Another question on running a PowerCLI script to change the firewall settings on a VMware Host.
When I run the script below and the "rulesetid" does not contain any spaces, it runs just fine.
However, if the rulesetid has a space I get the following error message:
Message: EsxCLI.CLIFault.summary;
InnerText: Invalid Ruleset Id.EsxCLI.CLIFault.summary
At line:1 char:1
+ $ESXcli.network.firewall.ruleset.set.Invoke($arguments1)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [], MethodFault
+ FullyQualifiedErrorId : VMware.VimAutomation.Sdk.Types.V1.ErrorHandling.VimException.MethodFault
The output for the hash table is:
Name Value
---- -----
allowedall False
rulsetid SSH Client
I have also set the $Security.Name variable in quotes ($Security.'Name' and $Security."Name") which resulted in the rulesetid to be in quotes ("SSH Client).
foreach ($Security in $SecurityProfile1) {
$arguments1 = @{"rulesetid"= $Security.Name
"allowedall" = $Security.Allowed}
$ESXcli.network.firewall.ruleset.set.Invoke($arguments1)
$ESXcli.network.firewall.ruleset.allowedip.add.Invoke($arguments2)
}
Any suggestions, etc. would be greatly appreciated.
Thanks.
The name your seeing in the Web Client and via the Get-VMHostFirewallException is not the rulesetid but the Summary field.
The rulesetid that you need in $esxcli.network.firewall.ruleset.set, is in fact the Name field coming from $esxcli.network.firewall.ruleset.list.
For the 'SSH Client' that rulesetid is in fact sshClient.
I would suggest you update your CSV with the real rulesetid.
In fact you can create a table for that
Get-VMHost -Name $esxName |
Get-VMHostFirewallException |
Select Name, @{N = 'rulesetid'; E = {$_.Extensiondata.Key}}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Can you give a bit more context?
Did you add the new rules directly into the services.xml on the ESXi node?
Where is the content of $SecurityProfile1 coming from? Is that something you read in from a file?
And is there a specific reason you need a blank in the new FW rule?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
No, I did not add the rules to the services.xml file on the ESXi node.
The content for $SecurityProfile1 is coming from a .csv file which has the headers "Name" for the rulessetid and "Allowed" for the allowedall values. The PowerCLI line in the script is: $SecurityProfile1 = Import-Csv -Path 'C:\Test.csv
If you are asking about a space between SSH and Client, the space is present in the name when seen in vSphere Web Client and when I pull the firewall information with PowerCLI using Get-VMHostFirewallException -VMHost <VMHostName>
The name your seeing in the Web Client and via the Get-VMHostFirewallException is not the rulesetid but the Summary field.
The rulesetid that you need in $esxcli.network.firewall.ruleset.set, is in fact the Name field coming from $esxcli.network.firewall.ruleset.list.
For the 'SSH Client' that rulesetid is in fact sshClient.
I would suggest you update your CSV with the real rulesetid.
In fact you can create a table for that
Get-VMHost -Name $esxName |
Get-VMHostFirewallException |
Select Name, @{N = 'rulesetid'; E = {$_.Extensiondata.Key}}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Worked like a charm!!!!!
Thanks!