< Back
Copy-NsxEdge
Post
NAME Copy-NsxEdge
SYNOPSIS
Creates a new NSX Edge Services Gateway based on the configuration of an
existing one.
SYNTAX
Copy-NsxEdge -Edge <XmlElement> -Name <String> [-Datastore <DatastoreInterop>] [-Username <String>] -Password
<String> [-HADatastore <DatastoreInterop>] [-FormFactor <String>] [-VMFolder <FolderInterop>] [-Tenant <String>]
[-Hostname <String>] [-EnableSSH] [-AutoGenerateRules] [-FwEnabled] [-FwDefaultPolicyAllow] [-FwLoggingEnabled]
[-EnableHa] [-HaDeadTime <Int32>] [-HaVnic <Int32>] [-EnableSyslog] [-SyslogServer <String[]>] [-SyslogProtocol
<String>] [-Interface <XmlElement[]>] [-CertFixUps] [-SelfSignedCertificateCN <String>] [-NatRuleFixups]
[-RouterIdFixup] [-FirewallFixups] [-LocalObjectFixups] [-CertValidNumberOfDays <Int32>] [-Connection <PSObject>]
[<CommonParameters>]
Copy-NsxEdge -Edge <XmlElement> -Name <String> -ResourcePool <ResourcePoolInterop> [-Datastore <DatastoreInterop>]
[-Username <String>] -Password <String> [-HADatastore <DatastoreInterop>] [-FormFactor <String>] [-VMFolder
<FolderInterop>] [-Tenant <String>] [-Hostname <String>] [-EnableSSH] [-AutoGenerateRules] [-FwEnabled]
[-FwDefaultPolicyAllow] [-FwLoggingEnabled] [-EnableHa] [-HaDeadTime <Int32>] [-HaVnic <Int32>] [-EnableSyslog]
[-SyslogServer <String[]>] [-SyslogProtocol <String>] [-Interface <XmlElement[]>] [-CertFixUps]
[-SelfSignedCertificateCN <String>] [-NatRuleFixups] [-RouterIdFixup] [-FirewallFixups] [-LocalObjectFixups]
[-CertValidNumberOfDays <Int32>] [-Connection <PSObject>] [<CommonParameters>]
Copy-NsxEdge -Edge <XmlElement> -Name <String> -Cluster <ClusterInterop> [-Datastore <DatastoreInterop>]
[-Username <String>] -Password <String> [-HADatastore <DatastoreInterop>] [-FormFactor <String>] [-VMFolder
<FolderInterop>] [-Tenant <String>] [-Hostname <String>] [-EnableSSH] [-AutoGenerateRules] [-FwEnabled]
[-FwDefaultPolicyAllow] [-FwLoggingEnabled] [-EnableHa] [-HaDeadTime <Int32>] [-HaVnic <Int32>] [-EnableSyslog]
[-SyslogServer <String[]>] [-SyslogProtocol <String>] [-Interface <XmlElement[]>] [-CertFixUps]
[-SelfSignedCertificateCN <String>] [-NatRuleFixups] [-RouterIdFixup] [-FirewallFixups] [-LocalObjectFixups]
[-CertValidNumberOfDays <Int32>] [-Connection <PSObject>] [<CommonParameters>]
DESCRIPTION
An NSX Edge Service Gateway provides all NSX Edge services such as firewall,
NAT, DHCP, VPN, load balancing, and high availability. Each NSX Edge virtual
appliance can have a total of ten uplink and internal network interfaces and
up to 200 subinterfaces. Multiple external IP addresses can be configured
for load balancer, site???????????????to???????????????site VPN, and NAT services.
This cmdlet creates a new Nsx Edge Services Gateway based on the
configuration of an existing one.
There are numerous properties that are not possible to clone, and must be
either configured in the call to Copy-NsxEdge (such as interface IPs), or
will need to be manually configured on the new NSX Edge after the fact
(such as external certificate configuration).
Note that this operation does not strictly clone the Edge, internal object
identifiers such as NAT and FW rule ids etc. will not be consistent between
source and duplicated Edges. This is a limitation imposed by the NSX API.
