Re: Add Firewall Rules to a vCloud Director vApp Network via PowerCLI

Hi, I found my answer, here is the final solution.

$vAppNet = Get-CIVAPP 111 | Get-CIVAppNetwork vApp_Network
$vApp = Get-CIVAPP 111
$networkConfigSection = (Get-CIVapp 111).extensiondata.GetNetworkConfigSection()
$vAppNetwork = $networkConfigSection.NetworkConfig | where {$_.networkName -eq "vApp_Network"}

$fwService = New-Object vmware.vimautomation.cloud.views.firewallservice
$fwService.DefaultAction = "drop"
$fwService.LogDefaultAction = $false
$fwService.IsEnabled = $true
$fwService.FirewallRule = New-Object vmware.vimautomation.cloud.views.firewallrule
$fwService.FirewallRule += New-Object vmware.vimautomation.cloud.views.firewallrule

#First Rule
$fwService.FirewallRule[0].isenabled = $true
$fwService.FirewallRule[0].description = "Allow all outgoing traffic"
$fwService.FirewallRule[0].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[0].protocols.ANY = $true
$fwService.FirewallRule[0].policy = "allow"
$fwService.FirewallRule[0].destinationIp = "external"
$fwService.FirewallRule[0].sourceip = "internal"

#Second Rule
$fwService.FirewallRule[1].isenabled = $true
$fwService.FirewallRule[1].description = "TS from TSG"
$fwService.FirewallRule[1].protocols = New-Object vmware.vimautomation.cloud.views.firewallRuleTypeProtocols
$fwService.FirewallRule[1].protocols.tcp = $true
$fwService.FirewallRule[1].policy = "allow"
$fwService.FirewallRule[1].port = "3389"
$fwService.FirewallRule[1].destinationIp = "Any"
$fwService.FirewallRule[1].sourceport = "3389"
$fwService.FirewallRule[1].sourceip = "192.168.1.81-192.168.1.89"

$vAppNetwork.Configuration.Features = $vAppNetwork.Configuration.Features | where {!($_ -is [vmware.vimautomation.cloud.views.firewallservice])}
$vAppNetwork.configuration.features += $fwService
$networkConfigSection.UpdateServerData()