This repository has been archived by the owner on Oct 28, 2022. It is now read-only.
how to define multiple service in firewall rule for nsx edge firewall #635
Comments
|
The error is due to the fact that when you are doing Get-NSXService -Name "RDP" its actually returning both the global and universal service objects. And you cannot use a universal object on an Edge. You can see the universal object ID in this part of the message. You need to make it so that your service variables only contain the global objects and NOT the universal objects. |
|
I tried running the command you suggested, and looks like its not taking service.
C:\Users\SheetalJain> $serviceRDP = $localServices | Where-Object {$_.name -eq "RDP"} C:\Users\SheetalJain> $serviceHTTP = $localServices | Where-Object {$_.name -eq "HTTP"} C:\Users\SheetalJain> $serviceHTTPS = $localServices | Where-Object {$_.name -eq "HTTPS"} C:\Users\SheetalJain> $serviceSSH = $localServices | Where-Object {$_.name -eq "SSH"} C:\Users\SheetalJain> $service = $serviceHTTP, $serviceHTTPS, $serviceRDP, $serviceSSH C:\Users\SheetalJain> Get-NsxEdge customer-nsx-edge | Get-NsxEdgeFirewall | New-NsxEdgeFirewallRule -name "testrule0" -source "1.2.3.4" -destination "1.2.3.4" -service $service -action acceptNew-NsxEdgeFirewallRule : Cannot validate argument on parameter 'Service'. The argument is null. Provide a valid value for the argument, and then try running the command again.At line:1 char:147+ ... 0" -source "1.2.3.4" -destination "1.2.3.4" -service $service -action ...+ ~~~~~~~~ + CategoryInfo : InvalidData: (:) [New-NsxEdgeFirewallRule], ParameterBindingValidationException + FullyQualifiedErrorId : ParameterArgumentValidationError,New-NsxEdgeFirewallRule
C:\Users\SheetalJain> $service C:\Users\SheetalJain> $serviceSSH = $localServices | Where-Object {$_.name -eq "SSH"} C:\Users\SheetalJain>$serviceSSH C:\Users\SheetalJain> $serviceRDP C:\Users\SheetalJain> $serviceRDP = $localServices | Where-Object {$_.name -eq "RDP"} C:\Users\SheetalJain> $serviceRDP C:\Users\SheetalJain>
Regards,Sheetal Jain
Network Specialist
GTS Labs, BCIT, 5th Floor , Bangalore, 560045 , India
Mobile: +91 9902900771Email: [email protected] Certified ITIL V3 Foundation
----- Original message -----From: Dale Coghlan <[email protected]>To: vmware/powernsx <[email protected]>Cc: sheetjai <[email protected]>, Author <[email protected]>Subject: [EXTERNAL] Re: [vmware/powernsx] how to define multiple service in firewall rule for nsx edge firewall (#635)Date: Wed, Oct 14, 2020 4:16 PM
The error is due to the fact that when you are doing Get-NSXService -Name "RDP" its actually returning both the global and universal service objects. And you cannot use a universal object on an Edge.
You can see the universal object ID in this part of the message.application-105 application-c7d6f2bd-1c96-439b-9fe7-d987ec5ee062. This object does not exist or is not available for NSX Edge edge-3.
You need to make it so that your service variables only contain the global objects and NOT the universal objects.
$localServices = Get-NsxService -LocalOnly$serviceRDP = $localServices | Where-Object {$_.name -eq "RDP"}$serviceHTTP = $localServices | Where-Object {$_.name -eq "HTTP"}$serviceHTTPS = $localServices | Where-Object {$_.name -eq "HTTPS"}$serviceSSH = $localServices | Where-Object {$_.name -eq "SSH"}$service = $serviceHTTP, $serviceHTTPS, $serviceRDP, $serviceSSH
—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
You need to break it down, and figure out which command is not working. Do you see all the services from globalroot-0 when you run the following And then what do you see when you do the following? |
|
Great!! It worked.
1 more clarification, how I can created new service in edge level only, say TCP port 50000.
Regards,Sheetal Jain
Network Specialist
GTS Labs, BCIT, 5th Floor , Bangalore, 560045 , India
Mobile: +91 9902900771Email: [email protected] Certified ITIL V3 Foundation
----- Original message -----From: Dale Coghlan <[email protected]>To: vmware/powernsx <[email protected]>Cc: sheetjai <[email protected]>, Author <[email protected]>Subject: [EXTERNAL] Re: [vmware/powernsx] how to define multiple service in firewall rule for nsx edge firewall (#635)Date: Wed, Oct 14, 2020 5:13 PM
You need to break it down, and figure out which command is not working.
Do you see all the services from globalroot-0 when you run the following
$localServices = Get-NsxService -LocalOnly$localServices
And then what do you see when you do the following?
$localServices | Where-Object {$_.name -eq "RDP"}
—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
When creating a service, you need to supply a scope of the edge-id. |
|
Thankyou, it worked.
