vcd.NsxtNatRule
Explore with Pulumi AI
Create NsxtNatRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NsxtNatRule(name: string, args: NsxtNatRuleArgs, opts?: CustomResourceOptions);@overload
def NsxtNatRule(resource_name: str,
                args: NsxtNatRuleArgs,
                opts: Optional[ResourceOptions] = None)
@overload
def NsxtNatRule(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                edge_gateway_id: Optional[str] = None,
                rule_type: Optional[str] = None,
                logging: Optional[bool] = None,
                name: Optional[str] = None,
                enabled: Optional[bool] = None,
                external_address: Optional[str] = None,
                firewall_match: Optional[str] = None,
                internal_address: Optional[str] = None,
                app_port_profile_id: Optional[str] = None,
                dnat_external_port: Optional[str] = None,
                nsxt_nat_rule_id: Optional[str] = None,
                org: Optional[str] = None,
                priority: Optional[float] = None,
                description: Optional[str] = None,
                snat_destination_address: Optional[str] = None,
                vdc: Optional[str] = None)func NewNsxtNatRule(ctx *Context, name string, args NsxtNatRuleArgs, opts ...ResourceOption) (*NsxtNatRule, error)public NsxtNatRule(string name, NsxtNatRuleArgs args, CustomResourceOptions? opts = null)
public NsxtNatRule(String name, NsxtNatRuleArgs args)
public NsxtNatRule(String name, NsxtNatRuleArgs args, CustomResourceOptions options)
type: vcd:NsxtNatRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NsxtNatRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NsxtNatRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NsxtNatRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NsxtNatRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NsxtNatRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var nsxtNatRuleResource = new Vcd.NsxtNatRule("nsxtNatRuleResource", new()
{
    EdgeGatewayId = "string",
    RuleType = "string",
    Logging = false,
    Name = "string",
    Enabled = false,
    ExternalAddress = "string",
    FirewallMatch = "string",
    InternalAddress = "string",
    AppPortProfileId = "string",
    DnatExternalPort = "string",
    NsxtNatRuleId = "string",
    Org = "string",
    Priority = 0,
    Description = "string",
    SnatDestinationAddress = "string",
});
example, err := vcd.NewNsxtNatRule(ctx, "nsxtNatRuleResource", &vcd.NsxtNatRuleArgs{
	EdgeGatewayId:          pulumi.String("string"),
	RuleType:               pulumi.String("string"),
	Logging:                pulumi.Bool(false),
	Name:                   pulumi.String("string"),
	Enabled:                pulumi.Bool(false),
	ExternalAddress:        pulumi.String("string"),
	FirewallMatch:          pulumi.String("string"),
	InternalAddress:        pulumi.String("string"),
	AppPortProfileId:       pulumi.String("string"),
	DnatExternalPort:       pulumi.String("string"),
	NsxtNatRuleId:          pulumi.String("string"),
	Org:                    pulumi.String("string"),
	Priority:               pulumi.Float64(0),
	Description:            pulumi.String("string"),
	SnatDestinationAddress: pulumi.String("string"),
})
var nsxtNatRuleResource = new NsxtNatRule("nsxtNatRuleResource", NsxtNatRuleArgs.builder()
    .edgeGatewayId("string")
    .ruleType("string")
    .logging(false)
    .name("string")
    .enabled(false)
    .externalAddress("string")
    .firewallMatch("string")
    .internalAddress("string")
    .appPortProfileId("string")
    .dnatExternalPort("string")
    .nsxtNatRuleId("string")
    .org("string")
    .priority(0.0)
    .description("string")
    .snatDestinationAddress("string")
    .build());
nsxt_nat_rule_resource = vcd.NsxtNatRule("nsxtNatRuleResource",
    edge_gateway_id="string",
    rule_type="string",
    logging=False,
    name="string",
    enabled=False,
    external_address="string",
    firewall_match="string",
    internal_address="string",
    app_port_profile_id="string",
    dnat_external_port="string",
    nsxt_nat_rule_id="string",
    org="string",
    priority=0,
    description="string",
    snat_destination_address="string")
const nsxtNatRuleResource = new vcd.NsxtNatRule("nsxtNatRuleResource", {
    edgeGatewayId: "string",
    ruleType: "string",
    logging: false,
    name: "string",
    enabled: false,
    externalAddress: "string",
    firewallMatch: "string",
    internalAddress: "string",
    appPortProfileId: "string",
    dnatExternalPort: "string",
    nsxtNatRuleId: "string",
    org: "string",
    priority: 0,
    description: "string",
    snatDestinationAddress: "string",
});
type: vcd:NsxtNatRule
properties:
    appPortProfileId: string
    description: string
    dnatExternalPort: string
    edgeGatewayId: string
    enabled: false
    externalAddress: string
    firewallMatch: string
    internalAddress: string
    logging: false
    name: string
    nsxtNatRuleId: string
    org: string
    priority: 0
    ruleType: string
    snatDestinationAddress: string
NsxtNatRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NsxtNatRule resource accepts the following input properties:
- EdgeGateway stringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- RuleType string
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- AppPort stringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- Description string
- An optional description of the NAT rule
- DnatExternal stringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- Enabled bool
- Enables or disables NAT rule (default true)
- ExternalAddress string
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- FirewallMatch string
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- InternalAddress string
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- Logging bool
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- Name string
- A name for NAT rule
- NsxtNat stringRule Id 
- Org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- Priority double
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- SnatDestination stringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- Vdc string
- The name of VDC to use, optional if defined at provider level
- EdgeGateway stringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- RuleType string
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- AppPort stringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- Description string
- An optional description of the NAT rule
- DnatExternal stringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- Enabled bool
- Enables or disables NAT rule (default true)
- ExternalAddress string
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- FirewallMatch string
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- InternalAddress string
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- Logging bool
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- Name string
- A name for NAT rule
- NsxtNat stringRule Id 
- Org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- Priority float64
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- SnatDestination stringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- Vdc string
- The name of VDC to use, optional if defined at provider level
- edgeGateway StringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- ruleType String
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- appPort StringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- description String
- An optional description of the NAT rule
- dnatExternal StringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- enabled Boolean
- Enables or disables NAT rule (default true)
- externalAddress String
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- firewallMatch String
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- internalAddress String
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- logging Boolean
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- name String
- A name for NAT rule
- nsxtNat StringRule Id 
- org String
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- priority Double
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- snatDestination StringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- vdc String
- The name of VDC to use, optional if defined at provider level
- edgeGateway stringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- ruleType string
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- appPort stringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- description string
- An optional description of the NAT rule
- dnatExternal stringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- enabled boolean
- Enables or disables NAT rule (default true)
- externalAddress string
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- firewallMatch string
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- internalAddress string
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- logging boolean
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- name string
- A name for NAT rule
- nsxtNat stringRule Id 
- org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- priority number
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- snatDestination stringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- vdc string
- The name of VDC to use, optional if defined at provider level
- edge_gateway_ strid 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- rule_type str
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- app_port_ strprofile_ id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- description str
- An optional description of the NAT rule
- dnat_external_ strport 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- enabled bool
- Enables or disables NAT rule (default true)
- external_address str
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- firewall_match str
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- internal_address str
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- logging bool
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- name str
- A name for NAT rule
- nsxt_nat_ strrule_ id 
- org str
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- priority float
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- snat_destination_ straddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- vdc str
- The name of VDC to use, optional if defined at provider level
- edgeGateway StringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- ruleType String
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- appPort StringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- description String
- An optional description of the NAT rule
- dnatExternal StringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- enabled Boolean
- Enables or disables NAT rule (default true)
- externalAddress String
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- firewallMatch String
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- internalAddress String
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- logging Boolean
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- name String
- A name for NAT rule
- nsxtNat StringRule Id 
- org String
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- priority Number
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- snatDestination StringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- vdc String
- The name of VDC to use, optional if defined at provider level
Outputs
All input properties are implicitly available as output properties. Additionally, the NsxtNatRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NsxtNatRule Resource
Get an existing NsxtNatRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NsxtNatRuleState, opts?: CustomResourceOptions): NsxtNatRule@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        app_port_profile_id: Optional[str] = None,
        description: Optional[str] = None,
        dnat_external_port: Optional[str] = None,
        edge_gateway_id: Optional[str] = None,
        enabled: Optional[bool] = None,
        external_address: Optional[str] = None,
        firewall_match: Optional[str] = None,
        internal_address: Optional[str] = None,
        logging: Optional[bool] = None,
        name: Optional[str] = None,
        nsxt_nat_rule_id: Optional[str] = None,
        org: Optional[str] = None,
        priority: Optional[float] = None,
        rule_type: Optional[str] = None,
        snat_destination_address: Optional[str] = None,
        vdc: Optional[str] = None) -> NsxtNatRulefunc GetNsxtNatRule(ctx *Context, name string, id IDInput, state *NsxtNatRuleState, opts ...ResourceOption) (*NsxtNatRule, error)public static NsxtNatRule Get(string name, Input<string> id, NsxtNatRuleState? state, CustomResourceOptions? opts = null)public static NsxtNatRule get(String name, Output<String> id, NsxtNatRuleState state, CustomResourceOptions options)resources:  _:    type: vcd:NsxtNatRule    get:      id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- AppPort stringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- Description string
- An optional description of the NAT rule
- DnatExternal stringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- EdgeGateway stringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- Enabled bool
- Enables or disables NAT rule (default true)
- ExternalAddress string
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- FirewallMatch string
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- InternalAddress string
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- Logging bool
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- Name string
- A name for NAT rule
- NsxtNat stringRule Id 
- Org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- Priority double
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- RuleType string
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- SnatDestination stringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- Vdc string
- The name of VDC to use, optional if defined at provider level
- AppPort stringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- Description string
- An optional description of the NAT rule
- DnatExternal stringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- EdgeGateway stringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- Enabled bool
- Enables or disables NAT rule (default true)
- ExternalAddress string
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- FirewallMatch string
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- InternalAddress string
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- Logging bool
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- Name string
- A name for NAT rule
- NsxtNat stringRule Id 
- Org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- Priority float64
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- RuleType string
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- SnatDestination stringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- Vdc string
- The name of VDC to use, optional if defined at provider level
- appPort StringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- description String
- An optional description of the NAT rule
- dnatExternal StringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- edgeGateway StringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- enabled Boolean
- Enables or disables NAT rule (default true)
- externalAddress String
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- firewallMatch String
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- internalAddress String
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- logging Boolean
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- name String
- A name for NAT rule
- nsxtNat StringRule Id 
- org String
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- priority Double
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- ruleType String
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- snatDestination StringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- vdc String
- The name of VDC to use, optional if defined at provider level
- appPort stringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- description string
- An optional description of the NAT rule
- dnatExternal stringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- edgeGateway stringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- enabled boolean
- Enables or disables NAT rule (default true)
- externalAddress string
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- firewallMatch string
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- internalAddress string
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- logging boolean
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- name string
- A name for NAT rule
- nsxtNat stringRule Id 
- org string
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- priority number
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- ruleType string
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- snatDestination stringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- vdc string
- The name of VDC to use, optional if defined at provider level
- app_port_ strprofile_ id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- description str
- An optional description of the NAT rule
- dnat_external_ strport 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- edge_gateway_ strid 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- enabled bool
- Enables or disables NAT rule (default true)
- external_address str
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- firewall_match str
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- internal_address str
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- logging bool
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- name str
- A name for NAT rule
- nsxt_nat_ strrule_ id 
- org str
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- priority float
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- rule_type str
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- snat_destination_ straddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- vdc str
- The name of VDC to use, optional if defined at provider level
- appPort StringProfile Id 
- Application Port Profile to which to apply the rule. The
Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge
gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfiledata source or created usingvcd.NsxtAppPortProfileresource
- description String
- An optional description of the NAT rule
- dnatExternal StringPort 
- For DNATonly. This represents the external port number or port range when doingDNATport forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.
- edgeGateway StringId 
- The ID of the Edge Gateway (NSX-T only). Can be looked up using
vcd.NsxtEdgegatewaydata source
- enabled Boolean
- Enables or disables NAT rule (default true)
- externalAddress String
- The external address for the NAT Rule. This must be supplied as a single IP or Network
CIDR. For a DNATrule, this is the external facing IP Address for incoming traffic. For anSNATrule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For aREFLEXIVErule, these are the external facing IPs.
- firewallMatch String
- You can set a firewall match rule to determine how
firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS,MATCH_EXTERNAL_ADDRESS,BYPASS- MATCH_INTERNAL_ADDRESS- applies firewall rules to the internal address of a NAT rule
- MATCH_EXTERNAL_ADDRESS- applies firewall rules to the external address of a NAT rule
- BYPASS- skip applying firewall rules to NAT rule
 
- internalAddress String
- The internal address for the NAT Rule. This must be supplied as a single IP or
Network CIDR. For a DNATrule, this is the internal IP address for incoming traffic. For anSNATrule, this is the internal IP Address for outgoing traffic. For aREFLEXIVErule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.
- logging Boolean
- Enable to have the address translation performed by this rule logged
(default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it.pulumi previewmight show difference on every update.
- name String
- A name for NAT rule
- nsxtNat StringRule Id 
- org String
- The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.
- priority Number
- if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.
- ruleType String
- One of DNAT,NO_DNAT,SNAT,NO_SNAT,REFLEXIVE- DNATrule translates the external IP to an internal IP and is used for inbound traffic
- NO_DNATprevents external IP translation
- SNATtranslates an internal IP to an external IP and is used for outbound traffic
- NO_SNATprevents internal IP translation
- REFLEXIVE(VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.
 
- snatDestination StringAddress 
- For SNATonly. The destination addresses to match in theSNATRule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.
- vdc String
- The name of VDC to use, optional if defined at provider level
Package Details
- Repository
- vcd vmware/terraform-provider-vcd
- License
- Notes
- This Pulumi package is based on the vcdTerraform Provider.