VMware vCloud

 View Only
Back to discussions
Expand all | Collapse all

Create Firewall Rule in existing routed network

  • 1.  Create Firewall Rule in existing routed network

    Posted Feb 17, 2014 02:23 PM

    I am trying something I thought would of been quite simple I want to simply create a firewall rule on a routed network.

    I have copied someone elses code from another post but modified it as below didn't want to hijack there post so have posted a new discussion here.

    connect-ciserver cloud.xxx.emea.xxx.com -user xxxxxxx -password xxxxxxx

    Connect-VIServer -Server xxx.xxx.xxx.xxx

    $myOrgInput = "orgname"
    $myvAppInput = "vappname"
    $myNetwork = "xxx-xxxxxxxx-org-ext-rn-1"

    $myOrg = Get-Org -Name $myOrgInput

    $vApps = Get-CIVApp -Name $myvAppInput -Org $myOrg

    foreach ($vApp in $vApps) {
    $vApp

        $networkConfigSection = $vApp.ExtensionData.GetNetworkConfigSection()
    $networkConfigSection
        $vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq $myNetwork}
    $vAppNetwork
        $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
        $fwService.DefaultAction = "allow"
        $fwService.LogDefaultAction = $true
        $fwService.IsEnabled = $true
        $fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
    # First Rule - RDP

        $fwService.FirewallRule[0].isenabled = $true
        $fwService.FirewallRule[0].description = "RDP"
        $fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
        $fwService.FirewallRule[0].protocols.Tcp = $true
        $fwService.FirewallRule[0].policy = "allow"
        $fwService.FirewallRule[0].port = "3389"
        $fwService.FirewallRule[0].destinationIp = "internal"
        $fwService.FirewallRule[0].sourceip = "external"

        $vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
        $vAppNetwork.configuration.features += $fwService
        $networkConfigSection.UpdateServerData()
    }

    I get an error when I run this script on vcloud 1.5

    Exception calling "UpdateServerData" with "0" argument(s): "Bad request  - Unex

    pected JAXB Exception  - cvc-complex-type.2.4.b: The content of element 'NatRul

    e' is not complete. One of '{"http://www.vmware.com/vcloud/v1.5":VCloudExtensio

    n, "http://www.vmware.com/vcloud/v1.5":Description, "http://www.vmware.com/vclo

    ud/v1.5":OneToOneBasicRule, "http://www.vmware.com/vcloud/v1.5":OneToOneVmRule,

    "http://www.vmware.com/vcloud/v1.5":PortForwardingRule, "http://www.vmware.com

    /vcloud/v1.5":VmRule}' is expected."

    At line:24 char:43

    +     $networkConfigSection.UpdateServerData <<<< ()

        + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException

        + FullyQualifiedErrorId : DotNetMethodException

    If I run this on vcloud 5.1 the script runs through without any errors but the firewall rule is not created.

    If anyone could help I would be most grateful.