Active IQ Unified Manager Discussions

Differences between executing powershell toolkit command in WFA and in powershell CLI

kiessl
3,430 Views

Hi,

 

when I execute the following command at powershell CLI it runs without problems:

 

           new-ncnetfirewallpolicy -vserver vs0 -Name test1 -Service dns -AllowAddress 1.1.1.1/32,1.1.1.2/32

 

When I execute this command within a WFA command it returns the following error:

 

         Invalid value specified for "allow-list" element within "net-firewall-policy-create": "1.1.1.1/32,1.1.1.2/32"

 

Can anyone help me with this?

 

Best Regards

Walter

1 ACCEPTED SOLUTION

sinhaa
3,350 Views

The reason for this error is that -AllowAddess accepts an array if strings. Look at the Get-Help syntax of the cmdlet

 

PS H:\> Get-help New-NcNetFirewallPolicy

NAME
New-NcNetFirewallPolicy

SYNOPSIS
Create a new firewall policy.


SYNTAX
New-NcNetFirewallPolicy [-Name] <String> [-Vserver] <String> [-Service] <String> [-AllowAddress]
<String[]> [-Controller <NcController[]>] [-ZapiRetryCount <Int32>] [<CommonParameters>]


DESCRIPTION
Create a new firewall policy.

 

 

---

 

So when you put the AllowAddress i quotes, they are treated as a string. When you put nothing, Powershell can ideantify the comma seperated values as an array of strings.

 

You could have used

====

 

$allowAddress= @("1.1.1.1/32","1.1.1.1/32")

New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress $allowAddress

 

===

 

And there is NO difference between running a cmdlet in Powershell console CLI or in WFA comamnd except the latter runs in non-ineractive mode. That's all

 

sinhaa

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

4 REPLIES 4

mbeattie
3,428 Views

Hi Walter,

 

I'm not sure why the CmdLet isn't working in WFA however you can use the "Invoke-NcSsh" CmdLet to execute a CLI command from WFA as a workaround.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

sinhaa
3,400 Views

Walter,

 

 

 

I tried the below code and got the same error:

 

 

===Code failed===

 

Connect-WfaCluster "1.2.3.4"
New-NcNetFirewallPolicy -Vserver vs1 -Name test2 -Service dns -AllowAddress "1.1.1.1/32,1.1.1.1/32"

 

===

 

Th problem is using quotes for AllowAddress

 

Use the below code and it will work

 

I tried the the below code in a WFA command and it woked for me. I didn't use double quotes for dns-allowAddress. Single quotes also produce the same error. So avoid both.

 

===Code Passed ===

 

Connect-WfaCluster "1.2.3.4"
New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress 1.1.1.1/32,1.1.1.1/32

 

===

 

 

sinhaa

 

 

 

 

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

sinhaa
3,351 Views

The reason for this error is that -AllowAddess accepts an array if strings. Look at the Get-Help syntax of the cmdlet

 

PS H:\> Get-help New-NcNetFirewallPolicy

NAME
New-NcNetFirewallPolicy

SYNOPSIS
Create a new firewall policy.


SYNTAX
New-NcNetFirewallPolicy [-Name] <String> [-Vserver] <String> [-Service] <String> [-AllowAddress]
<String[]> [-Controller <NcController[]>] [-ZapiRetryCount <Int32>] [<CommonParameters>]


DESCRIPTION
Create a new firewall policy.

 

 

---

 

So when you put the AllowAddress i quotes, they are treated as a string. When you put nothing, Powershell can ideantify the comma seperated values as an array of strings.

 

You could have used

====

 

$allowAddress= @("1.1.1.1/32","1.1.1.1/32")

New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress $allowAddress

 

===

 

And there is NO difference between running a cmdlet in Powershell console CLI or in WFA comamnd except the latter runs in non-ineractive mode. That's all

 

sinhaa

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

kiessl
3,328 Views

This does the trick. Thanks sinhaa

Public