An attempt is made to make sensible 'fixups' to the duplicated edge to allow
it to function as expected. Most of these fixups can be disabled with param
switches to Copy-NsxEdge, but in some cases, this will prevent the
duplication of certain features (for instance, disabling local object fixups
will prevent user defined firewall rules from being configured on the
duplicate edge.)
Fixups for the following are currently in place and enabled by default:
- Any Self Signed certificates are 'regenerated' on the duplicated edge
Note: Externally signed certificates cannot be migrated and must be
manually configured on the duplicated edge if required. Regenerated
Self Signed certificates will have the fqdn of the edge as their CN.
Alternatively, the user can specify a CN explicitly via parameter to
Copy-NsxEdge. All certificates will have the same CN currently.
- Any services using certificates that have been regenerated will be
configured to use the corresponding regenerated cert.
- Any listening services (LB VIPs, SSL VPN, IPSec VPN etc) bound to
interface addresses will be updated to use the corresponding address
on the duplicated edge.
- Any NAT rules that specify a local interface address in either the
Original Address or Translated Address field will be updated to
specify the corresponding replacement interface address on the
duplicated edge.
- Any locally defined grouping objects (IPSets, Services or Service
Groups) will be recreated on the duplicated edge. This includes
fixups for any service groups that contain other local services or
service groups to be updated to include their corresponding recreated
local object on the duplicated edge.
- Any User defined local firewall rules that reference local objects in
source, destination or service fields are updated to reference the
corresponding recreated local object on the duplicated edge.
- Any IPSec Pre Shared Keys defined will be randomised. These can be
manually updated after the fact as required.
- If a router ID is configured on the source edge, and references an
interface address, it is updated to reference the corresponding
address on the duplicated edge.
This is an experimental function for now and involves a lot of heavy lifting.
Please report any limitations or issues using it via the project github page
so it can be improved.
PARAMETERS
-Edge <XmlElement>
PowerNSX Edge Object as retrieved with Get-NsxEdge representing the source edge to duplicate.
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Name <String>
Duplicated Edge Name (base of appliance name and default for fqdn)
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ResourcePool <ResourcePoolInterop>
PowerCLI Resource Pool object representing vSphere Resource Pool to which duplicated edge appliances are
deployed. If Resource Pool and Cluster are not specified, Copy-NsxEdge places the duplicated edge appliances
in the same location as the source edge.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Cluster <ClusterInterop>
PowerCLI Cluster object representing vSphere Cluster to which duplicated edge appliances are deployed. If
Resource Pool and Cluster are not specified, Copy-NsxEdge places the duplicated edge appliances in the same
location as the source edge.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Datastore <DatastoreInterop>
PowerCLI Datastore object representing vSphere datastore to which the primary duplicated edge appliance is
deployed. Defaults to the same location as the source edge.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Username <String>
Edge CLI user name. Defaults to 'admin'
Required? false
Position? named
Default value admin
Accept pipeline input? false
Accept wildcard characters? false
-Password <String>
Edge CLI password
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-HADatastore <DatastoreInterop>
PowerCLI Datastore object representing vSphere datastore to which the secondary edge appliance is deployed
(requires HA). Defaults to the same location as the source edge.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-FormFactor <String>
Edge Appliance Form Factor. See NSX Documentation for appliance form factor details and recommendations.
Defaults to the source edge form factor.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-VMFolder <FolderInterop>
PowerCLI Folder object representing the vSphere VM inventory folder in which the appliances should be
deployed. Defaults to the source edge location.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Tenant <String>
Tenant name used in appliance naming and API references. Defaults to the source edge tenant.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Hostname <String>
FQDN of Edge. Defaults to $name (undotted).
Required? false
Position? named
Default value $Name
Accept pipeline input? false
Accept wildcard characters? false
-EnableSSH [<SwitchParameter>]
Enable SSH on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-AutoGenerateRules [<SwitchParameter>]
Enable autogenerated firewall rules on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-FwEnabled [<SwitchParameter>]
Enable firewall on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-FwDefaultPolicyAllow [<SwitchParameter>]
Configure default firewall policy on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-FwLoggingEnabled [<SwitchParameter>]
Configure default firewall action logging on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-EnableHa [<SwitchParameter>]
Configure HA on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-HaDeadTime <Int32>
Configure HA dead time on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-HaVnic <Int32>
Configure HA vNIC on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-EnableSyslog [<SwitchParameter>]
Configure syslog on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-SyslogServer <String[]>
Configure syslog server(s) on the duplicated Edge. Defaults to source edge setting. If specified, overrides
source edge settings (not merged).
