Hello,
I need help with modifying a firewall rule in NSX, using the API. I do not know how to format the request body, to get past an error 500 (response: <?xml version="1.0" encoding="UTF-8"?><error><details> : input contained no data</details><errorCode>100</errorCode></error>)
I've used information provided in the NSX 6.2 API documentation, there are however some discrepancies therein.
I use the following path:
<rule id="1415" disabled="false" logged="false">
<name>RULE_EDIT_TEST</name>
<action>allow</action>
<notes>TESTComment</notes>
<appliedToList>
<appliedTo>
<value>10.1.2.3</value>
<type>Ipv4Address</type>
<isValid>true</isValid>
</appliedTo>
<appliedTo>
<name>VM1-test</name>
<value>vm-9636</value>
<type>VirtualMachine</type>
<isValid>true</isValid>
</appliedTo>
</appliedToList>
<sectionId>1335</sectionId>
<direction>inout</direction>
<packetType>any</packetType>
<sources>
<source>
<value>10.1.2.3</value>
<type>Ipv4Address</type>
<isValid>true</isValid>
</source>
</sources>
<destinations>
<destination>
<name>VM1-test</name>
<value>vm-9636</value>
<type>VirtualMachine</type>
<isValid>true</isValid>
</destination>
</destinations>
<services>
<service>
<isValid>true</isValid>
<destinationPort>3389</destinationPort>
<protocol>6</protocol>
<protocolName>TCP</protocolName>
</service>
</services>
</rule>
Each time the above is executed, I get the response error 500. I use a REST Client and have also wrapped all of the above up into a vRO workflow.
I've tried changing the scope to:
<appliedTo> | |
<name>DISTRIBUTED_FIREWALL</name> | |
<value>DISTRIBUTED_FIREWALL</value> | |
<type>DISTRIBUTED_FIREWALL</type> | |
<isValid>true</isValid> | |
</appliedTo> |
since I use the same scope when creating new sections.
There are also some discrepancies in the documentation, section "Modify Firewall Rule":
Is there something missing in the request body?
EDIT 30.11:
I've deconstructed my vRO workflow and rebuilt a simple version of it. You can try it yourself, just set the values for hostResource and restOperation in the nested workflows. The "GET NSX DFW Section and Rule" workflow needs a GET request, the "Edit DFW Rule PUT request" needs the PUT request.
I've made following changes to the above listed values:
- Content-Type of the PUT request is text/xml, not application/xml
- I've added the attribute excluded="false" to the <sources> and <destinations> nodes in the request body
- set the scope to DISTRIBUTED_FIREWALL
This works when executed in vRO, I still the same error as described in the beginning of the post when executing the request in my REST client (fiddler). Maybe the fault lies in a misconfiguration of the client, I don't know, since I cannot use FF with RESTClient or Postman in the environment.