Working with vCD Edge Gateway Rules in PowerCLI

Recently I was working with someone helping them automate the final part of their script which was used to deploy new customers as they were on boarded in vCloud Director 5.5, as part of this on boarding they needed to work with the Edge Gateway to add new SNAT and DNAT rules which correspond with the customers IP range.

After some investigation and reading this page I was able to find the basics, after some further testing and internal help I found that there is no way to update a single record so I had to retrieve the existing XML ruleset, add the new entry and then upload it.  You can see from the scripts how I do this and if you are feeling adventurous or have the need you could even create some remove- functions!

If you take a look at my Edge Gateway below you can see two existing rules, lets see what the functions do that I created.

TinyGrab Screen Shot 24-07-2014 22.31.21

Using the PowerCLI functions you can easily list the edge gateway rules using the following:

TinyGrab Screen Shot 24-07-2014 22.55.19

Creating a new SNAT rule is just as easy with the New-SNATRule function as you can see below:

TinyGrab Screen Shot 24-07-2014 22.59.55

And also a DNAT Rule with the New-DNATRule function as below:

TinyGrab Screen Shot 24-07-2014 23.01.48

Hopefully you will find this useful, feedback is of course welcome below in the comments section.

The Functions

8 thoughts on “Working with vCD Edge Gateway Rules in PowerCLI”

  1. Hi,

    I am looking at using this as a template for firewall rules, but looking at the vCD / vCHS 5.5 API guide pdf I cant see the reference for these objects, and also the equivilant for the firewall part of the Edge config.

    $EGWConfXML.EdgeGateway.Configuration.EdgegatewayServiceConfiguration.NatService.outerxml ( IE.


    Is there a reference for these? The modification of the actual XML string construct, as per the API guide is easy to change – I’m just confused with these parts!

    Many thanks,


    1. Yes, you are right, this would minimise the transactions that are made against the Edge Gateway. It shouldn’t be too hard to reverse engineer Alan’s excellent functions to handle bulk importing from a source like a CSV file.

      The problem seems to be more with the transactional way we need to interoperate with the Edge Gateway.

      The ultimate solution, of course, would be to have proper PowerCLI cmdlets for interacting with Edge Gateways. Any hope on that front, Alan?

  2. Hi Alan, these functions look excellent, but when executing them, we get a “The remote server returned an error: (400) Bad Request.” when performing the upload component. Any ideas as to what might cause this?

      1. Hi Alan. The XML ($GoXML) seems to be well formed from my untrained eye:


        When reaching this point – $UploadData = $wc.Uploaddata($URI, “POST”, $bytearray)

        This is where the error is generated:

        Exception calling “UploadData” with “3” argument(s): “The remote server returned an error: (400) Bad Request.”
        At C:\Scripts\BatchNAT\BatchNAT.ps1:136 char:30
        + $UploadData = $wc.Uploaddata <<<< ($URI, "POST", $bytearray)
        + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
        + FullyQualifiedErrorId : DotNetMethodException

        Any clues?

        I caught a very simple issue with Get-EdgeNATRule – when running from Powershell ISE, it was not initialising $EGWConfXML as an [XML] type which caused issues – so declaring it explicitly as [XML] fixed that problem wonderfully.

        1. Ah, I think I have it… I was calling the functions very quickly after one another, and not giving them time to commit the changes. I’ve added a “wait-event -timeout 30” to give the Edge time to catch up… seems to be holding together.

          Thanks Alan!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.