< Back
Set-NsxEdgeFirewall
Post
NAME Set-NsxEdgeFirewall
SYNOPSIS
Configures global Firewall configuration of an existing NSX Edge Services
Gateway.
SYNTAX
Set-NsxEdgeFirewall [-EdgeFirewall] <XmlElement> [-NoConfirm] [-Enabled] [-DefaultRuleAction <String>]
[-DefaultRuleLoggingEnabled] [-tcpPickOngoingConnections] [-tcpAllowOutOfWindowPackets]
[-tcpSendResetForClosedVsePorts] [-dropInvalidTraffic] [-logInvalidTraffic] [-tcpTimeoutOpen <Int32>]
[-tcpTimeoutEstablished <Int32>] [-tcpTimeoutClose <Int32>] [-udpTimeout <Int32>] [-icmpTimeout <Int32>]
[-icmp6Timeout <Int32>] [-ipGenericTimeout <Int32>] [-enableSynFloodProtection] [-logIcmpErrors]
[-dropIcmpReplays] [-Connection <PSObject>] [<CommonParameters>]
Set-NsxEdgeFirewall [-EdgeFirewall] <XmlElement> [-Confirm] [-Enabled] [-DefaultRuleAction <String>]
[-DefaultRuleLoggingEnabled] [-tcpPickOngoingConnections] [-tcpAllowOutOfWindowPackets]
[-tcpSendResetForClosedVsePorts] [-dropInvalidTraffic] [-logInvalidTraffic] [-tcpTimeoutOpen <Int32>]
[-tcpTimeoutEstablished <Int32>] [-tcpTimeoutClose <Int32>] [-udpTimeout <Int32>] [-icmpTimeout <Int32>]
[-icmp6Timeout <Int32>] [-ipGenericTimeout <Int32>] [-enableSynFloodProtection] [-logIcmpErrors]
[-dropIcmpReplays] [-Connection <PSObject>] [<CommonParameters>]
DESCRIPTION
An NSX Edge Service Gateway provides all NSX Edge services such as firewall,
NAT, DHCP, VPN, load balancing, and high availability. Each NSX Edge virtual
appliance can have a total of ten uplink and internal network interfaces and
up to 200 subinterfaces. Multiple external IP addresses can be configured
for load balancer, site???????????????to???????????????site VPN, and NAT services.
The NSX Edge provides layer 3/4 firewall services to protect connected
networks. the Edge firewall is separate, and can be used to complement the
NSX distributed firewall
The Set-NsxEdgeFirewall cmdlet configures the global FW configuration of
the specified Edge Services Gateway.
PARAMETERS
-EdgeFirewall <XmlElement>
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompt for confirmation. Specify as -confirm:$false to disable confirmation prompt
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-NoConfirm [<SwitchParameter>]
Disable Prompt for confirmation.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Enabled [<SwitchParameter>]
Enable / Disable Edge Firewall
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-DefaultRuleAction <String>
Default rule action
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DefaultRuleLoggingEnabled [<SwitchParameter>]
Default rule logging configuration
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-tcpPickOngoingConnections [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-tcpAllowOutOfWindowPackets [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-tcpSendResetForClosedVsePorts [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-dropInvalidTraffic [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-logInvalidTraffic [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-tcpTimeoutOpen <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-tcpTimeoutEstablished <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-tcpTimeoutClose <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-udpTimeout <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-icmpTimeout <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-icmp6Timeout <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-ipGenericTimeout <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-enableSynFloodProtection [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-logIcmpErrors [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-dropIcmpReplays [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxEdgeFirewall | Set-NsxEdgeFirewall -DefaultRuleAction deny
Retrieve the current global FW configuration of Edge01 and set the action on
the default rule to deny.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxEdgeFirewall | Set-NsxEdgeFirewall -DefaultRuleAction deny -NoConfirm
Retrieve the current global FW configuration of Edge01 and set the action on
the default rule to deny without prompting for confirmation.
RELATED LINKS
SYNOPSIS
Configures global Firewall configuration of an existing NSX Edge Services
Gateway.
