Export the NSX for vSphere Distributed Firewall to MS Excel
Clone or download
tonysangha Development (#21)
* Security Group Membership Check Issue:18

* Environment Summary worksheet - Issue#19

* Security Tag Check - Issue#18

* Excel COM Object Cleanup

* add switch statements for script execution

* README updated

* README updated

* Security Tag Check - Issue#18
Latest commit 27a5767 Nov 22, 2017
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
DFW2Excel.ps1 Development (#21) Nov 22, 2017
DFW2Excel_Workbook_Example.xlsx Development (#21) Nov 22, 2017
License.txt no message Oct 20, 2016
README.md Development (#21) Nov 22, 2017

README.md

Document NSX-v DFW with PowerNSX

Note: Script is now part of the NSX-PowerOps toolset! NSX-PowerOps will now be the main repository for issues and new features for this tool. Current as of 21st November 2017

Script connects to NSX Manager and vCenter using the Powershell/Powercli to download and create an MS Excel spreadsheet with your firewall configurations.

** Only works for Layer 3 DFW Policy

Pre-requisites to run the script are:

To run the script, make sure your Powershell Execution is set to remotesigned

Set-ExecutionPolicy remotesigned

PowerNSX is essential, therefore please ensure you have the latest supported version of PowerNSX installed, which can be installed in an administrative PowerShell terminal from the PowerShell Gallery

Install-Module -Name PowerNSX 

The script has been tested against version 3.0.1047, support for other PowerNSX versions is not tested.

To verify what PowerNSX version you have running execute the command:

Get-PowerNsxVersion

Version  Path                                                                     Author        CompanyName
-------  ----                                                                     ------        -----------
3.0.1047 C:\Users\Tony\Documents\WindowsPowerShell\Modules\powernsx\PowerNSX.psm1 Nick Bradford VMware

To execute the script, download it to your scripts folder and change into the folder from the PowerShell CLI terminal and execute the command:

.\DFW2Excel.ps1 

By default the script will look for an active connection to NSX Manager, if none is present, the user will be prompted to connect to NSX Manager and vCenter Server. In addition, several parameters can be used to collect additional information, which are:

  • -EnableIPDetection Collect IP Addresses for Virtual Machines
  • -GetSecTagMembers Collect Security Tag VM Membership
  • -GetSecGrpMembers Collect Security Group VM Membership
  • -StartMinimised Microsoft Excel will not be visible to user
  • -DocumentPath Local path to save excel file

If any of the parameters are omitted during execution, the script will default to false and no collection will be conducted!

Below an example of using all these parameters together:

.\DFW2Excel.ps1 -StartMinimised -EnableIPDetection -GetSecTagMembers -GetSecGrpMembers -DocumentPath c:\dfwconfig.xlsx

You are prompted to connect to an NSX Manager instance and enter your credentials, and PowerNSX also initiates a connection to vCenter. Please ensure you select yes and enter in the correct credentials. Once a connection to NSX Manager and vCenter has been established, the script starts an Excel Workbook and populates the worksheets with the data as required.

Once the script has finished running, remember to save your Excel Workbook to a location of your choosing.

Release Notes

Version 1.0.1

Release Date: 21/11/2017

  • Added prompt to check if user wants to get VM Security Group & Tag Membership
  • Rudimentary validation check of yes/no prompt added
  • Added new worksheet titled Environment Summary
  • Security Group Statistics included to resolve issue: #19
  • Used PowerOps Excel COM object clean-up code for script
  • Switch parameters included to start script: -EnableIpDetection -GetSecTagMembers -GetSecGrpMembers -StartMinimised -DocumentPath

Version 1.0.0

Release Date: 08/10/2017

  • Hyperlink Support in FW Rule sheet to: VMs, IPSets, Services, Security Groups
  • Sample output file updated

Version 0.9.2

Release Date: 06/10/2017

  • If Service Field is not a NSX Object, output raw Protocol/Port into Cell
  • Collasped hash table for local/universal services into a single table - as it's now using objectID for unique field

Version 0.9.1

Release Date: 06/10/2017

  • New Column - object-ids added to service and service group tabs.
  • Instead of using service names, using object-id's instead for hashtable to build hyperlink
  • For Service Group Hyperlinks, provide tooltip which is object-id
  • Hyperlink from Exclusion List VMs & Sec Grp VMs to VM_Info sheet

Version 0.9

Release Date: 06/10/2017

  • If $NSXDefaultConnection exists, do not prompt for a new NSX Manager connection
  • When retrieving objects, specify scope - do not rely on defaults
  • [New Feature] - Hyperlinks from Service Groups to Services

Version 0.8

Release Date: 06/05/2017

  • Resolved Issue 12 - Error with $svc.name DFW2Excel.ps1:540 char:9
  • PowerNSX enhancements to universal object handling incorporated into script
  • Changed VM IP Address lookup to use Extension Data from get-vm cmdlet

Version 0.6/0.7

Release Date: 1/04/2017

  • Remove Minor version check of NSX Manager
  • remove hard-coded string admin from credentials request

Version 0.5

Release Date: 09/02/2017

  • Fixed issue #7 - Needed to format value as text of cell

Version 0.4

Release Date: 24/11/2016

  • Document VM IP Addresses into worksheet
  • Document static membership of VMs in Security Groups
  • Add warning text and simple error checks to start script

Version 0.3

Release Date: 28/10/2016

  • Object-ID for destination and source fields added to Layer 3 Firewall worksheet

Version 0.2

Release Date: 21/10/2016

  • Fixed Casting errors that were displayed on console
  • Implemented version check
  • New worksheet to document Security Tags and VM Membership
  • Negated Field in L3 Policy is now documented
  • DFW Exclusion List

MIT License

Copyright (c) [2016] [Tony Sangha]

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.