Recently I was working with someone helping them automate the final part of their script which was used to deploy new customers as they were on boarded in vCloud Director 5.5, as part of this on boarding they needed to work with the Edge Gateway to add new SNAT and DNAT rules which correspond with the customers IP range.
After some investigation and reading this page I was able to find the basics, after some further testing and internal help I found that there is no way to update a single record so I had to retrieve the existing XML ruleset, add the new entry and then upload it. You can see from the scripts how I do this and if you are feeling adventurous or have the need you could even create some remove- functions!
If you take a look at my Edge Gateway below you can see two existing rules, lets see what the functions do that I created.
Using the PowerCLI functions you can easily list the edge gateway rules using the following:
Creating a new SNAT rule is just as easy with the New-SNATRule function as you can see below:
And also a DNAT Rule with the New-DNATRule function as below:
Hopefully you will find this useful, feedback is of course welcome below in the comments section.
Hello Sir Im getting Get-EdgeNateRule is not recognized.
using vmware powercli 5.5 rev 1 upgraded to rev 2
we are using vcloud version 8.0.1.3635340.
Wow, you just saved me so many hours. Thank you
Hi,
I am looking at using this as a template for firewall rules, but looking at the vCD / vCHS 5.5 API guide pdf I cant see the reference for these objects, and also the equivilant for the firewall part of the Edge config.
$EGWConfXML.EdgeGateway.Configuration.EdgegatewayServiceConfiguration.NatService.outerxml ( IE.
$OriginalXML.NatService.natrule
Is there a reference for these? The modification of the actual XML string construct, as per the API guide is easy to change – I’m just confused with these parts!
Many thanks,
Scott.
Yes, you are right, this would minimise the transactions that are made against the Edge Gateway. It shouldn’t be too hard to reverse engineer Alan’s excellent functions to handle bulk importing from a source like a CSV file.
The problem seems to be more with the transactional way we need to interoperate with the Edge Gateway.
The ultimate solution, of course, would be to have proper PowerCLI cmdlets for interacting with Edge Gateways. Any hope on that front, Alan?
I also had the same error Glenn, but adding “Start-Sleep -s $WaitTimer” after each call solved the issue ($WaitTimer = 10).
If you have many rules to add like me, sounds like you’re after the same solution I requested here: https://communities.vmware.com/message/2429024
Building the XML file with ALL rules first, before sending to the Edge Gateway would be great.
Ah, I think I have it… I was calling the functions very quickly after one another, and not giving them time to commit the changes. I’ve added a “wait-event -timeout 30” to give the Edge time to catch up… seems to be holding together.
Thanks Alan!
Hi Alan. The XML ($GoXML) seems to be well formed from my untrained eye:
true
DNAT
true
65537
10.1.1.250
any
20.120.120.250
any
tcp
When reaching this point – $UploadData = $wc.Uploaddata($URI, “POST”, $bytearray)
This is where the error is generated:
Exception calling “UploadData” with “3” argument(s): “The remote server returned an error: (400) Bad Request.”
At C:\Scripts\BatchNAT\BatchNAT.ps1:136 char:30
+ $UploadData = $wc.Uploaddata <<<< ($URI, "POST", $bytearray)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException
Any clues?
I caught a very simple issue with Get-EdgeNATRule – when running from Powershell ISE, it was not initialising $EGWConfXML as an [XML] type which caused issues – so declaring it explicitly as [XML] fixed that problem wonderfully.
You would have to run each section manually to investigate what gets added to the xml, which function fails?
Hi Alan, these functions look excellent, but when executing them, we get a “The remote server returned an error: (400) Bad Request.” when performing the upload component. Any ideas as to what might cause this?