Active IQ Unified Manager Discussions
when I execute the following command at powershell CLI it runs without problems:
new-ncnetfirewallpolicy -vserver vs0 -Name test1 -Service dns -AllowAddress 22.214.171.124/32,126.96.36.199/32
When I execute this command within a WFA command it returns the following error:
Invalid value specified for "allow-list" element within "net-firewall-policy-create": "188.8.131.52/32,184.108.40.206/32"
Can anyone help me with this?
See The Solution
The reason for this error is that -AllowAddess accepts an array if strings. Look at the Get-Help syntax of the cmdlet
PS H:\> Get-help New-NcNetFirewallPolicy
NAMENew-NcNetFirewallPolicySYNOPSISCreate a new firewall policy.SYNTAXNew-NcNetFirewallPolicy [-Name] <String> [-Vserver] <String> [-Service] <String> [-AllowAddress] <String> [-Controller <NcController>] [-ZapiRetryCount <Int32>] [<CommonParameters>]DESCRIPTIONCreate a new firewall policy.
So when you put the AllowAddress i quotes, they are treated as a string. When you put nothing, Powershell can ideantify the comma seperated values as an array of strings.
You could have used
New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress $allowAddress
And there is NO difference between running a cmdlet in Powershell console CLI or in WFA comamnd except the latter runs in non-ineractive mode. That's all
View solution in original post
I'm not sure why the CmdLet isn't working in WFA however you can use the "Invoke-NcSsh" CmdLet to execute a CLI command from WFA as a workaround.
I tried the below code and got the same error:
Connect-WfaCluster "220.127.116.11"New-NcNetFirewallPolicy -Vserver vs1 -Name test2 -Service dns -AllowAddress "18.104.22.168/32,22.214.171.124/32"
Th problem is using quotes for AllowAddress
Use the below code and it will work
I tried the the below code in a WFA command and it woked for me. I didn't use double quotes for dns-allowAddress. Single quotes also produce the same error. So avoid both.
===Code Passed ===
Connect-WfaCluster "126.96.36.199"New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress 188.8.131.52/32,184.108.40.206/32
This does the trick. Thanks sinhaa
Join our Discord Community