PowerNSX: missing NSX Firewall rule functionality

PowerNSX (for vSphere) is a great tool for SDN automation. I use it on a daily basis and helps me and my customers a lot! But with every good product, there is always room for improvement!

One of my customers asked me to add descriptions to existing IpSet object, add services to existing DFW firewall rules and retrieve the DFW firewall rule stats.
Unfortunately these functionalities aren’t available out of the box, with PowerNSX.
So, I’ve created these cmdlets myself (which integrate with PowerNSX) with.

I tried to add these cmdlets to the original PowerNSX github repo, but I’m running into some (permission-)issues. I already reached out to the owners of PowerNSX (but received no reaction, yet).

You can found the cmdlets here:

2 gedachtes over “PowerNSX: missing NSX Firewall rule functionality

  1. Hi
    i need to apply the flowing script
    new-nsxfirewallrule -source (an existing ipset name) -destination (an existing ipset name1, an existing ipset name2….) -service ( an existing service1,service2..) -allow

    how can i do that please


    1. $allIpsetobj = get-nsxipset
      $dfwsection = get-nsxfirewallsection | Out-GridView -OutputMode Single -Title “select DFW section” -passtrough
      $Sourceobj = $allIpsetobj.where({$_.name -eq “ipset01” -or $_.name -eq “ipset02”}) #add as many ipset objects as needed
      $destinationobj = $allIpsetobj.where({$_.name -eq “ipset01” -or $_.name -eq “ipset02”}) #add as many ipset objects as needed
      $serviceobj = get-nsxservice | Out-GridView -OutputMode Multiple -Title “select service(s) to add”
      New-NsxFirewallRule -Section $dfwsection -Source $Sourceobj -Destination $destinationobj -Action allow -service $serviceobj

      the critical point is to get all objects into one variable.
      I use two methods:
      – using the .where method, which is good for static scripting
      – using the out-gridview cmdlet, which is goor for more dynamic implementations.


Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit /  Bijwerken )

Google photo

Je reageert onder je Google account. Log uit /  Bijwerken )


Je reageert onder je Twitter account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s