addObjectNatRule
The addObjectNatRule operation handles configuration related to ObjectNatRule model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| name | True | string | A mandatory string that defines the name of this NAT rule | |||
| description | False | string | An optional string that describes this NAT rule Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| sourceInterface | False | object | An object to represent the source Interface to filter out traffic that this Nat Rule will apply to Allowed types are: [EtherChannelInterface, PhysicalInterface, SubInterface, VirtualTunnelInterface, VlanInterface] |
|||
| destinationInterface | False | object | The interface through which traffic exits the device Allowed types are: [EtherChannelInterface, PhysicalInterface, SubInterface, VirtualTunnelInterface, VlanInterface] |
|||
| natType | True | string | An enum value that specifies the NAT rule type STATIC - A static type. DYNAMIC - A dynamic type Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| patOptions | False | object | Please ignore this field | |||
| netToNet | False | boolean | A Boolean value, TRUE or FALSE (the default). This option is not supported, please always set this option to FALSE | |||
| noProxyArp | False | boolean | A Boolean value, TRUE or FALSE (the default). If TRUE, the system disables proxy ARP for incoming packets to the mapped IP addresses | |||
| dns | False | boolean | A Boolean value, TRUE or FALSE (the default). If TRUE, the system translates DNS replies based on this NAT rule, if DNS inspection is enabled | |||
| interfaceIPv6 | False | boolean | A Boolean value, TRUE or FALSE (the default). This option is not supported, please always set this field to FALSE | |||
| routeLookup | False | boolean | A Boolean value, TRUE or FALSE (the default). If TRUE, the system determines the egress interface using a route lookup instead of using the interface specified in the NAT rule | |||
| enabled | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that it is enabled | |||
| originalNetwork | False | object | The network object that contains the source addresses you are translating. This must be a network object (not a group) Allowed types are: [NetworkObject] |
|||
| translatedNetwork | False | object | The network object or group that contains the mapped address Allowed types are: [NetworkObject, NetworkObjectGroup] |
|||
| originalPort | False | object | An optional TCP or UDP port object that defines the original port, the one you are translating. Do not specify an object if the port does not matter in the translation Allowed types are: [ICMPv4PortObject, ICMPv6PortObject, ProtocolObject, TCPPortObject, UDPPortObject] |
|||
| translatedPort | False | object | An optional TCP or UDP port object that defines the translated port, the one you are using to replace the original port. You must use the same protocol type (TCP or UDP) as the object specified in the originalPort Allowed types are: [ICMPv4PortObject, ICMPv6PortObject, ProtocolObject, TCPPortObject, UDPPortObject] |
|||
| interfaceInTranslatedNetwork | False | boolean | A Boolean value, TRUE or FALSE (the default). If TRUE, the system uses the IP address of destination interface as the translated address (interface PAT) | |||
| rulePosition | False | integer | Transient field holding the index position for the rule | |||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Path Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| parentId | True | string | ||||
Query Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| at | False | integer | An integer representing where to add the new object in the ordered list. Use 0 to add it at the beginning of the list. If not specified, it will be added at the end of the list | |||
Example
- name: Execute 'addObjectNatRule' operation
ftd_configuration:
operation: "addObjectNatRule"
data:
name: "{{ name }}"
description: "{{ description }}"
sourceInterface: "{{ source_interface }}"
destinationInterface: "{{ destination_interface }}"
natType: "{{ nat_type }}"
patOptions: "{{ pat_options }}"
netToNet: "{{ net_to_net }}"
noProxyArp: "{{ no_proxy_arp }}"
dns: "{{ dns }}"
interfaceIPv6: "{{ interface_i_pv6 }}"
routeLookup: "{{ route_lookup }}"
enabled: "{{ enabled }}"
originalNetwork: "{{ original_network }}"
translatedNetwork: "{{ translated_network }}"
originalPort: "{{ original_port }}"
translatedPort: "{{ translated_port }}"
interfaceInTranslatedNetwork: "{{ interface_in_translated_network }}"
rulePosition: "{{ rule_position }}"
type: "{{ type }}"
path_params:
parentId: "{{ parent_id }}"
query_params:
at: "{{ at }}"