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SyslogProtocol <String>
Configure syslog protocol on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Interface <XmlElement[]>
Interface definitions. Specified as Interface Specs as returned by New-NsxEdgeInterfaceSpec. Must contain the
SAME number of interfaces with the same interface indexes, addressgroups per interface, and primary and
secondary addresses per addressgroup as the source edge interface.
Netmasks and the CIDR network defined in each addressgroup must match that of the source edge.
In summary, the only thing that can (must) change from the source edge is the primary and any secondary IP
Addresses for every addressgroup on every interface, and potentially, the connected network.
If not specified, the user is interactively prompted for replacement addresses on each primary and secondary
address on each addressgroup on each enabled VNIC on the source edge.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-CertFixUps [<SwitchParameter>]
Any self signed certificates found on the source edge will be regenerated on the destination edge as new
certificates with the fqdn as the cn (all other details duplicated), and services configured to use the
regenerated certificate. Set this to $false to disable autogeneration of certificates (services will have to
be manually reconfigured to use a different certificate)
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-SelfSignedCertificateCN <String>
Any self signed certificates generated on the new edge will have the fqdn as the cn. Set
-SelfSignedCertificateCN to change the CN used (for all Self Signed certificates)
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-NatRuleFixups [<SwitchParameter>]
Any NAT rules found on the source edge that specify any 'local' ip (defined on any interface), will be
regenerated on the destination edge with the ip updated to the eqivalent IP on the new edge. Set this to
$false to disable automatic fixups of NAT rules. Any rules referencing edge local ip addresses will need to
be manually updated.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-RouterIdFixup [<SwitchParameter>]
If routerId is defined and matches any 'local' ip (defined on any interface), it will be updated to match the
equivalent IP on the new edge. Set to $false to disable automatic fixup. RouterID will need to be manually
updated in this case.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-FirewallFixups [<SwitchParameter>]
Any user defined local firewall rules with locally scoped objects (ipsets, services, servicegroups) referenced
will be updated to match the equivalent object on the new edge. Set to $false to disable automatic fixup.
User defined firewall rules will not be duplicated and will need to be manually recreated in this case.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-LocalObjectFixups [<SwitchParameter>]
Any locally scoped objects (ipsets, services, servicegroups and servicegroup membership) defined within the
edges local scope will be recreated on the new edge. This is required for FirewallFixups.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-CertValidNumberOfDays <Int32>
Number of days any regenerated certificates are valid for. Defaults to 365
Required? false
Position? named
Default value 365
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Copy-NsxEdge -name Edge02 -Password VMware1!VMware1!
Creates a duplicated edge based on the source-edge Edge01. Any interface addresses found on Edge01 will be
interactively prompted for replacement. Note that the subnet (network and mask) of each primary or secondary
adderess specified must match that of the source edge, and all addresses found on the source must be updated.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$uplink = New-NsxEdgeInterfaceSpec -Index 0 -Name Uplink -Type uplink -ConnectedTo (get-vdportgroup
internal) -PrimaryAddress 192.168.100.202 -SubnetPrefixLength 24 -SecondaryAddresses
192.168.100.203,192.168.100.204,192.168.100.205
PS C:\\>$transit = New-NsxEdgeInterfaceSpec -Index 1 -Name Transit -Type internal -ConnectedTo
(Get-NsxLogicalSwitch transit) -PrimaryAddress 172.16.1.11 -SubnetPrefixLength 24 -SecondaryAddresses 172.16.1.12
PS C:\\>Get-NsxEdge Edge01 | Copy-NsxEdge -name Edge02 -Password VMware1!VMware1! -Interface $Uplink,$Transit
Creates two interface specs and creates a duplicated edge based on the source-edge Edge01. Note that the subnet
(network and mask) of each primary or secondary adderess specified in each spec, as well as the number of
addresses, and the interface indexes specified, must match that of the source edge.
