Hi, I am trying to add firewall rules to a vApp Network in vCloud Director 5.1 with PowerCli 5.1.  This script appears to update, with no errors, but a refresh of the firewall setting reveals no change.

Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password xxxxxx -WarningAction SilentlyContinue

$vAppNet = Get-CIVAPP 111 | get-civappnetwork vApp_Network
$vApp = Get-CIVAPP 111

$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()

$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule[0].isenabled = $true
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"

$vAppNet.extensiondata.configuration.features += $fwService
$networkConfigSection.UpdateServerData()

-------------------------------------------------------------------------------------------

when I run $vAppNet.extensiondata.configuration.features to check to see if it was added, I see it below highlighted in red...

PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI for Tenants> $vAppNet.extensiondata.configuration.features

DefaultAction    : drop

LogDefaultAction : False
FirewallRule     :
IsEnabled        : True
AnyAttr          :
VCloudExtension  :

NatType         : ipTranslation
Policy          : allowTrafficIn
NatRule         :
ExternalIp      :
IsEnabled       : True
AnyAttr         :
VCloudExtension :

DefaultAction    : drop
LogDefaultAction : False
FirewallRule     : {, }
IsEnabled        : True
AnyAttr          :
VCloudExtension  :

-------------------------------------------------------------------------------------------------------------

Changing the script a little produces an error during the update.................

-------------------------------------------------------------------------------------------------------------

Connect-CIServer -Server server.domain.local -Org org01 -User administrator -Password xxxxxx -WarningAction SilentlyContinue

$vAppNet = get-civappnetwork vApp_Network

$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq "vApp_Network"}

$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $false
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule 
$fwService.FirewallRule[0].isenabled = $false
$fwService.FirewallRule[0].description = "TS from TSG"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.tcp = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].port = "3389"
$fwService.FirewallRule[0].destinationIp = "Any"
$fwService.FirewallRule[0].sourceport = "3389"
$fwService.FirewallRule[0].sourceip = "192.168.1.81-192.168.1.89"
$fwService.FirewallRule[0].direction = "in"

$vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
$vAppNetwork.configuration.features += $fwService
$networkConfigSection.UpdateServerData()

----------------------------

Error

----------------------------

Exception calling "UpdateServerData" with "0" argument(s): "Bad request  - Unexpected JAXB Exception  - cvc-complex-type.2.4.b: The content of element 'FirewallRule' is not complete. One of '{"http://www.

vmware.com/vcloud/v1.5":VCloudExtension, "http://www.vmware.com/vcloud/v1.5":Id, "http://www.vmware.com/vcloud/v1.5":IsEnabled, "http://www.vmware.com/vcloud/v1.5":MatchOnTranslate, "http://www.vmware.com

/vcloud/v1.5":Description, "http://www.vmware.com/vcloud/v1.5":Policy, "http://www.vmware.com/vcloud/v1.5":Protocols, "http://www.vmware.com/vcloud/v1.5":IcmpSubType, "http://www.vmware.com/vcloud/v1.5":P

ort, "http://www.vmware.com/vcloud/v1.5":DestinationPortRange, "http://www.vmware.com/vcloud/v1.5":DestinationIp, "http://www.vmware.com/vcloud/v1.5":DestinationVm}' is expected."

At line:1 char:39

+ $networkConfigSection.UpdateServerData <<<< ()

    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : DotNetMethodException

I have not been able to figure out how to update successfully.  Please, any help would be greatly apprecieated.