editObjectNatRule
The editObjectNatRule operation handles configuration related to ObjectNatRule model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | ||
| name | True | string | A mandatory string that defines the name of this NAT rule | ||
| description | False | string | An optional string that describes this NAT rule Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
||
| sourceInterface | False | object | An object to represent the source Interface to filter out traffic that this Nat Rule will apply to Allowed types are: [SubInterface, PhysicalInterface] |
||
| destinationInterface | False | object | The interface through which traffic exits the device Allowed types are: [SubInterface, PhysicalInterface] |
||
| natType | True | string | An enum value that specifies the NAT rule type STATIC - A static type. DYNAMIC - A dynamic type Field level constraints: cannot be null. (Note: Additional constraints might exist) |
||
| patOptions | False | object | Please ignore this field | ||
| netToNet | False | boolean | A Boolean value, TRUE or FALSE (the default). This option is not supported, please always set this option to FALSE | ||
| noProxyArp | False | boolean | A Boolean value, TRUE or FALSE (the default). If TRUE, the system disables proxy ARP for incoming packets to the mapped IP addresses | ||
| dns | False | boolean | A Boolean value, TRUE or FALSE (the default). If TRUE, the system translates DNS replies based on this NAT rule, if DNS inspection is enabled | ||
| interfaceIPv6 | False | boolean | A Boolean value, TRUE or FALSE (the default). This option is not supported, please always set this field to FALSE | ||
| routeLookup | False | boolean | A Boolean value, TRUE or FALSE (the default). If TRUE, the system determines the egress interface using a route lookup instead of using the interface specified in the NAT rule | ||
| enabled | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that it is enabled | ||
| originalNetwork | False | object | The network object that contains the source addresses you are translating. This must be a network object (not a group) Allowed types are: [NetworkObject] |
||
| translatedNetwork | False | object | The network object or group that contains the mapped address Allowed types are: [NetworkObject, NetworkObjectGroup] |
||
| originalPort | False | object | An optional TCP or UDP port object that defines the original port, the one you are translating. Do not specify an object if the port does not matter in the translation Allowed types are: [UDPPortObject, ICMPv6PortObject, ICMPv4PortObject, ProtocolObject, TCPPortObject] |
||
| translatedPort | False | object | An optional TCP or UDP port object that defines the translated port, the one you are using to replace the original port. You must use the same protocol type (TCP or UDP) as the object specified in the originalPort Allowed types are: [UDPPortObject, ICMPv6PortObject, ICMPv4PortObject, ProtocolObject, TCPPortObject] |
||
| interfaceInTranslatedNetwork | False | boolean | A Boolean value, TRUE or FALSE (the default). If TRUE, the system uses the IP address of destination interface as the translated address (interface PAT) | ||
| rulePosition | False | integer | Transient field holding the index position for the rule | ||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | ||
Path Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| parentId | True | string | |||
| objId | True | string | |||
Query Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| at | False | integer | An integer representing where to add the new object in the ordered list. Use 0 to add it at the beginning of the list. If not specified, it will be added at the end of the list | ||
Example
- name: Execute 'editObjectNatRule' operation
ftd_configuration:
operation: "editObjectNatRule"
data:
version: "{{ version }}"
name: "{{ name }}"
description: "{{ description }}"
sourceInterface: "{{ source_interface }}"
destinationInterface: "{{ destination_interface }}"
natType: "{{ nat_type }}"
patOptions: "{{ pat_options }}"
netToNet: "{{ net_to_net }}"
noProxyArp: "{{ no_proxy_arp }}"
dns: "{{ dns }}"
interfaceIPv6: "{{ interface_i_pv6 }}"
routeLookup: "{{ route_lookup }}"
enabled: "{{ enabled }}"
originalNetwork: "{{ original_network }}"
translatedNetwork: "{{ translated_network }}"
originalPort: "{{ original_port }}"
translatedPort: "{{ translated_port }}"
interfaceInTranslatedNetwork: "{{ interface_in_translated_network }}"
rulePosition: "{{ rule_position }}"
id: "{{ id }}"
type: "{{ type }}"
path_params:
parentId: "{{ parent_id }}"
objId: "{{ obj_id }}"
query_params:
at: "{{ at }}"