In the previous post, we discussed how to edit existing security policy using PowerNSX. We will round out this series by talking about how to remove NSX security policies with rules using PowerNSX.
The video above demonstrates the cmdlets discussed in this post.
Disclaimer: The code shown in this post is not included in the PowerNSX module. There is still work to be done as I need to write Pester tests for these cmdlets to ensure everything works as expected and doesn’t break anything else. That said all code has been used in a production environment without issue.
Cmdlets:
- Remove-NsxSecurityPolicyFwRule:
- Allows the ability to add additional rules to an existing Security Policy.
- Parameters: SecurityPolicy, FirewallRule
- Allows the ability to add additional rules to an existing Security Policy.
- Remove-NsxSgToSpFwRule:
- Add Security Group(s) to existing rules in a Security Policy.
- Parameters: SecurityPolicy, SecurityGroup, ExecutionOrder
- Add Security Group(s) to existing rules in a Security Policy.
- Remove-NsxServiceToSpFwRule:
- Add Service(s) to existing rules in a Security Policy.
- Parameters: SecurityPolicy, Service, ExecutionOrder
- Add Service(s) to existing rules in a Security Policy.
- Remove-NsxsecurityPolicy:
- This function ensures the base XML shell needed to create an empty SP exists.
- Parameters: SecurityPolicy, Confirm, Force
- This function ensures the base XML shell needed to create an empty SP exists.
As you can see manipulating security policies via PowerNSX allows for an automated and streamlined approach to managing NSX objects. The days of having to deal with vCenter web client reload error messages are over! That’s going to wrap up this series I encourage administrators of NSX to have a look at PowerNSX as it can simplify management.