Skip to content

Instantly share code, notes, and snippets.

@Zsoldier

Zsoldier/Get-NSXESGFirewallRuleReport.ps1

Created April 25, 2020 03:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Zsoldier/351c2ef7b1242ae10b8d364d76db662d to your computer and use it in GitHub Desktop.
Save Zsoldier/351c2ef7b1242ae10b8d364d76db662d to your computer and use it in GitHub Desktop.
Download ZIP
Basically a way to pull the table you see in the interface in case you need to share config w/ someone.
Raw
Get-NSXESGFirewallRuleReport.ps1
#Requires -Module PowerCLI,PowerNSX
$ESG = Get-NsxEdge -Name "BobLoblaw"
$ESGFW = $ESG | get-NSXEdgeFirewall
$ESGFWRules = Get-NSXEdgeFirewallRule -EdgeFirewall $ESGFW
$CustomReport = @()
$i = 1
Foreach ($Rule in $ESGFWRules)
{
$NewObject = "" | Select-Object RuleNo, RuleID, RuleName, Source, Destination, Description, ServicePorts, Action, appliedTo, datacentername
## Artificial Number, assumes cmdlet pulls down rules in order of application.
$NewObject.RuleNo = $i++
$NewObject.RuleID = $Rule.id
$NewObject.RuleName = $Rule.Name
$NewObject.Description = $Rule.Description
$NewObject.Source = $null
$NewObject.Destination = $null
## Source
If ($Rule.Source.groupingObjectId){
$TempObj = $null
Foreach ($Entry in $Rule.Source.groupingObjectId)
{
$Source = Get-NSXIPSet -objectId $Entry
$TempObj = ($Source.Name + "|" + $TempObj)
$NewObject.Source = $TempObj.trimend("|")
}
}
If($Rule.Source.ipaddress){
$TempObj = $null
if ($rule.source.ipaddress -eq "any")
{$NewObject.Source = $rule.source.ipaddress}
Else{
Foreach ($Entry in $Rule.Source.ipaddress)
{
If ($NewObject.Source)
{
$TempObj = ($NewObject.Source + "|" + $Entry + "|" + $TempObj)
$NewObject.Source = $TempObj.trimend("|")
}
Else
{
$TempObj = ($Entry + "|" + $TempObj)
$NewObject.Source = $TempObj.trimend("|")
}
}
}
}
## Destinations
If ($Rule.Destination.groupingObjectId){
$TempObj = $null
Foreach ($Entry in $Rule.Destination.groupingObjectId)
{
$Destination = Get-NSXIPSet -objectId $Entry
$TempObj = ($Destination.Name + "|" + $TempObj)
$NewObject.Destination = $TempObj.trimend("|")
}
}
If($Rule.Destination.ipaddress){
$TempObj = $null
if ($rule.destination.ipaddress -eq "any")
{$NewObject.Destination = $rule.destination.ipaddress}
Else{
Foreach ($Entry in $Rule.Destination.ipaddress)
{
If ($NewObject.Destination)
{
$TempObj = ($NewObject.Destination + "|" + $Entry + "|" + $TempObj)
$NewObject.Destination = $TempObj.trimend("|")
}
Else
{
$TempObj = ($Entry + "|" + $TempObj)
$NewObject.Destination = $TempObj.trimend("|")
}
}
}
}
## Applications
If ($Rule.Application.Service)
{
$TempObj = $null
$Ports = $null
If (($Rule.Application.Service | Measure-Object).count -gt 1)
{
#TODO - what to do when more than one service found
$NewObject.ServicePorts = "Don't know how to collect yet."
}
Else
{
$Protocol = $Rule.Application.Service.protocol
If ($Rule.Application.Service.port.count -gt 1)
{
Foreach ($Port in $Rule.Application.Service.port)
{
$TempObj = $Port
$Ports = ($TempObj + "," + $Ports)
}
}
Else {$Ports = $Rule.Application.Service.port}
$NewObject.ServicePorts = ($Protocol + "/" + $Ports.trimend(","))
}
}
If ($Rule.Application.applicationid)
{
$TempObj = $null
$AppRule = $null
If (($Rule.Application.applicationid | Measure-Object).count -gt 1)
{
Foreach ($App in $Rule.Application.applicationid)
{
$TempObj = Get-nsxservice -objectid $app
$AppRule = ($TempObj.Name + "," + $AppRule).TrimEnd(",")
}
}
Else
{
$AppRule = (Get-nsxservice -objectid $Rule.Application.applicationid).name
}
If ($NewObject.ServicePorts)
{
$NewObject.ServicePorts = ($NewObject.ServicePorts + "," + $AppRule).TrimEnd(",")
}
Else {$NewObject.ServicePorts = $AppRule}
}
## Action
$NewObject.Action = $Rule.Action
## AppliedTo
$NewObject.AppliedTo = $ESG.name
## datacentername
$NewObject.datacentername = $ESG.datacentername
$CustomReport += $NewObject
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment