Active IQ Unified Manager Discussions
when I execute the following command at powershell CLI it runs without problems:
new-ncnetfirewallpolicy -vserver vs0 -Name test1 -Service dns -AllowAddress 188.8.131.52/32,184.108.40.206/32
When I execute this command within a WFA command it returns the following error:
Invalid value specified for "allow-list" element within "net-firewall-policy-create": "220.127.116.11/32,18.104.22.168/32"
Can anyone help me with this?
See The Solution
The reason for this error is that -AllowAddess accepts an array if strings. Look at the Get-Help syntax of the cmdlet
PS H:\> Get-help New-NcNetFirewallPolicy
NAMENew-NcNetFirewallPolicySYNOPSISCreate a new firewall policy.SYNTAXNew-NcNetFirewallPolicy [-Name] <String> [-Vserver] <String> [-Service] <String> [-AllowAddress] <String> [-Controller <NcController>] [-ZapiRetryCount <Int32>] [<CommonParameters>]DESCRIPTIONCreate a new firewall policy.
So when you put the AllowAddress i quotes, they are treated as a string. When you put nothing, Powershell can ideantify the comma seperated values as an array of strings.
You could have used
New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress $allowAddress
And there is NO difference between running a cmdlet in Powershell console CLI or in WFA comamnd except the latter runs in non-ineractive mode. That's all
View solution in original post
I'm not sure why the CmdLet isn't working in WFA however you can use the "Invoke-NcSsh" CmdLet to execute a CLI command from WFA as a workaround.
I tried the below code and got the same error:
Connect-WfaCluster "22.214.171.124"New-NcNetFirewallPolicy -Vserver vs1 -Name test2 -Service dns -AllowAddress "126.96.36.199/32,188.8.131.52/32"
Th problem is using quotes for AllowAddress
Use the below code and it will work
I tried the the below code in a WFA command and it woked for me. I didn't use double quotes for dns-allowAddress. Single quotes also produce the same error. So avoid both.
===Code Passed ===
Connect-WfaCluster "184.108.40.206"New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress 220.127.116.11/32,18.104.22.168/32
This does the trick. Thanks sinhaa
The Insights to Actions Community is back with a new look! Click here to learn how to get started.
The NetApp Support Site continues to win, 6 years in a row!
Join our Discord Community