VMware Cloud Community
luismendez85
VMware Employee
VMware Employee
‎08-09-2021 04:21 PM

Export Version of Distributed Firewall Filter on Hosts Script

Hello Everyone I dont know if this is the correct place to raise this question

I wanted to know if there is a kind of powershell script to gather to a text file or csv or whichever to easy analize the export version of Distributed Firewall, like the next KB article, 

https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/migration/GUID-993AB7A8-C560-43C0-B7B0-B5A58...

The Customer is in the process to migrate from NSX-V to NSX-T and they need to know the current export version

The customer has about 80 ESXi Hosts and when I run the first command, it gives me like 80 Filter names:

[root@esxi:~] vsipioctl getfilters | grep "Filter Name" | grep "sfw.2"

name: nic-2112467-eth0-vmware-sfw.2

name: nic-2112467-eth1-vmware-sfw.2

name: nic-2112467-eth2-vmware-sfw.2

Then I have to run the next command for every nic listed in the previous command, in order to identify the current export version.


[root@esxi:~] vsipioctl getexportversion -f nic-2112467-eth0-vmware-sfw.2

Current export version: 500 

However 80 hosts by 80 nics by host will 1600 iterations, so I wanted to get a kind of script to make it a utomaticall process.

Can anyone help me with this please.

Thanks in advance!

Regards!

 

0 Kudos
1 Reply
ssorellwj
Contributor
Contributor
‎02-18-2022 02:22 PM

You can use this as a basis if you like? It uses Posh-SSH and minimum PowerShell version 5.1.

# Gets Firewall Export Version prior to upgrade to T
# https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.1/migration/GUID-993AB7A8-C560-43C0-B7B0-B5A58EC6884D.html

$csv_path = "$($env:LogPath)\HostFwExportVersions_$(Get-Date -F "yyyyMMdd_HHmmss").csv"
$esxiCreds = Get-Credential -Username "root" -Message "Please enter ESXI root password"
$vcsaCreds = Get-Credential -Message "Please enter your vcsa admin username and password"

Connect-ViServer -server "" -credential $vcsaCreds
$vmhosts = Get-VMHost
$dfw_filter_exports = @()

foreach ($vmhost in $vmhosts) {

    # Start SSH session on host (saved pwd)
    $sshService = Get-VMHostService $vmhost | where Key -eq 'TSM-SSH'
    Start-VMHostService -HostService $sshService | out-null
    $session = New-SSHSession -ComputerName $vmhost -credential $esxiCreds -AcceptKey

    $dfw_filters = Invoke-SSHCommand -SessionId $session.sessionid -command "vsipioctl getfilters | grep 'Filter Name' | grep 'sfw.2' | awk -F': ' '{print`$2}'"
    foreach ($filter in $dfw_filters.output) {
        $result = Invoke-SSHCommand -SessionId $session.sessionid -command "vsipioctl getexportversion -f $filter | awk -F': ' '{print`$2}'"
        $dfw_filter_exports += [PSCustomObject]@{
            Host            = $result.host
            FilterName      = $filter
            ExportVersion   = $result.output[0]
        }
    }

    #Cleanup
    Remove-SshSession -session $session.sessionid
    Stop-VMHostService -HostService $sshService -confirm:$false | out-null

}

$dfw_filter_exports | Export-Csv $csv_path -notypeinformation

 

There's also this script which could be modified to just export the info. They use Posh-SSH as well.

PowerCLI-scripts/NSXV2T_ExportVersion_to_1000.ps1 at master · Datacenter-Dennisch/PowerCLI-scripts ·...