Currently one can only enable/disable existing VMHostFirewallExceptions. One cannot easily create a new exception or modify existing ones.
Cmdlets for managing the host firewalls need to include specifying protocol, ports, allowed IPs/ranges, as well as whether the exception is enabled or not.
This would greatly simplify the task of admins who need to suddenly make changes to existing firewall rules, such as add a new IP/range to an existing policy for all hosts within the environment, or to a subset of hosts in a specific cluster.
I would be especially happy about allowed IPs/ranges.
Attachments Open full size