-
|
I am trying to use $Firewall = Get-NWFWFirewall -FirewallName "my-fw"
$Firewall.Firewall | ConvertTo-Json -Depth 10{
"DeleteProtection": false,
"Description": null,
"EncryptionConfiguration": {
"KeyId": "AWS_OWNED_KMS_KEY",
"Type": {
"Value": "AWS_OWNED_KMS_KEY"
}
},
"FirewallArn": "arn:aws:network-firewall:us-east-1:XXXXXXXXXXXX:firewall/my-fw",
"FirewallId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"FirewallName": "my-fw",
"FirewallPolicyArn": "arn:aws:network-firewall:us-east-1:XXXXXXXXXXXX:firewall-policy/my-fw-policy",
"FirewallPolicyChangeProtection": false,
"SubnetChangeProtection": false,
"SubnetMappings": [
{
"SubnetId": "subnet-xxxxxxxxxxxxxxxxx"
},
{
"SubnetId": "subnet-xxxxxxxxxxxxxxxxx"
}
],
"Tags": [
{
"Key": "Name",
"Value": "my-fw"
}
],
"VpcId": "vpc-xxxxxxxxxxxxxxxxx"
}$FirewallPolicy = Get-NWFWFirewallPolicy -FirewallPolicyArn $Firewall.Firewall.FirewallPolicyArn
$FirewallPolicy | ConvertTo-Json -Depth 10{
"StatefulDefaultActions": [
"aws:drop_established"
],
"StatefulEngineOptions": {
"RuleOrder": {
"Value": "STRICT_ORDER"
},
"StreamExceptionPolicy": null
},
"StatefulRuleGroupReferences": [
{
"Override": null,
"Priority": 1,
"ResourceArn": "arn:aws:network-firewall:us-east-1:XXXXXXXXXXXX:stateful-rulegroup/my-fw-stateful-rule-group"
}
],
"StatelessCustomActions": [],
"StatelessDefaultActions": [
"aws:forward_to_sfe"
],
"StatelessFragmentDefaultActions": [
"aws:drop"
],
"StatelessRuleGroupReferences": []
}However, I always get the same error $Params = @{
FirewallPolicyArn = $Firewall.Firewall.FirewallPolicyArn
FirewallPolicy_StatelessDefaultActions = $FirewallPolicy.FirewallPolicy.StatelessDefaultActions.ToArray()
FirewallPolicy_StatelessFragmentDefaultActions = $FirewallPolicy.FirewallPolicy.StatelessFragmentDefaultActions.ToArray()
UpdateToken = $FirewallPolicy.UpdateToken
Verbose = $true
}
Update-NWFWFirewallPolicy @ParamsWould be great if anyone could provide a working example for me on how to use it in a correct way. Thanks. I am using |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
After more trial and error I came up with this working example: $Params = @{
FirewallPolicyArn = $Firewall.Firewall.FirewallPolicyArn
FirewallPolicy_StatefulEngineOptions_RuleOrder = $FirewallPolicy.FirewallPolicy.StatefulEngineOptions.RuleOrder
FirewallPolicy_StatefulDefaultActions = $FirewallPolicy.FirewallPolicy.StatefulDefaultActions
FirewallPolicy_StatefulRuleGroupReferences = $FirewallPolicy.FirewallPolicy.StatefulRuleGroupReferences
FirewallPolicy_StatelessCustomActions = $FirewallPolicy.FirewallPolicy.StatelessCustomActions
FirewallPolicy_StatelessDefaultActions = $FirewallPolicy.FirewallPolicy.StatelessDefaultActions
FirewallPolicy_StatelessFragmentDefaultActions = $FirewallPolicy.FirewallPolicy.StatelessFragmentDefaultActions
FirewallPolicy_StatelessRuleGroupReferences = $FirewallPolicy.FirewallPolicy.StatelessRuleGroupReferences
UpdateToken = $FirewallPolicy.UpdateToken
Verbose = $true
}
Update-NWFWFirewallPolicy @ParamsIt seems like you always have to include all the parameters even though you do not plan to change them. The Cmdlet documentation was a bit misleading to me. I made the assumption that if I do not specify an non-required parameter it will keep the current configuration of that parameter. Instead it looks like the Cmdlet uses its default value for the parameter and sends it to the API. I guess that this was the reason for the error |
Beta Was this translation helpful? Give feedback.
-
|
Hello! Reopening this discussion to make it searchable. |
Beta Was this translation helpful? Give feedback.
After more trial and error I came up with this working example: