Delete All Snat Rules On A Vshield Edge; Managing Dnat Rules; Get The Dnat Rule Set; Post A Dnat Rule Set - VMware VSHIELD APP 1.0 - API Programming Manual

vShield API Programming Guide

Delete All SNAT Rules on a vShield Edge

Example 5-16. Delete All SNAT Rules on a vShield Edge
Request:
DELETE <vshield_manager-uri>/api/1.0/network/<portgroup-moid>/snat/rules
Example:
DELETE /api/1.0/network/network-244/snat/rules HTTP/1.1
Authorization: Basic YWRtaW46ZGVmYXVsdA==
Host:sdfsdf

Managing DNAT Rules

DNAT maps public addresses to internal addresses. If you use Port Group Isolation, you must configure
DNAT rules to allow traffic from the external network to the internal network.
The vShield Edge supports two forms of DNAT:

Traffic targeting a public address is forwarded to an internal host with the given internal IP address.

Traffic targeting a specific port of a public address is forwarded to an internal host with the given internal
IP address on the specified port.

Get the DNAT Rule Set

Example 5-17. Get the DNAT Rule Set on a vShield Edge
Request:
GET <vshield_manager-uri>/api/1.0/network/<portgroup-moid>/dnat/rules
Example:
GET /api/1.0/network/network-244/dnat/rules HTTP/1.1
Authorization: Basic YWRtaW46ZGVmYXVsdA==
Host: localhost

Post a DNAT Rule Set

You can post a DNAT rule set for a vShield Edge.
The vShield Manager processes the posted XML file as a complete rule set for the specific vShield Edge. The
current rule set is replaced with this new set of rules.
Example 5-18. Post a DNAT Rule Set on a vShield Edge
Request:
POST <vshield_manager-uri>/api/1.0/network/<portgroup-moid>/dnat/rules
<VShieldEdgeConfig>
<NATConfig>
<NATRule>
<protocol>tcp|udp|icmp|any</protocol>
<internalIpAddress>see_below</internalIpAddress>
<internalPort>see_below</internalPort>
<externalIpAddress>see_below</externalIpAddress>
<externalPort>see_below</externalPort>
</NATRule>
</NATConfig>
</VShieldEdgeConfig>
32 VMware, Inc.