Note: Script is now part of the NSX-PowerOps toolset! NSX-PowerOps will now be the main repository for issues and new features for this tool. Current as of 21st November 2017
Script connects to NSX Manager and vCenter using the Powershell/Powercli to download and create an MS Excel spreadsheet with your firewall configurations.
** Only works for Layer 3 DFW Policy
Pre-requisites to run the script are:
- VMware PowerCLI
- VMware PowerNSX
- Microsoft Excel installed on the local system
- Access to NSX Manager API with privileges
- Access to vSphere Web Client and Privileges (Read)
To run the script, make sure your Powershell Execution is set to remotesigned
Set-ExecutionPolicy remotesignedPowerNSX is essential, therefore please ensure you have the latest supported version of PowerNSX installed, which can be installed in an administrative PowerShell terminal from the PowerShell Gallery
Install-Module -Name PowerNSX The script has been tested against version 3.0.1047, support for other PowerNSX versions is not tested.
To verify what PowerNSX version you have running execute the command:
Get-PowerNsxVersion
Version Path Author CompanyName
------- ---- ------ -----------
3.0.1047 C:\Users\Tony\Documents\WindowsPowerShell\Modules\powernsx\PowerNSX.psm1 Nick Bradford VMwareTo execute the script, download it to your scripts folder and change into the folder from the PowerShell CLI terminal and execute the command:
.\DFW2Excel.ps1 By default the script will look for an active connection to NSX Manager, if none is present, the user will be prompted to connect to NSX Manager and vCenter Server. In addition, several parameters can be used to collect additional information, which are:
-EnableIPDetectionCollect IP Addresses for Virtual Machines-GetSecTagMembersCollect Security Tag VM Membership-GetSecGrpMembersCollect Security Group VM Membership-StartMinimisedMicrosoft Excel will not be visible to user-DocumentPathLocal path to save excel file
If any of the parameters are omitted during execution, the script will default to false and no collection will be conducted!
Below an example of using all these parameters together:
.\DFW2Excel.ps1 -StartMinimised -EnableIPDetection -GetSecTagMembers -GetSecGrpMembers -DocumentPath c:\dfwconfig.xlsxYou are prompted to connect to an NSX Manager instance and enter your credentials, and PowerNSX also initiates a connection to vCenter. Please ensure you select yes and enter in the correct credentials. Once a connection to NSX Manager and vCenter has been established, the script starts an Excel Workbook and populates the worksheets with the data as required.
Once the script has finished running, remember to save your Excel Workbook to a location of your choosing.
Version 1.0.1
Release Date: 21/11/2017
- Added prompt to check if user wants to get VM Security Group & Tag Membership
- Rudimentary validation check of yes/no prompt added
- Added new worksheet titled Environment Summary
- Security Group Statistics included to resolve issue: #19
- Used PowerOps Excel COM object clean-up code for script
- Switch parameters included to start script:
-EnableIpDetection-GetSecTagMembers-GetSecGrpMembers-StartMinimised-DocumentPath
Version 1.0.0
Release Date: 08/10/2017
- Hyperlink Support in FW Rule sheet to: VMs, IPSets, Services, Security Groups
- Sample output file updated
Version 0.9.2
Release Date: 06/10/2017
- If Service Field is not a NSX Object, output raw
Protocol/Portinto Cell - Collasped hash table for local/universal services into a single table - as it's now using objectID for unique field
Version 0.9.1
Release Date: 06/10/2017
- New Column - object-ids added to service and service group tabs.
- Instead of using service names, using object-id's instead for hashtable to build hyperlink
- For Service Group Hyperlinks, provide tooltip which is object-id
- Hyperlink from Exclusion List VMs & Sec Grp VMs to VM_Info sheet
Version 0.9
Release Date: 06/10/2017
- If
$NSXDefaultConnectionexists, do not prompt for a new NSX Manager connection - When retrieving objects, specify scope - do not rely on defaults
- [New Feature] - Hyperlinks from Service Groups to Services
Version 0.8
Release Date: 06/05/2017
- Resolved Issue 12 - Error with $svc.name DFW2Excel.ps1:540 char:9
- PowerNSX enhancements to universal object handling incorporated into script
- Changed VM IP Address lookup to use Extension Data from
get-vmcmdlet
Version 0.6/0.7
Release Date: 1/04/2017
- Remove Minor version check of NSX Manager
- remove hard-coded string
adminfrom credentials request
Version 0.5
Release Date: 09/02/2017
- Fixed issue #7 - Needed to format value as text of cell
Version 0.4
Release Date: 24/11/2016
- Document VM IP Addresses into worksheet
- Document static membership of VMs in Security Groups
- Add warning text and simple error checks to start script
Version 0.3
Release Date: 28/10/2016
- Object-ID for destination and source fields added to Layer 3 Firewall worksheet
Version 0.2
Release Date: 21/10/2016
- Fixed Casting errors that were displayed on console
- Implemented version check
- New worksheet to document Security Tags and VM Membership
- Negated Field in L3 Policy is now documented
- DFW Exclusion List
Copyright (c) [2016] [Tony Sangha]
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.