Basically i want to be able to grab the firewall settings from one ESXi host and pipe it to another host. I am using host profiles and realize that the host profiles won't actually delete a firewall setting if it's not listed in the host profile, so we can get in a situation where a new firewall setting has been added and the host profile won't remove it. Thanks!
Indeed, the cmdlet apparently can only be used to enable/disable specific rules on the same ESXi node.
My mistake.
Then I'm afraid you will have to revert to using SSH, see for example ESXi Custom Firewall Rule – Automation using Powercli and PLINK
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Doesn't this do the trick ?
Get-VMHostFirewallException -VMHost SourceEsx | Set-VMHostFirewallException -VMHost TargetEsx
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Nope. It seems that set-vmhostfirewallexception is just used for setting specific settings:
Set-VMHostFirewallException : A parameter cannot be found that matches
parameter name 'vmhost'.
Indeed, the cmdlet apparently can only be used to enable/disable specific rules on the same ESXi node.
My mistake.
Then I'm afraid you will have to revert to using SSH, see for example ESXi Custom Firewall Rule – Automation using Powercli and PLINK
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
$esxcliSource = Get-EsxCli -vmhost <your source esxi host>
foreach($esxhost in $hosts){
$esxcliTarget = Get-EsxCli -vmhost $esxhost
$fwset = $esxcliSource.network.firewall.ruleset.allowedip.list.invoke() | ?{$_.allowedipaddresses -notlike "All"} | foreach {$_.ruleset}
foreach($rule in $fwset){
$ips = $esxcliSource.network.firewall.ruleset.allowedip.list($rule) | foreach{$_.allowedipaddresses}
$esxcliTarget.network.firewall.ruleset.set($false,$true,$rule)
foreach($ip in $ips){
$esxcliTarget.network.firewall.ruleset.allowedip.add($ip,$rule)
}
}
}