< Back
Get-NsxFirewallRuleMember
Post
NAME Get-NsxFirewallRuleMember
SYNOPSIS
Retrieves the specified members from specified NSX Distributed Firewall
Rule.
SYNTAX
Get-NsxFirewallRuleMember -FirewallRule <XmlElement> [[-Member] <Object[]>] [-MemberType <String>]
[<CommonParameters>]
DESCRIPTION
An NSX Distributed Firewall Rule defines a typical 5 tuple rule and is
enforced on each hypervisor at the point where the VMs NIC connects to the
portgroup or logical switch.
This cmdlet accepts a firewall rule object returned from Get-NsxFirewallRule
and returns the specified source and/or destination members of the rule.
Its primary use is to provide a source object for the
Remove-NsxFirewallRuleMember cmdlet.
PARAMETERS
-FirewallRule <XmlElement>
DFW rule as returned by Get-NsxFirewallRule / New-NsxFirewallRule
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Member <Object[]>
Member(s) to return. Can specify as a string or VI / NSX Object (VM, Logical Switch etc)). String match is
processed as regex (eg: web\\d{2} is supported)
Required? false
Position? 2
Default value .*
Accept pipeline input? false
Accept wildcard characters? false
-MemberType <String>
MemberType to return. Source, Destination or All (Default)
Required? false
Position? named
Default value All
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember | format-table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination test ipset-309 IPSet true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
5441 3717 Destination 1.2.3.4 Ipv4Address true
Get all members from rule id 5441 and format output as table.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -MemberType Source -Member 1.2.3.4
RuleId : 5441
SectionId : 3717
MemberType : Source
Name :
Value : 1.2.3.4
Type : Ipv4Address
isValid : true
Get just the source member 1.2.3.4 from rule id 5441
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -Member 1.2.3.4 | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination 1.2.3.4 Ipv4Address true
Get member 1.2.3.4 in either source or destination of rule 5441. Matching by string
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -Member web\\d+ | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
Get any member of rule 5441 with a name matching the regular expression web\\d+ (the string web followed by 1 or
more digit)
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -Member (get-vm web01) | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
Get any member of rule 5441 that is the VM web01. Matching by PowerCLI object
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -Member (get-nsxipset test) | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Destination test ipset-309 IPSet true
Get any member of the rule 5441 that is the NSX IPSet called test. Matching by PowerNSX object
-------------------------- EXAMPLE 7 --------------------------
PS C:\\>get-nsxfirewallrule | Get-NsxFirewallRuleMember -Member (get-nsxipset test) | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Destination test ipset-309 IPSet true
Get any member of the rule 5441 that is the NSX IPSet called test. Matching by PowerNSX object
-------------------------- EXAMPLE 8 --------------------------
PS C:\\>get-nsxfirewallrule | Get-NsxFirewallRuleMember -Member (get-vm web01) | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
4332 3717 Source Web01 vm-1270 VirtualMachine true
Get any member of any rule that is the VM object web01. Matching accross all rules by PowerCLI object
RELATED LINKS
SYNOPSIS
Retrieves the specified members from specified NSX Distributed Firewall
Rule.
SYNTAX
Get-NsxFirewallRuleMember -FirewallRule <XmlElement> [[-Member] <Object[]>] [-MemberType <String>]
[<CommonParameters>]
DESCRIPTION
An NSX Distributed Firewall Rule defines a typical 5 tuple rule and is
enforced on each hypervisor at the point where the VMs NIC connects to the
portgroup or logical switch.
This cmdlet accepts a firewall rule object returned from Get-NsxFirewallRule
and returns the specified source and/or destination members of the rule.
Its primary use is to provide a source object for the
Remove-NsxFirewallRuleMember cmdlet.
PARAMETERS
-FirewallRule <XmlElement>
DFW rule as returned by Get-NsxFirewallRule / New-NsxFirewallRule
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Member <Object[]>
Member(s) to return. Can specify as a string or VI / NSX Object (VM, Logical Switch etc)). String match is
processed as regex (eg: web\\d{2} is supported)
Required? false
Position? 2
Default value .*
Accept pipeline input? false
Accept wildcard characters? false
-MemberType <String>
MemberType to return. Source, Destination or All (Default)
Required? false
Position? named
Default value All
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember | format-table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination test ipset-309 IPSet true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
5441 3717 Destination 1.2.3.4 Ipv4Address true
Get all members from rule id 5441 and format output as table.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -MemberType Source -Member 1.2.3.4
RuleId : 5441
SectionId : 3717
MemberType : Source
Name :
Value : 1.2.3.4
Type : Ipv4Address
isValid : true
Get just the source member 1.2.3.4 from rule id 5441
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -Member 1.2.3.4 | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination 1.2.3.4 Ipv4Address true
Get member 1.2.3.4 in either source or destination of rule 5441. Matching by string
-------------------------- EXAMPLE 4 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -Member web\\d+ | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
Get any member of rule 5441 with a name matching the regular expression web\\d+ (the string web followed by 1 or
more digit)
-------------------------- EXAMPLE 5 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -Member (get-vm web01) | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
Get any member of rule 5441 that is the VM web01. Matching by PowerCLI object
-------------------------- EXAMPLE 6 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Get-NsxFirewallRuleMember -Member (get-nsxipset test) | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Destination test ipset-309 IPSet true
Get any member of the rule 5441 that is the NSX IPSet called test. Matching by PowerNSX object
-------------------------- EXAMPLE 7 --------------------------
PS C:\\>get-nsxfirewallrule | Get-NsxFirewallRuleMember -Member (get-nsxipset test) | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Destination test ipset-309 IPSet true
Get any member of the rule 5441 that is the NSX IPSet called test. Matching by PowerNSX object
-------------------------- EXAMPLE 8 --------------------------
PS C:\\>get-nsxfirewallrule | Get-NsxFirewallRuleMember -Member (get-vm web01) | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
4332 3717 Source Web01 vm-1270 VirtualMachine true
Get any member of any rule that is the VM object web01. Matching accross all rules by PowerCLI object
RELATED LINKS