I have been searching for something that will export/audit an Edge gateways firewall and NAT rules or over a year.
Although not perfect, this export is better then typing out an edge config in to excel one rule at a time. More so now as I have almost removed one of my fingers with a power tool.
There is a limitation with this script. When exporting a firewall rule with more then one port defined, the script will only export the first port. If other ports are defined they are simply not returned by vCloud.
here is the function
$cred = Get-Credential
## Start of functions ##
Function Get-EdgeConfig ($EdgeGateway)
{
$Edgeview = $EdgeGateway | get-ciview
$webclient = New-Object system.net.webclient
$webclient.Headers.Add("x-vcloud-authorization", $EdgeView.Client.SessionKey)
$webclient.Headers.Add("accept", $EdgeView.Type + ";version=32.0")
[xml]$EGWConfXML = $webclient.DownloadString($EdgeView.href)
$tmpObj = "" | Select Firewall,NAT,LoadBalancer,DHCP
$tmpObj.Firewall = $EGWConfXML.EdgeGateway.Configuration.EdgegatewayServiceConfiguration.FirewallService.FirewallRule
$tmpObj.NAT = $EGWConfXML.EdgeGateway.Configuration.EdgegatewayServiceConfiguration.NatService.NatRule
$tmpObj.LoadBalancer = $EGWConfXML.EdgeGateway.Configuration.EdgegatewayServiceConfiguration.LoadBalancerService.VirtualServer
$tmpObj.DHCP = $EGWConfXML.EdgeGateway.Configuration.EdgegatewayServiceConfiguration.GatewayDHCPService.Pool
Return $tmpObj
}
## End of functions ##
## connect to vcloud director tenant org
connect-ciserver mycloud.mycloudprovider.com -org MyOrg
# get an array of edge gateways
$Gateways = Search-Cloud -QueryType EdgeGateway
# I have selected edge gateway [1] from the array
$Config = Get-EdgeConfig -EdgeGateway $Gateways[1]
# exporting config arrays. there are also DHCP and
$Config.Firewall | Export-csv -path firewallrules.csv
$Config.NAT | Export-csv -path NATrules.csv
$Config.LoadBalancer | Export-csv -path LoadBalancer.csv
$Config.DHCP | Export-csv -path DHCP.csv
When running this script you will get a CSV file for each of Firewall/NAT/LoadBalancer and DHCP rules.
This function will work on the Provider or the Tenant portal.