Solved: ESXi Firewall details

lElOUCHE_79 · ‎03-21-2023

I created the below script in order to collect information regarding the Firewall service, unfortunately I got an empty CSV, not sure what I'm missing

# Import VMware PowerCLI module

if (!(Get-Module -Name VMware.VimAutomation.Core) -and (Get-Module -ListAvailable -Name VMware.VimAutomation.Core))

{

Write-Output "loading the VMware Core Module..."

Import-Module -Name VMware.VimAutomation.Core -ErrorAction Stop

}

$vCenter = Read-Host "Please entrer vCenter FQDN or IP"

$credential = Get-Credential

Connect-VIServer -Server $vCenter -Credential $credential

$report = foreach ($server in $vCenterServerListing) {

Connect-VIServer $server -Credential $credential

Get-VMHost -PipelineVariable esx |

ForEach-Object -Process {

$esxcli = Get-EsxCli -VMHost $esx -V2

$esxcli.network.firewall.ruleset.rule.list.Invoke() |

Select-Object @{N = 'VMHost'; E = { $esx.Name } }, RuleSet,

@{N = 'Enabled'; E = { $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = "$($_.Ruleset)" }).Enabled } },

Direction, Protocol, PortBegin, PortEnd, PortType,

@{N = 'AllowedIP'; E = { ($esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid = "$($_.Ruleset)" })).AllowedIPAddresses -join '|' } }

}

$report | Export-Csv -Path .\report.csv -NoTypeInformation -UseCulture

LucD · ‎03-21-2023

Are you running this against multiple vCenters?
That loop over the content of $vCenterServerListing is not required.

Also, there is no need to explicitly load a module.

Try something like this

$vCenter = Read-Host "Please entrer vCenter FQDN or IP"
$credential = Get-Credential

Connect-VIServer -Server $vCenter -Credential $credential

Get-VMHost -PipelineVariable esx | ForEach-Object -Process {
    $esxcli = Get-EsxCli -VMHost $esx -V2
    $esxcli.network.firewall.ruleset.rule.list.Invoke() |
    Select-Object @{N = 'VMHost'; E = { $esx.Name } }, RuleSet,
        @{N = 'Enabled'; E = { $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = "$($_.Ruleset)" }).Enabled } },
        Direction, Protocol, PortBegin, PortEnd, PortType,
        @{N = 'AllowedIP'; E = { ($esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid = "$($_.Ruleset)" })).AllowedIPAddresses -join '|' } }
} | Export-Csv -Path .\report.csv -NoTypeInformation -UseCulture

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎03-21-2023

Are you running this against multiple vCenters?
That loop over the content of $vCenterServerListing is not required.

Also, there is no need to explicitly load a module.

Try something like this

$vCenter = Read-Host "Please entrer vCenter FQDN or IP"
$credential = Get-Credential

Connect-VIServer -Server $vCenter -Credential $credential

Get-VMHost -PipelineVariable esx | ForEach-Object -Process {
    $esxcli = Get-EsxCli -VMHost $esx -V2
    $esxcli.network.firewall.ruleset.rule.list.Invoke() |
    Select-Object @{N = 'VMHost'; E = { $esx.Name } }, RuleSet,
        @{N = 'Enabled'; E = { $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = "$($_.Ruleset)" }).Enabled } },
        Direction, Protocol, PortBegin, PortEnd, PortType,
        @{N = 'AllowedIP'; E = { ($esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid = "$($_.Ruleset)" })).AllowedIPAddresses -join '|' } }
} | Export-Csv -Path .\report.csv -NoTypeInformation -UseCulture

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

lElOUCHE_79 · ‎03-21-2023

I got it, it's working fine and I understand my mistake. thanks 🙂