RELATED LINKS
SYNOPSIS
Creates a new NSX Edge Services Gateway based on the configuration of an
existing one.
SYNTAX
Copy-NsxEdge -Edge <XmlElement> -Name <String> [-Datastore <DatastoreInterop>] [-Username <String>] -Password
<String> [-HADatastore <DatastoreInterop>] [-FormFactor <String>] [-VMFolder <FolderInterop>] [-Tenant <String>]
[-Hostname <String>] [-EnableSSH] [-AutoGenerateRules] [-FwEnabled] [-FwDefaultPolicyAllow] [-FwLoggingEnabled]
[-EnableHa] [-HaDeadTime <Int32>] [-HaVnic <Int32>] [-EnableSyslog] [-SyslogServer <String[]>] [-SyslogProtocol
<String>] [-Interface <XmlElement[]>] [-CertFixUps] [-SelfSignedCertificateCN <String>] [-NatRuleFixups]
[-RouterIdFixup] [-FirewallFixups] [-LocalObjectFixups] [-CertValidNumberOfDays <Int32>] [-Connection <PSObject>]
[<CommonParameters>]
Copy-NsxEdge -Edge <XmlElement> -Name <String> -ResourcePool <ResourcePoolInterop> [-Datastore <DatastoreInterop>]
[-Username <String>] -Password <String> [-HADatastore <DatastoreInterop>] [-FormFactor <String>] [-VMFolder
<FolderInterop>] [-Tenant <String>] [-Hostname <String>] [-EnableSSH] [-AutoGenerateRules] [-FwEnabled]
[-FwDefaultPolicyAllow] [-FwLoggingEnabled] [-EnableHa] [-HaDeadTime <Int32>] [-HaVnic <Int32>] [-EnableSyslog]
[-SyslogServer <String[]>] [-SyslogProtocol <String>] [-Interface <XmlElement[]>] [-CertFixUps]
[-SelfSignedCertificateCN <String>] [-NatRuleFixups] [-RouterIdFixup] [-FirewallFixups] [-LocalObjectFixups]
[-CertValidNumberOfDays <Int32>] [-Connection <PSObject>] [<CommonParameters>]
Copy-NsxEdge -Edge <XmlElement> -Name <String> -Cluster <ClusterInterop> [-Datastore <DatastoreInterop>]
[-Username <String>] -Password <String> [-HADatastore <DatastoreInterop>] [-FormFactor <String>] [-VMFolder
<FolderInterop>] [-Tenant <String>] [-Hostname <String>] [-EnableSSH] [-AutoGenerateRules] [-FwEnabled]
[-FwDefaultPolicyAllow] [-FwLoggingEnabled] [-EnableHa] [-HaDeadTime <Int32>] [-HaVnic <Int32>] [-EnableSyslog]
[-SyslogServer <String[]>] [-SyslogProtocol <String>] [-Interface <XmlElement[]>] [-CertFixUps]
[-SelfSignedCertificateCN <String>] [-NatRuleFixups] [-RouterIdFixup] [-FirewallFixups] [-LocalObjectFixups]
[-CertValidNumberOfDays <Int32>] [-Connection <PSObject>] [<CommonParameters>]
DESCRIPTION
An NSX Edge Service Gateway provides all NSX Edge services such as firewall,
NAT, DHCP, VPN, load balancing, and high availability. Each NSX Edge virtual
appliance can have a total of ten uplink and internal network interfaces and
up to 200 subinterfaces. Multiple external IP addresses can be configured
for load balancer, site???????????????to???????????????site VPN, and NAT services.
This cmdlet creates a new Nsx Edge Services Gateway based on the
configuration of an existing one.
There are numerous properties that are not possible to clone, and must be
either configured in the call to Copy-NsxEdge (such as interface IPs), or
will need to be manually configured on the new NSX Edge after the fact
(such as external certificate configuration).
Note that this operation does not strictly clone the Edge, internal object
identifiers such as NAT and FW rule ids etc. will not be consistent between
source and duplicated Edges. This is a limitation imposed by the NSX API.
