NSX 6.4.3 on vSphere 6.7, I would assume this is that same for NSX 6.4.x and vSphere 6.x
Given a proper auth Token and REST API Url to post a new NAT Rule to, what is the proper format for JSON as the body of the POST to create a new NAT Rule?
URL: https://<Server FQDN>/api/4.0/edges/<Edge Gateway Id>/nat/config/rules
Method: POST
Header Info:
ContentType: application/json
Accept: application/json
Authorization: AUTHTOKEN <AuthToken>
JSON Body:
{
"dnatMatchDestinationPort": "any",
"ruleTag": "70000",
"description": "NAT Rule 1",
"vnic": 0,
"originalAddress": "192.168.128.204",
"enabled": "true",
"translatedPort": "any",
"protocol": "any",
"loggingEnabled": "true",
"action": "dnat",
"dnatMatchSourceAddress": "any",
"translatedAddress": "192.168.10.4",
"originalPort": "any"
}
When we POST using this method we get this response:
{"errorCode":10050,"details":"Invalid input ''{0}'' provided for field {1}.","rootCauseString":"natRules","moduleName":"vShield Edge"}
We have tried wrapping that JSON Body under a Key: natRule and even adding that under a Key: natRules, i.e. {"natRules" : {"natRule": <above JSON Body>}}, regardless of what combination we have tried we continue to get the same response.
Also, we know about PowerNSX and use it. we are trying to create an Idempotent Script that will create or update based on whether the Object already exists and properties are different than requested and rather than use PowerNSX to create and some other method to update we want to use the same script, just change the method. JSON is much easier to work with and we want to avoid XML, we know XML works, the question is about JSON.
With your JSON body I received the same error message in our test lab.
But I have looked at what the JSON Body looks like when I request all nat rules via "GET https://{NSXMANAGER}/api/4.0/edges/{EDGE-ID}/nat/config" and tried something around.
At the end this body has worked for me:
{
"natRulesDtos": [
{
"dnatMatchDestinationPort": "any",
"ruleTag": "70000",
"description": "NAT Rule 1",
"vnic": "0",
"originalAddress": "192.168.128.204",
"enabled": true,
"translatedPort": "any",
"protocol": "any",
"loggingEnabled": true,
"action": "dnat",
"dnatMatchSourceAddress": "any",
"translatedAddress": "192.168.10.4",
"originalPort": "any"
}
]
}
{"errorCode":10050,"details":"Invalid input ''{0}'' provided for field {1}.","rootCauseString":"natRules","moduleName":"vShield Edge"}
It's complaining about the first value in the first field.
And if I look at the NSX API reference I can not find the parameter "dnatMatchDestinationPort".
Only "dnatMatchSourcePort" for dnat rules and "snatMatchDestinationPort" for snat rules.
See: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/nsx_64_api.pdf (page 362 and 363)
sk84
You are correct i had that property name wrong. Fixed that and ran again with the same result.
We are even trying to make sure the properties are in proper sequence/order basing it off the web reference for the request XML
The XML Schema shows a sequence:
<xs:sequence>
<xs:element type="xs:string" name="action"/>
<xs:element type="xs:string" name="vnic"/>
<xs:element type="xs:string" name="originalAddress"/>
<xs:element type="xs:string" name="translatedAddress"/>
<xs:element type="xs:string" name="dnatMatchSourceAddress"/>
<xs:element type="xs:string" name="snatMatchDestinationAddress"/>
<xs:element type="xs:string" name="loggingEnabled"/>
<xs:element type="xs:string" name="enabled"/>
<xs:element type="xs:string" name="description"/>
<xs:element type="xs:string" name="protocol"/>
<xs:element type="xs:string" name="translatedPort"/>
<xs:element type="xs:string" name="originalPort"/>
<xs:element type="xs:string" name="dnatMatchSourcePort"/>
<xs:element type="xs:string" name="snatMatchDestinationPort"/>
</xs:sequence>
We have made an ordered hash table and still same error. Not sure if maybe it is a sequence thing or we are missing some element.
as an quick update the JSON body has been updated to:
{
"action": "dnat",
"vnic": "0",
"originalAddress": "192.168.200.204",
"translatedAddress": "192.168.10.4",
"dnatMatchSourceAddress": "any",
"loggingEnabled": "true",
"enabled": "true",
"description": "NAT Rule 1",
"protocol": "any",
"translatedPort": "any",
"originalPort": "any",
"dnatMatchSourcePort": "any"
}
With your JSON body I received the same error message in our test lab.
But I have looked at what the JSON Body looks like when I request all nat rules via "GET https://{NSXMANAGER}/api/4.0/edges/{EDGE-ID}/nat/config" and tried something around.
At the end this body has worked for me:
{
"natRulesDtos": [
{
"dnatMatchDestinationPort": "any",
"ruleTag": "70000",
"description": "NAT Rule 1",
"vnic": "0",
"originalAddress": "192.168.128.204",
"enabled": true,
"translatedPort": "any",
"protocol": "any",
"loggingEnabled": true,
"action": "dnat",
"dnatMatchSourceAddress": "any",
"translatedAddress": "192.168.10.4",
"originalPort": "any"
}
]
}
Sebastian,
Well I'll be.... That worked!! Thanks for your help! I think Edge Firewall Rules are going to be similar but that is the next hurdle.
We have done the GET before exactly like you mentioned but never thought to formulate it that way,, Geesh.