Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
NSX Firewall Rule Report
<# Uncomment if you'd like to use. These are assumed and needed for custom report to work. Must be connected to vCenter and NSXMgr.
Import-Module vmware.powercli,powernsx
$Creds = Get-Credential -Message "Provide vCenter Admin credentials"
$vCenterNameorIP = Read-Host "Provide name or IP of vCenter"
Connect-VIServer $vCenterNameorIP -Credential $Creds
Connect-NSXServer -vCenterServer $vCenterNameorIP -Credential $Creds
#>
$DFWRules = Get-NSXFirewallRule
$CustomReport = @()
$i = 1
Foreach ($Rule in $DFWRules)
{
$NewObject = "" | Select-Object RuleNo, RuleID, RuleName, Source, Destination, ServicePorts, Action, appliedTo
## Artificial Number, assumes cmdlet pulls down rules in order of application.
$NewObject.RuleNo = $i++
$NewObject.RuleID = $Rule.id
$NewObject.RuleName = $Rule.Name
$RuleMembers = $Rule | get-NSXFirewallRuleMember
##
$Sources = $RuleMembers | Where-Object {$_.MemberType -eq "Source"}
$Destinations = $RuleMembers | Where-Object {$_.MemberType -eq "Destination"}
## Sources
If (($Sources | Measure-Object).count -gt 1)
{$TempObj = $null
Foreach ($Source in $Sources){
$TempObj = $Source.Name + "|" + $TempObj
}
$NewObject.Source = $TempObj.trimend("|")
}
ElseIf ($Sources.Name) {$NewObject.Source = $Sources.Name}
Else {$NewObject.Source = "ANY"}
## Destinations
If (($Destinations | Measure-Object).count -gt 1)
{$TempObj = $null
Foreach ($Destination in $Destinations){
If($Destination.Name){$TempObj = $Destination.Name + "|" + $TempObj }
Else{$TempObj = $Destination.Value + "|" + $TempObj }
}
$NewObject.Destination = $TempObj.trimend("|")
}
ElseIf ($Destinations.Name) {$NewObject.Destination = $Destinations.Name}
Else {$NewObject.Destination = "ANY"}
## Services
If ($Rule.Services -and ($Rule.Services.Service | Measure-Object).count -gt 1)
{$TempObj = $null
Foreach ($Service in $Rule.Services.Service){
If($Service.Name -and $Service.Name -ne "service"){$TempObj = $Service.Name + "|" + $TempObj }
If($Service.destinationport){$TempObj = $Service.destinationport + "|" + $TempObj }
}
$NewObject.ServicePorts = $TempObj.trimend("|")
}
ElseIf ($Rule.Services.Service.Name -and $Rule.Services.Service.Name -ne "service") {$NewObject.ServicePorts = $Rule.Services.Service.Name}
ElseIf ($Rule.Services.Service.destinationport) {$NewObject.ServicePorts = $Rule.Services.Service.destinationport}
Else {$NewObject.ServicePorts = "ANY"}
## Action
$NewObject.Action = $Rule.Action
## AppliedTo
If ($Rule.appliedToList -and ($Rule.appliedToList.appliedTo | Measure-Object).count -gt 1)
{$TempObj = $null
Foreach ($Applied in $Rule.appliedToList.appliedTo){
If($Applied.Name){$TempObj = $Applied.Name + "|" + $TempObj }
}
$NewObject.appliedTo = $TempObj.trimend("|")
}
Else {$NewObject.appliedTo = $Rule.appliedToList.appliedTo.Name}
$CustomReport += $NewObject
}
<# To output this information to CSV you can use the below code uncommented
$CustomReport | Convertto-CSV -NoTypeInformation | out-file C:\whereeveryouwant\myjunk.csv
#>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.