If you missed the pre-registration for NetApp MS Azure AD B2C, the new login prompt will offer the option to register. Please note that access to your NetApp data may take up to 1 hour.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

Active IQ Unified Manager Discussions

Differences between executing powershell toolkit command in WFA and in powershell CLI

kiessl

Hi,

 

when I execute the following command at powershell CLI it runs without problems:

 

           new-ncnetfirewallpolicy -vserver vs0 -Name test1 -Service dns -AllowAddress 1.1.1.1/32,1.1.1.2/32

 

When I execute this command within a WFA command it returns the following error:

 

         Invalid value specified for "allow-list" element within "net-firewall-policy-create": "1.1.1.1/32,1.1.1.2/32"

 

Can anyone help me with this?

 

Best Regards

Walter

1 ACCEPTED SOLUTION

sinhaa

The reason for this error is that -AllowAddess accepts an array if strings. Look at the Get-Help syntax of the cmdlet

 

PS H:\> Get-help New-NcNetFirewallPolicy

NAME
New-NcNetFirewallPolicy

SYNOPSIS
Create a new firewall policy.


SYNTAX
New-NcNetFirewallPolicy [-Name] <String> [-Vserver] <String> [-Service] <String> [-AllowAddress]
<String[]> [-Controller <NcController[]>] [-ZapiRetryCount <Int32>] [<CommonParameters>]


DESCRIPTION
Create a new firewall policy.

 

 

---

 

So when you put the AllowAddress i quotes, they are treated as a string. When you put nothing, Powershell can ideantify the comma seperated values as an array of strings.

 

You could have used

====

 

$allowAddress= @("1.1.1.1/32","1.1.1.1/32")

New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress $allowAddress

 

===

 

And there is NO difference between running a cmdlet in Powershell console CLI or in WFA comamnd except the latter runs in non-ineractive mode. That's all

 

sinhaa

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

4 REPLIES 4

sinhaa

Walter,

 

 

 

I tried the below code and got the same error:

 

 

===Code failed===

 

Connect-WfaCluster "1.2.3.4"
New-NcNetFirewallPolicy -Vserver vs1 -Name test2 -Service dns -AllowAddress "1.1.1.1/32,1.1.1.1/32"

 

===

 

Th problem is using quotes for AllowAddress

 

Use the below code and it will work

 

I tried the the below code in a WFA command and it woked for me. I didn't use double quotes for dns-allowAddress. Single quotes also produce the same error. So avoid both.

 

===Code Passed ===

 

Connect-WfaCluster "1.2.3.4"
New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress 1.1.1.1/32,1.1.1.1/32

 

===

 

 

sinhaa

 

 

 

 

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

sinhaa

The reason for this error is that -AllowAddess accepts an array if strings. Look at the Get-Help syntax of the cmdlet

 

PS H:\> Get-help New-NcNetFirewallPolicy

NAME
New-NcNetFirewallPolicy

SYNOPSIS
Create a new firewall policy.


SYNTAX
New-NcNetFirewallPolicy [-Name] <String> [-Vserver] <String> [-Service] <String> [-AllowAddress]
<String[]> [-Controller <NcController[]>] [-ZapiRetryCount <Int32>] [<CommonParameters>]


DESCRIPTION
Create a new firewall policy.

 

 

---

 

So when you put the AllowAddress i quotes, they are treated as a string. When you put nothing, Powershell can ideantify the comma seperated values as an array of strings.

 

You could have used

====

 

$allowAddress= @("1.1.1.1/32","1.1.1.1/32")

New-NcNetFirewallPolicy -Vserver vs1 -Name test3 -Service dns -AllowAddress $allowAddress

 

===

 

And there is NO difference between running a cmdlet in Powershell console CLI or in WFA comamnd except the latter runs in non-ineractive mode. That's all

 

sinhaa

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

kiessl

This does the trick. Thanks sinhaa

mbeattie

Hi Walter,

 

I'm not sure why the CmdLet isn't working in WFA however you can use the "Invoke-NcSsh" CmdLet to execute a CLI command from WFA as a workaround.

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public