An attempt is made to make sensible 'fixups' to the duplicated edge to allow
it to function as expected. Most of these fixups can be disabled with param
switches to Copy-NsxEdge, but in some cases, this will prevent the
duplication of certain features (for instance, disabling local object fixups
will prevent user defined firewall rules from being configured on the
duplicate edge.)
Fixups for the following are currently in place and enabled by default:
- Any Self Signed certificates are 'regenerated' on the duplicated edge
Note: Externally signed certificates cannot be migrated and must be
manually configured on the duplicated edge if required. Regenerated
Self Signed certificates will have the fqdn of the edge as their CN.
Alternatively, the user can specify a CN explicitly via parameter to
Copy-NsxEdge. All certificates will have the same CN currently.
- Any services using certificates that have been regenerated will be
configured to use the corresponding regenerated cert.
- Any listening services (LB VIPs, SSL VPN, IPSec VPN etc) bound to
interface addresses will be updated to use the corresponding address
on the duplicated edge.
- Any NAT rules that specify a local interface address in either the
Original Address or Translated Address field will be updated to
specify the corresponding replacement interface address on the
duplicated edge.
- Any locally defined grouping objects (IPSets, Services or Service
Groups) will be recreated on the duplicated edge. This includes
fixups for any service groups that contain other local services or
service groups to be updated to include their corresponding recreated
local object on the duplicated edge.
- Any User defined local firewall rules that reference local objects in
source, destination or service fields are updated to reference the
corresponding recreated local object on the duplicated edge.
- Any IPSec Pre Shared Keys defined will be randomised. These can be
manually updated after the fact as required.
- If a router ID is configured on the source edge, and references an
interface address, it is updated to reference the corresponding
address on the duplicated edge.
This is an experimental function for now and involves a lot of heavy lifting.
Please report any limitations or issues using it via the project github page
so it can be improved.
PARAMETERS
-Edge <XmlElement>
PowerNSX Edge Object as retrieved with Get-NsxEdge representing the source edge to duplicate.
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Name <String>
Duplicated Edge Name (base of appliance name and default for fqdn)
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ResourcePool <ResourcePoolInterop>
PowerCLI Resource Pool object representing vSphere Resource Pool to which duplicated edge appliances are
deployed. If Resource Pool and Cluster are not specified, Copy-NsxEdge places the duplicated edge appliances
in the same location as the source edge.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Cluster <ClusterInterop>
PowerCLI Cluster object representing vSphere Cluster to which duplicated edge appliances are deployed. If
Resource Pool and Cluster are not specified, Copy-NsxEdge places the duplicated edge appliances in the same
location as the source edge.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Datastore <DatastoreInterop>
PowerCLI Datastore object representing vSphere datastore to which the primary duplicated edge appliance is
deployed. Defaults to the same location as the source edge.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Username <String>
Edge CLI user name. Defaults to 'admin'
Required? false
Position? named
Default value admin
Accept pipeline input? false
Accept wildcard characters? false
-Password <String>
Edge CLI password
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-HADatastore <DatastoreInterop>
PowerCLI Datastore object representing vSphere datastore to which the secondary edge appliance is deployed
(requires HA). Defaults to the same location as the source edge.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-FormFactor <String>
Edge Appliance Form Factor. See NSX Documentation for appliance form factor details and recommendations.
Defaults to the source edge form factor.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-VMFolder <FolderInterop>
PowerCLI Folder object representing the vSphere VM inventory folder in which the appliances should be
deployed. Defaults to the source edge location.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Tenant <String>
Tenant name used in appliance naming and API references. Defaults to the source edge tenant.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Hostname <String>
FQDN of Edge. Defaults to $name (undotted).
Required? false
Position? named
Default value $Name
Accept pipeline input? false
Accept wildcard characters? false
-EnableSSH [<SwitchParameter>]
Enable SSH on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-AutoGenerateRules [<SwitchParameter>]
Enable autogenerated firewall rules on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-FwEnabled [<SwitchParameter>]
Enable firewall on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-FwDefaultPolicyAllow [<SwitchParameter>]
Configure default firewall policy on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-FwLoggingEnabled [<SwitchParameter>]
Configure default firewall action logging on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-EnableHa [<SwitchParameter>]
Configure HA on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-HaDeadTime <Int32>
Configure HA dead time on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-HaVnic <Int32>
Configure HA vNIC on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-EnableSyslog [<SwitchParameter>]
Configure syslog on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-SyslogServer <String[]>
Configure syslog server(s) on the duplicated Edge. Defaults to source edge setting. If specified, overrides
source edge settings (not merged).
