Active IQ Unified Manager Discussions

Differences between executing powershell toolkit command in WFA and in powershell CLI

kiessl

Hi,

 

when I execute the following command at powershell CLI it runs without problems:

 

           new-ncnetfirewallpolicy -vserver vs0 -Name test1 -Service dns -AllowAddress 1.1.1.1/32,1.1.1.2/32

 

When I execute this command within a WFA command it returns the following error:

 

         Invalid value specified for "allow-list" element within "net-firewall-policy-create": "1.1.1.1/32,1.1.1.2/32"

 

Can anyone help me with this?

 

Best Regards

Walter

4 REPLIES 4

Re: Differences between executing powershell toolkit command in WFA and in powershell CLI

mbeattie

Hi Walter,

 

I'm not sure why the CmdLet isn't working in WFA however you can use the "Invoke-NcSsh" CmdLet to execute a CLI command from WFA as a workaround.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: Differences between executing powershell toolkit command in WFA and in powershell CLI

sinhaa

Walter,

 

 

 

I tried the below code and got the same error:

 

 

===Code failed===

 

Connect-WfaCluster "1.2.3.4"
New-NcNetFirewallPolicy -Vserver vs1 -Name test2 -Service dns -AllowAddress "1.1.1.1/32,1.1.1.1/32"

 

===

 

Th problem is using quotes for AllowAddress

 

Use the below code and it will work

 

I tried the the below code in a WFA command and it woked for me. I didn't use double quotes for dns-allowAddress. Single quotes also produce the same error. So avoid both.

 

===Code Passed ===

 

Connect-WfaCluster "1.2.3.4"
New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress 1.1.1.1/32,1.1.1.1/32

 

===

 

 

sinhaa

 

 

 

 

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: Differences between executing powershell toolkit command in WFA and in powershell CLI

sinhaa

The reason for this error is that -AllowAddess accepts an array if strings. Look at the Get-Help syntax of the cmdlet

 

PS H:\> Get-help New-NcNetFirewallPolicy

NAME
New-NcNetFirewallPolicy

SYNOPSIS
Create a new firewall policy.


SYNTAX
New-NcNetFirewallPolicy [-Name] <String> [-Vserver] <String> [-Service] <String> [-AllowAddress]
<String[]> [-Controller <NcController[]>] [-ZapiRetryCount <Int32>] [<CommonParameters>]


DESCRIPTION
Create a new firewall policy.

 

 

---

 

So when you put the AllowAddress i quotes, they are treated as a string. When you put nothing, Powershell can ideantify the comma seperated values as an array of strings.

 

You could have used

====

 

$allowAddress= @("1.1.1.1/32","1.1.1.1/32")

New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress $allowAddress

 

===

 

And there is NO difference between running a cmdlet in Powershell console CLI or in WFA comamnd except the latter runs in non-ineractive mode. That's all

 

sinhaa

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

Re: Differences between executing powershell toolkit command in WFA and in powershell CLI

kiessl

This does the trick. Thanks sinhaa

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums
Public