Automate NSX-T with PowerCLI

While working on an NSX-T project I got the question from the customer to deliver some firewall and network automation based on PowerShell. This to help them ramp up the creation of networks and firewall rules. I pointed them to the PowerCLI Preview for NSX-T, but I wasn’t aware that this fling only was able to retrieve information from NSX-T and not create items/objects. So, how can we do this then? I knew we were able to manage NSX-T since PowerCLI version 6.5.3, but how does this work?


After some google-fu I came across a blog post of Kyle Ruddy named: Getting Started with the PowerCLI Module for VMware NSX-T. This article describes how the NSX-T PowerShell Module works and which cmdlets where available:

  • Connect-NsxtServer
  • Disconnect-NsxtServer
  • Get-NsxtService
    Only 3 commands? Yes, only 3 commands! Because of the simple reason that with the 3rd command you have full access to NSX-T’s public API! And therefore you’re able to retrieve and create items/objects. In the blog article Kyle also gives some examples on how to Retrieve Transport Zone Information or perform Logical Switch and IP Pool Management. But how do we create an NSGroup or a Distributed Firewall Section? This post contains some additional examples and I’ll update this post as new scripts will come along.

    The first thing we need to do is connect to the NSX-T Manager:


    Create a NSGroup based on a Security Tag

    Delete a NSGroup

    List all NSGroups

    DFW Sections

    Search for DFW Section

    Create Firewall Rule in DFW Section

    Create DFW Section

    IP Sets

    Create IP Set

    Delete IP Set

    List all IP Sets

    NS Services

    Create NS Service

    Delete NS Service

    List all NS Services

    Logical Switches

    Create Logical Switch

    Delete Logical Switch


    Update vCenter Compute Manager Credentials

    The examples above should be used with care and are on your own risk!

    And if you have any cool new scripts or additions please let me know in the comments section below!

    Marco van Baggum

    Marco van Baggum

    Works as a SDDC Architect for ITQ. More details can be found on the About page

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    This site uses Akismet to reduce spam. Learn how your comment data is processed.