Regards,Sheetal Jain
Network Specialist
GTS Labs, BCIT, 5th Floor , Bangalore, 560045 , India
Mobile: +91 9902900771Email: [email protected] Certified ITIL V3 Foundation
----- Original message -----From: Dale Coghlan <[email protected]>To: vmware/powernsx <[email protected]>Cc: sheetjai <[email protected]>, Author <[email protected]>Subject: [EXTERNAL] Re: [vmware/powernsx] how to define multiple service in firewall rule for nsx edge firewall (#635)Date: Wed, Oct 14, 2020 5:31 PM
When creating a service, you need to supply a scope of the edge-id.
New-NsxService -Name TestService -Description "Test creation of a service" -Protocol TCP -port 50000 -scopeid edge-5
—You are receiving this because you authored the thread.Reply to this email directly, view it on GitHub, or unsubscribe.
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Trying adding multiple server like ssh, http, https, rdp for a firewall rule. Getting below error. Any suggestion?
C:\Users\SheetalJain> $serviceRDP = Get-NsxService -Name "RDP"
C:\Users\SheetalJain> $serviceHTTP = Get-NsxService -Name "HTTP"
C:\Users\SheetalJain> $serviceHTTPS = Get-NsxService -Name "HTTPS"
C:\Users\SheetalJain> $serviceSSH = Get-NsxService -Name "SSH"
C:\Users\SheetalJain> $service = $serviceHTTP, $serviceHTTPS, $serviceRDP, $serviceSSH
C:\Users\SheetalJain> Get-NsxEdge customer-nsx-edge | Get-NsxEdgeFirewall | New-NsxEdgeFirewallRule -name "testrule0" -source "1.2.3.4" -destination "1.2.3.4" -service $service -action accept
invoke-nsxwebrequest : Invoke-NsxWebRequest : The NSX API response received indicates a failure. 400 : Bad Request : Response Body: {"errors":[{"errorCode":12009,"details":"[Firewall]
Invalid groupingObjectId application-93 application-f5553a5e-bfe9-45a3-a768-ed6d432ddb71. This object does not exist or is not available for NSX Edge
edge-3.","rootCauseString":null,"moduleName":"vShield Edge","errorData":null},{"errorCode":12009,"details":"[Firewall] Invalid groupingObjectId application-105
application-c7d6f2bd-1c96-439b-9fe7-d987ec5ee062. This object does not exist or is not available for NSX Edge edge-3.","rootCauseString":null,"moduleName":"vShield
Edge","errorData":null},{"errorCode":12009,"details":"[Firewall] Invalid groupingObjectId application-54 application-dbcb5f40-4f07-4e12-8b8d-1de678d6cc71. This object does not exist or is
not available for NSX Edge edge-3.","rootCauseString":null,"moduleName":"vShield Edge","errorData":null},{"errorCode":12009,"details":"[Firewall] Invalid groupingObjectId application-247
application-af0f13e5-5a03-4d69-b814-0e24a6a32d5a. This object does not exist or is not available for NSX Edge edge-3.","rootCauseString":null,"moduleName":"vShield
Edge","errorData":null}]}
At C:\Users\SheetalJain\Documents\WindowsPowerShell\Modules\PowerNSX\PowerNSX.psm1:14170 char:21
The property 'Headers' cannot be found on this object. Verify that the property exists.
At C:\Users\SheetalJain\Documents\WindowsPowerShell\Modules\PowerNSX\PowerNSX.psm1:14172 char:9
invoke-nsxwebrequest : Invoke-NsxWebRequest : The NSX API response received indicates a failure. 405 : Method Not Allowed : Response Body: <!doctype html><title>HTTP
Status 405 – Method Not Allowed</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2
{font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;}
body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line
{height:1px;background-color:#525D76;border:none;}</style>
HTTP Status 405 – Method Not Allowed
Type Status Report
Message
Request method 'GET' not supported
Description The method received in the request-line is known by the origin server but not supported by the target resource.
At C:\Users\SheetalJain\Documents\WindowsPowerShell\Modules\PowerNSX\PowerNSX.psm1:14174 char:21
The property 'content' cannot be found on this object. Verify that the property exists.
At C:\Users\SheetalJain\Documents\WindowsPowerShell\Modules\PowerNSX\PowerNSX.psm1:14175 char:9
The property 'firewallRule' cannot be found on this object. Verify that the property exists.
At C:\Users\SheetalJain\Documents\WindowsPowerShell\Modules\PowerNSX\PowerNSX.psm1:14176 char:9
The property 'firewallRule' cannot be found on this object. Verify that the property exists.
At C:\Users\SheetalJain\Documents\WindowsPowerShell\Modules\PowerNSX\PowerNSX.psm1:14177 char:9
C:\Users\SheetalJain>
The text was updated successfully, but these errors were encountered: