Solved: Differences between executing powershell toolkit command in WFA and in powershell CLI

kiessl · ‎2016-01-15

Hi,

when I execute the following command at powershell CLI it runs without problems:

new-ncnetfirewallpolicy -vserver vs0 -Name test1 -Service dns -AllowAddress 1.1.1.1/32,1.1.1.2/32

When I execute this command within a WFA command it returns the following error:

Invalid value specified for "allow-list" element within "net-firewall-policy-create": "1.1.1.1/32,1.1.1.2/32"

Can anyone help me with this?

Best Regards

Walter

sinhaa · ‎2016-01-18

The reason for this error is that -AllowAddess accepts an array if strings. Look at the Get-Help syntax of the cmdlet

PS H:\> Get-help New-NcNetFirewallPolicy

NAME
New-NcNetFirewallPolicy

SYNOPSIS
Create a new firewall policy.

SYNTAX
New-NcNetFirewallPolicy [-Name] <String> [-Vserver] <String> [-Service] <String> [-AllowAddress]
<String[]> [-Controller <NcController[]>] [-ZapiRetryCount <Int32>] [<CommonParameters>]

DESCRIPTION
Create a new firewall policy.

---

So when you put the AllowAddress i quotes, they are treated as a string. When you put nothing, Powershell can ideantify the comma seperated values as an array of strings.

You could have used

====

$allowAddress= @("1.1.1.1/32","1.1.1.1/32")

New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress $allowAddress

===

And there is NO difference between running a cmdlet in Powershell console CLI or in WFA comamnd except the latter runs in non-ineractive mode. That's all

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

mbeattie · ‎2016-01-15

Hi Walter,

I'm not sure why the CmdLet isn't working in WFA however you can use the "Invoke-NcSsh" CmdLet to execute a CLI command from WFA as a workaround.

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

sinhaa · ‎2016-01-15

Walter,

I tried the below code and got the same error:

===Code failed===

Connect-WfaCluster "1.2.3.4"
New-NcNetFirewallPolicy -Vserver vs1 -Name test2 -Service dns -AllowAddress "1.1.1.1/32,1.1.1.1/32"

===

Th problem is using quotes for AllowAddress

Use the below code and it will work

I tried the the below code in a WFA command and it woked for me. I didn't use double quotes for dns-allowAddress. Single quotes also produce the same error. So avoid both.

===Code Passed ===

Connect-WfaCluster "1.2.3.4"
New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress 1.1.1.1/32,1.1.1.1/32

===

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

sinhaa · ‎2016-01-18

The reason for this error is that -AllowAddess accepts an array if strings. Look at the Get-Help syntax of the cmdlet

PS H:\> Get-help New-NcNetFirewallPolicy

NAME
New-NcNetFirewallPolicy

SYNOPSIS
Create a new firewall policy.

SYNTAX
New-NcNetFirewallPolicy [-Name] <String> [-Vserver] <String> [-Service] <String> [-AllowAddress]
<String[]> [-Controller <NcController[]>] [-ZapiRetryCount <Int32>] [<CommonParameters>]

DESCRIPTION
Create a new firewall policy.

---

So when you put the AllowAddress i quotes, they are treated as a string. When you put nothing, Powershell can ideantify the comma seperated values as an array of strings.

You could have used

====

$allowAddress= @("1.1.1.1/32","1.1.1.1/32")

New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress $allowAddress

===

And there is NO difference between running a cmdlet in Powershell console CLI or in WFA comamnd except the latter runs in non-ineractive mode. That's all

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

kiessl · ‎2016-01-18

This does the trick. Thanks sinhaa