1 Reply Latest reply on Jan 5, 2016 11:15 AM by alanrenouf

    Trying to create Edge Gateway firewall rules

    Mark Brookfield Enthusiast
    vExpert

      Hi,

       

      I'm trying to create a few simple Edge Gateway firewalls rule in vCloud Air using the following:

       

      # Variables

       

      $region = "de-ge"

      $regionstar = $region + "*"

      $credential = Get-Credential

       

      # Connect to vCloud Air

      Connect-PIServer -vCA -credential $credential -WarningAction 0 -ErrorAction 0

       

      # Connect to compute instance

      Get-PIComputeInstance -Region $regionstar | Connect-PIComputeInstance -WarningAction 0 -ErrorAction 0

       

      # Select Edge Services Gateway

      $edgeGateway = Search-Cloud -QueryType edgegateway | Where-Object {$_.Name -eq "gateway"}

       

      # Generate view

      $edgeView = $edgeGateway | Get-CIView

       

      # Item to Configure Services

      $edgeView.Configuration.EdgeGatewayServiceConfiguration

       

      # Begin configuration

      $fwService = New-Object vmware.vimautomation.cloud.views.firewallservice

      $fwService.DefaultAction = "drop"

      $fwService.LogDefaultAction = $false

      $fwService.IsEnabled = $true

      $fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule

      $fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule

       

      Ipcsv -path $csvFile | ForEach {

       

        $fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule

       

        $rowNum = $_.Num -as [int]

       

        $fwService.FirewallRule[$rowNum].Id = $_.Num

        $fwService.FirewallRule[$rowNum].description = $_.Descr

        $fwService.FirewallRule[$rowNum].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols

       

        switch ($_.Proto)

        {

        "tcp" { $fwService.FirewallRule[$rowNum].protocols.tcp = $true }

        "udp" { $fwService.FirewallRule[$rowNum].protocols.udp = $true }

        "any" { $fwService.FirewallRule[$rowNum].protocols.any = $true }

        default { $fwService.FirewallRule[$rowNum].protocols.any = $true }

        }

       

        $fwService.FirewallRule[$rowNum].sourceip = $_.SrcIP

       

        if ($_.SrcPort -eq "any" ){

       

        $srcPort = "-1"

       

        } else {

       

        $srcPort = $_.SrcPort

       

        }

       

        $fwService.FirewallRule[$rowNum].sourceport = $srcPort

        $fwService.FirewallRule[$rowNum].destinationip = $_.DstIP

        $fwService.FirewallRule[$rowNum].destinationportrange = $_.DstPortRange

        $fwService.FirewallRule[$rowNum].policy = $_.Policy

        $fwService.FirewallRule[$rowNum].direction = $_.Direction

        $fwService.FirewallRule[$rowNum].MatchOnTranslate = [System.Convert]::ToBoolean($_.MatchOnTranslate)

        $fwService.FirewallRule[$rowNum].isenabled = [System.Convert]::ToBoolean($_.isEnabled)

        $fwService.FirewallRule[$rowNum].enablelogging = [System.Convert]::ToBoolean($_.EnableLogging)

       

      }

       

      # Apply rules

      $edgeView.ConfigureServices($fwservice)

       

      # Disconnect from vCloud Air

      Disconnect-PIServer -Confirm:$false

       

      CSV consists of:

       

      Num,Descr,Proto,SrcIP,SrcPort,DstIP,DstPortRange,Policy,Direction,MatchOnTranslate,isEnabled,EnableLogging

      0,Allow SSH in,tcp,any,any,192.168.109.0/24,22,allow,in,true,true,false

      1,Allow HTTP in,tcp,any,any,192.168.109.0/24,80,allow,in,true,true,false

      2,Allow all outgoing,any,any,any,any,any,allow,out,true,true,false

       

      However I get the following error:

       

      Exception calling "ConfigureServices" with "1" argument(s): "Bad request  - Unexpected JAXB Exception  - cvc-complex-type.2.4.b: The content of element 'q1:FirewallRule' is not complete. One of

      '{"http://www.vmware.com/vcloud/v1.5":VCloudExtension, "http://www.vmware.com/vcloud/v1.5":Id, "http://www.vmware.com/vcloud/v1.5":IsEnabled, "http://www.vmware.com/vcloud/v1.5":MatchOnTranslate,

      "http://www.vmware.com/vcloud/v1.5":Description, "http://www.vmware.com/vcloud/v1.5":Policy, "http://www.vmware.com/vcloud/v1.5":Protocols, "http://www.vmware.com/vcloud/v1.5":IcmpSubType, "http://www.vmware.com/vcloud/v1.5":Port,

      "http://www.vmware.com/vcloud/v1.5":DestinationPortRange, "http://www.vmware.com/vcloud/v1.5":DestinationIp, "http://www.vmware.com/vcloud/v1.5":DestinationVm}' is expected."

      At C:\Users\mark\Dropbox\runme.ps1:41 char:1

      + $edgeView.ConfigureServices($fwService)

      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

          + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException

          + FullyQualifiedErrorId : CloudException

       

      Obviously I'm missing something. Any ideas what it could be?

       

      Any help is greatly appreciated,

       

       

      -Mark