VMware Cloud Community
AHuntington
Enthusiast
Enthusiast
‎07-10-2016 06:05 AM

Edge Gateway Rules Overwritten/Deleted

Hi Guys,

Not sure if I'm going at this the correct way but the challenge we have is creating rule sets within new Edge devices, each devices needs 30-40 rules to be configured.

To better manage this i started adding the required rules from vShield Manager rather than vCloud Director console as you can use predefined  groups for source, destination and service making the config much quicker.

The problem is if you add any rules though vShield Manager on the Edge Gateway firewall tab they are removed any time you edit the Edge in vCloud Director.

Dose anyone have any experience with this or have a good way to template, automate or improve the provisioning process of Edge devices?

Thanks in advance,

Alex

0 Kudos
5 Replies
IamTHEvilONE
Immortal
Immortal
‎07-11-2016 05:54 AM

The problem is if you add any rules though vShield Manager on the Edge Gateway firewall tab they are removed any time you edit the Edge in vCloud Director.

Correct.  This is expected because vCD keeps a list of all the rules and pushes out the full list each time the rule set is updated.

Dose anyone have any experience with this or have a good way to template, automate or improve the provisioning process of Edge devices?

You can use the vCloud REST API to create and push out the rules.  There might be some of a learning curve to get there, but the features are present to allow you to automate creating an Edge Gateway with firewall rules without having to click a bunch of things.

I'm fairly certain that you'll find assistance via searching around for what you need automation wise.  There is likely PowerCLI, REST, or other coded options if you can find them.

AHuntington
Enthusiast
Enthusiast
‎07-11-2016 05:57 AM

Thanks Mate,

That was the answer i was afraid of, was hoping i could get away without any scripting or API integration.

I'll see what i can fined!

0 Kudos
AdamRushUK
Enthusiast
Enthusiast
‎07-12-2016 10:22 AM

This may help: vCloud: vShield Edge FW Rules

VCP-Cloud | VCP5-DCV | MCITP:EA | MCSE | CCNA | CCAA LinkedIn: https://www.linkedin.com/in/adamrushuk | Twitter : @adamrushuk
AHuntington
Enthusiast
Enthusiast
‎07-12-2016 09:11 PM

Thanks Adam,

I did give that a read but was hoping there was a non script based answer, because I'm lazy : )

0 Kudos
dmcdave212
Enthusiast
Enthusiast
‎09-06-2016 02:20 PM

I originally asked the question in the other thread that been linked to this one.  I eventually came up with some scripts that do export/import of vShield Edge FW and NAT rules via the vCloud API.

I hope these are of some use to others.

vCloud API and PowerCLI – Import/Export vShield Edge NAT rules
http://www.vscratchpad.com/export-vshield-edge-nat-rules-from-vcloud-director/

vCloud API and PowerCLI – Import/Export vShield Edge FW Rules
http://www.vscratchpad.com/vcloud-api-and-powercli-importexport-vshield-edge-fw-rules/

Importing and Exporting vApp FW Rules
http://www.vscratchpad.com/importexport-of-vapp-fw-rules/

Dave

0 Kudos