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-SyslogProtocol <String>
Configure syslog protocol on the duplicated Edge. Defaults to source edge setting.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Interface <XmlElement[]>
Interface definitions. Specified as Interface Specs as returned by New-NsxEdgeInterfaceSpec. Must contain the
SAME number of interfaces with the same interface indexes, addressgroups per interface, and primary and
secondary addresses per addressgroup as the source edge interface.
Netmasks and the CIDR network defined in each addressgroup must match that of the source edge.
In summary, the only thing that can (must) change from the source edge is the primary and any secondary IP
Addresses for every addressgroup on every interface, and potentially, the connected network.
If not specified, the user is interactively prompted for replacement addresses on each primary and secondary
address on each addressgroup on each enabled VNIC on the source edge.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-CertFixUps [<SwitchParameter>]
Any self signed certificates found on the source edge will be regenerated on the destination edge as new
certificates with the fqdn as the cn (all other details duplicated), and services configured to use the
regenerated certificate. Set this to $false to disable autogeneration of certificates (services will have to
be manually reconfigured to use a different certificate)
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-SelfSignedCertificateCN <String>
Any self signed certificates generated on the new edge will have the fqdn as the cn. Set
-SelfSignedCertificateCN to change the CN used (for all Self Signed certificates)
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-NatRuleFixups [<SwitchParameter>]
Any NAT rules found on the source edge that specify any 'local' ip (defined on any interface), will be
regenerated on the destination edge with the ip updated to the eqivalent IP on the new edge. Set this to
$false to disable automatic fixups of NAT rules. Any rules referencing edge local ip addresses will need to
be manually updated.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-RouterIdFixup [<SwitchParameter>]
If routerId is defined and matches any 'local' ip (defined on any interface), it will be updated to match the
equivalent IP on the new edge. Set to $false to disable automatic fixup. RouterID will need to be manually
updated in this case.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-FirewallFixups [<SwitchParameter>]
Any user defined local firewall rules with locally scoped objects (ipsets, services, servicegroups) referenced
will be updated to match the equivalent object on the new edge. Set to $false to disable automatic fixup.
User defined firewall rules will not be duplicated and will need to be manually recreated in this case.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-LocalObjectFixups [<SwitchParameter>]
Any locally scoped objects (ipsets, services, servicegroups and servicegroup membership) defined within the
edges local scope will be recreated on the new edge. This is required for FirewallFixups.
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-CertValidNumberOfDays <Int32>
Number of days any regenerated certificates are valid for. Defaults to 365
Required? false
Position? named
Default value 365
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Copy-NsxEdge -name Edge02 -Password VMware1!VMware1!
Creates a duplicated edge based on the source-edge Edge01. Any interface addresses found on Edge01 will be
interactively prompted for replacement. Note that the subnet (network and mask) of each primary or secondary
adderess specified must match that of the source edge, and all addresses found on the source must be updated.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$uplink = New-NsxEdgeInterfaceSpec -Index 0 -Name Uplink -Type uplink -ConnectedTo (get-vdportgroup
internal) -PrimaryAddress 192.168.100.202 -SubnetPrefixLength 24 -SecondaryAddresses
192.168.100.203,192.168.100.204,192.168.100.205
PS C:\\>$transit = New-NsxEdgeInterfaceSpec -Index 1 -Name Transit -Type internal -ConnectedTo
(Get-NsxLogicalSwitch transit) -PrimaryAddress 172.16.1.11 -SubnetPrefixLength 24 -SecondaryAddresses 172.16.1.12
PS C:\\>Get-NsxEdge Edge01 | Copy-NsxEdge -name Edge02 -Password VMware1!VMware1! -Interface $Uplink,$Transit
Creates two interface specs and creates a duplicated edge based on the source-edge Edge01. Note that the subnet
(network and mask) of each primary or secondary adderess specified in each spec, as well as the number of
addresses, and the interface indexes specified, must match that of the source edge.
RELATED LINKS