SYNTAX
Set-NsxEdgeFirewall [-EdgeFirewall] <XmlElement> [-NoConfirm] [-Enabled] [-DefaultRuleAction <String>]
[-DefaultRuleLoggingEnabled] [-tcpPickOngoingConnections] [-tcpAllowOutOfWindowPackets]
[-tcpSendResetForClosedVsePorts] [-dropInvalidTraffic] [-logInvalidTraffic] [-tcpTimeoutOpen <Int32>]
[-tcpTimeoutEstablished <Int32>] [-tcpTimeoutClose <Int32>] [-udpTimeout <Int32>] [-icmpTimeout <Int32>]
[-icmp6Timeout <Int32>] [-ipGenericTimeout <Int32>] [-enableSynFloodProtection] [-logIcmpErrors]
[-dropIcmpReplays] [-Connection <PSObject>] [<CommonParameters>]
Set-NsxEdgeFirewall [-EdgeFirewall] <XmlElement> [-Confirm] [-Enabled] [-DefaultRuleAction <String>]
[-DefaultRuleLoggingEnabled] [-tcpPickOngoingConnections] [-tcpAllowOutOfWindowPackets]
[-tcpSendResetForClosedVsePorts] [-dropInvalidTraffic] [-logInvalidTraffic] [-tcpTimeoutOpen <Int32>]
[-tcpTimeoutEstablished <Int32>] [-tcpTimeoutClose <Int32>] [-udpTimeout <Int32>] [-icmpTimeout <Int32>]
[-icmp6Timeout <Int32>] [-ipGenericTimeout <Int32>] [-enableSynFloodProtection] [-logIcmpErrors]
[-dropIcmpReplays] [-Connection <PSObject>] [<CommonParameters>]
DESCRIPTION
An NSX Edge Service Gateway provides all NSX Edge services such as firewall,
NAT, DHCP, VPN, load balancing, and high availability. Each NSX Edge virtual
appliance can have a total of ten uplink and internal network interfaces and
up to 200 subinterfaces. Multiple external IP addresses can be configured
for load balancer, site???????????????to???????????????site VPN, and NAT services.
The NSX Edge provides layer 3/4 firewall services to protect connected
networks. the Edge firewall is separate, and can be used to complement the
NSX distributed firewall
The Set-NsxEdgeFirewall cmdlet configures the global FW configuration of
the specified Edge Services Gateway.
PARAMETERS
-EdgeFirewall <XmlElement>
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompt for confirmation. Specify as -confirm:$false to disable confirmation prompt
Required? false
Position? named
Default value True
Accept pipeline input? false
Accept wildcard characters? false
-NoConfirm [<SwitchParameter>]
Disable Prompt for confirmation.
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Enabled [<SwitchParameter>]
Enable / Disable Edge Firewall
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-DefaultRuleAction <String>
Default rule action
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DefaultRuleLoggingEnabled [<SwitchParameter>]
Default rule logging configuration
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-tcpPickOngoingConnections [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-tcpAllowOutOfWindowPackets [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-tcpSendResetForClosedVsePorts [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-dropInvalidTraffic [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-logInvalidTraffic [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-tcpTimeoutOpen <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-tcpTimeoutEstablished <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-tcpTimeoutClose <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-udpTimeout <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-icmpTimeout <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-icmp6Timeout <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-ipGenericTimeout <Int32>
Edge Firewall global config option
Required? false
Position? named
Default value 0
Accept pipeline input? false
Accept wildcard characters? false
-enableSynFloodProtection [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-logIcmpErrors [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-dropIcmpReplays [<SwitchParameter>]
Edge Firewall global config option
Required? false
Position? named
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxEdgeFirewall | Set-NsxEdgeFirewall -DefaultRuleAction deny
Retrieve the current global FW configuration of Edge01 and set the action on
the default rule to deny.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-NsxEdge Edge01 | Get-NsxEdgeFirewall | Set-NsxEdgeFirewall -DefaultRuleAction deny -NoConfirm
Retrieve the current global FW configuration of Edge01 and set the action on
the default rule to deny without prompting for confirmation.
RELATED LINKS