabled'; E = { $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = "$($_.Ruleset)" }).Enabled } },
Direction, Protocol, PortBegin, PortEnd, PortType,
@{N = 'AllowedIP'; E = { ($esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid = "$($_.Ruleset)" })).AllowedIPAddresses -join '|' } }
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks for sharing. This script works for me.
Can we modify this script to export these results in a CSV file.
Just add the Export-Csv after the last curly brace.
Get-VMHost -PipelineVariable esx |
ForEach-Object -Process {
$esxcli = Get-EsxCli -VMHost $esx -V2
$esxcli.network.firewall.ruleset.rule.list.Invoke() |
select @{N = 'VMHost'; E = { $esx.Name } }, RuleSet,
@{N = 'Enabled'; E = { $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = "$($_.Ruleset)" }).Enabled } },
Direction, Protocol, PortBegin, PortEnd, PortType,
@{N = 'AllowedIP'; E = { ($esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid = "$($_.Ruleset)" })).AllowedIPAddresses -join '|' } }
} | Export-Csv -Path .\report.csv -NoTypeInformation -UseCulture
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference