vcd 3.14.1, Apr 14 25

vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware

vcd.NsxtNatRule

Explore with Pulumi AI

vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware

Create NsxtNatRule Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new NsxtNatRule(name: string, args: NsxtNatRuleArgs, opts?: CustomResourceOptions);

@overload
def NsxtNatRule(resource_name: str,
                args: NsxtNatRuleArgs,
                opts: Optional[ResourceOptions] = None)

@overload
def NsxtNatRule(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                edge_gateway_id: Optional[str] = None,
                rule_type: Optional[str] = None,
                logging: Optional[bool] = None,
                name: Optional[str] = None,
                enabled: Optional[bool] = None,
                external_address: Optional[str] = None,
                firewall_match: Optional[str] = None,
                internal_address: Optional[str] = None,
                app_port_profile_id: Optional[str] = None,
                dnat_external_port: Optional[str] = None,
                nsxt_nat_rule_id: Optional[str] = None,
                org: Optional[str] = None,
                priority: Optional[float] = None,
                description: Optional[str] = None,
                snat_destination_address: Optional[str] = None,
                vdc: Optional[str] = None)

func NewNsxtNatRule(ctx *Context, name string, args NsxtNatRuleArgs, opts ...ResourceOption) (*NsxtNatRule, error)

public NsxtNatRule(string name, NsxtNatRuleArgs args, CustomResourceOptions? opts = null)

public NsxtNatRule(String name, NsxtNatRuleArgs args)
public NsxtNatRule(String name, NsxtNatRuleArgs args, CustomResourceOptions options)

type: vcd:NsxtNatRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args NsxtNatRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args NsxtNatRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args NsxtNatRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NsxtNatRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args NsxtNatRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var nsxtNatRuleResource = new Vcd.NsxtNatRule("nsxtNatRuleResource", new()
{
    EdgeGatewayId = "string",
    RuleType = "string",
    Logging = false,
    Name = "string",
    Enabled = false,
    ExternalAddress = "string",
    FirewallMatch = "string",
    InternalAddress = "string",
    AppPortProfileId = "string",
    DnatExternalPort = "string",
    NsxtNatRuleId = "string",
    Org = "string",
    Priority = 0,
    Description = "string",
    SnatDestinationAddress = "string",
});

example, err := vcd.NewNsxtNatRule(ctx, "nsxtNatRuleResource", &vcd.NsxtNatRuleArgs{
	EdgeGatewayId:          pulumi.String("string"),
	RuleType:               pulumi.String("string"),
	Logging:                pulumi.Bool(false),
	Name:                   pulumi.String("string"),
	Enabled:                pulumi.Bool(false),
	ExternalAddress:        pulumi.String("string"),
	FirewallMatch:          pulumi.String("string"),
	InternalAddress:        pulumi.String("string"),
	AppPortProfileId:       pulumi.String("string"),
	DnatExternalPort:       pulumi.String("string"),
	NsxtNatRuleId:          pulumi.String("string"),
	Org:                    pulumi.String("string"),
	Priority:               pulumi.Float64(0),
	Description:            pulumi.String("string"),
	SnatDestinationAddress: pulumi.String("string"),
})

var nsxtNatRuleResource = new NsxtNatRule("nsxtNatRuleResource", NsxtNatRuleArgs.builder()
    .edgeGatewayId("string")
    .ruleType("string")
    .logging(false)
    .name("string")
    .enabled(false)
    .externalAddress("string")
    .firewallMatch("string")
    .internalAddress("string")
    .appPortProfileId("string")
    .dnatExternalPort("string")
    .nsxtNatRuleId("string")
    .org("string")
    .priority(0)
    .description("string")
    .snatDestinationAddress("string")
    .build());

nsxt_nat_rule_resource = vcd.NsxtNatRule("nsxtNatRuleResource",
    edge_gateway_id="string",
    rule_type="string",
    logging=False,
    name="string",
    enabled=False,
    external_address="string",
    firewall_match="string",
    internal_address="string",
    app_port_profile_id="string",
    dnat_external_port="string",
    nsxt_nat_rule_id="string",
    org="string",
    priority=0,
    description="string",
    snat_destination_address="string")

const nsxtNatRuleResource = new vcd.NsxtNatRule("nsxtNatRuleResource", {
    edgeGatewayId: "string",
    ruleType: "string",
    logging: false,
    name: "string",
    enabled: false,
    externalAddress: "string",
    firewallMatch: "string",
    internalAddress: "string",
    appPortProfileId: "string",
    dnatExternalPort: "string",
    nsxtNatRuleId: "string",
    org: "string",
    priority: 0,
    description: "string",
    snatDestinationAddress: "string",
});

type: vcd:NsxtNatRule
properties:
    appPortProfileId: string
    description: string
    dnatExternalPort: string
    edgeGatewayId: string
    enabled: false
    externalAddress: string
    firewallMatch: string
    internalAddress: string
    logging: false
    name: string
    nsxtNatRuleId: string
    org: string
    priority: 0
    ruleType: string
    snatDestinationAddress: string

NsxtNatRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The NsxtNatRule resource accepts the following input properties:

EdgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

RuleType string

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

AppPortProfileId string

Application Port Profile to which to apply the rule. The Application Port Profile includes a port, and a protocol that the incoming traffic uses on the edge gateway to connect to the internal network. Can be looked up using vcd.NsxtAppPortProfile data source or created using vcd.NsxtAppPortProfile resource

Description string

An optional description of the NAT rule

DnatExternalPort string

For DNAT only. This represents the external port number or port range when doing DNAT port forwarding from external to internal. The default dnatExternalPort is “ANY” meaning traffic on any port for the given IPs selected will be translated.

Enabled bool

Enables or disables NAT rule (default true)

ExternalAddress string

The external address for the NAT Rule. This must be supplied as a single IP or Network CIDR. For a DNAT rule, this is the external facing IP Address for incoming traffic. For an SNAT rule, this is the external facing IP Address for outgoing traffic. These IPs are typically allocated/suballocated IP Addresses on the Edge Gateway. For a REFLEXIVE rule, these are the external facing IPs.

FirewallMatch string

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

InternalAddress string

The internal address for the NAT Rule. This must be supplied as a single IP or Network CIDR. For a DNAT rule, this is the internal IP address for incoming traffic. For an SNAT rule, this is the internal IP Address for outgoing traffic. For a REFLEXIVE rule, these are the internal IPs. These IPs are typically the Private IPs that are allocated to workloads.

Logging bool

Enable to have the address translation performed by this rule logged (default false). Note User might lack rights (Organization Administrator role by default is missing Gateway > Configure System Logging right) to enable logging, but API does not return error and it is not possible to validate it. pulumi preview might show difference on every update.

Name string

A name for NAT rule

NsxtNatRuleId string

Org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

Priority double

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

SnatDestinationAddress string

For SNAT only. The destination addresses to match in the SNAT Rule. This must be supplied as a single IP or Network CIDR. Providing no value for this field results in match with ANY destination network.

Vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

EdgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

RuleType string

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

AppPortProfileId string

Description string

An optional description of the NAT rule

DnatExternalPort string

Enabled bool

Enables or disables NAT rule (default true)

ExternalAddress string

FirewallMatch string

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

InternalAddress string

Logging bool

Name string

A name for NAT rule

NsxtNatRuleId string

Org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

Priority float64

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

SnatDestinationAddress string

Vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

edgeGatewayId String

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

ruleType String

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

appPortProfileId String

description String

An optional description of the NAT rule

dnatExternalPort String

enabled Boolean

Enables or disables NAT rule (default true)

externalAddress String

firewallMatch String

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

internalAddress String

logging Boolean

name String

A name for NAT rule

nsxtNatRuleId String

org String

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

priority Double

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

snatDestinationAddress String

vdc String

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

edgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

ruleType string

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

appPortProfileId string

description string

An optional description of the NAT rule

dnatExternalPort string

enabled boolean

Enables or disables NAT rule (default true)

externalAddress string

firewallMatch string

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

internalAddress string

logging boolean

name string

A name for NAT rule

nsxtNatRuleId string

org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

priority number

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

snatDestinationAddress string

vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

edge_gateway_id str

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

rule_type str

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

app_port_profile_id str

description str

An optional description of the NAT rule

dnat_external_port str

enabled bool

Enables or disables NAT rule (default true)

external_address str

firewall_match str

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

internal_address str

logging bool

name str

A name for NAT rule

nsxt_nat_rule_id str

org str

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

priority float

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

snat_destination_address str

vdc str

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

edgeGatewayId String

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

ruleType String

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

appPortProfileId String

description String

An optional description of the NAT rule

dnatExternalPort String

enabled Boolean

Enables or disables NAT rule (default true)

externalAddress String

firewallMatch String

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

internalAddress String

logging Boolean

name String

A name for NAT rule

nsxtNatRuleId String

org String

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

priority Number

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

snatDestinationAddress String

vdc String

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

Outputs

All input properties are implicitly available as output properties. Additionally, the NsxtNatRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing NsxtNatRule Resource

Get an existing NsxtNatRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NsxtNatRuleState, opts?: CustomResourceOptions): NsxtNatRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        app_port_profile_id: Optional[str] = None,
        description: Optional[str] = None,
        dnat_external_port: Optional[str] = None,
        edge_gateway_id: Optional[str] = None,
        enabled: Optional[bool] = None,
        external_address: Optional[str] = None,
        firewall_match: Optional[str] = None,
        internal_address: Optional[str] = None,
        logging: Optional[bool] = None,
        name: Optional[str] = None,
        nsxt_nat_rule_id: Optional[str] = None,
        org: Optional[str] = None,
        priority: Optional[float] = None,
        rule_type: Optional[str] = None,
        snat_destination_address: Optional[str] = None,
        vdc: Optional[str] = None) -> NsxtNatRule

func GetNsxtNatRule(ctx *Context, name string, id IDInput, state *NsxtNatRuleState, opts ...ResourceOption) (*NsxtNatRule, error)

public static NsxtNatRule Get(string name, Input<string> id, NsxtNatRuleState? state, CustomResourceOptions? opts = null)

public static NsxtNatRule get(String name, Output<String> id, NsxtNatRuleState state, CustomResourceOptions options)

resources:  _:    type: vcd:NsxtNatRule    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AppPortProfileId string

Description string

An optional description of the NAT rule

DnatExternalPort string

EdgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

Enabled bool

Enables or disables NAT rule (default true)

ExternalAddress string

FirewallMatch string

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

InternalAddress string

Logging bool

Name string

A name for NAT rule

NsxtNatRuleId string

Org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

Priority double

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

RuleType string

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

SnatDestinationAddress string

Vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

AppPortProfileId string

Description string

An optional description of the NAT rule

DnatExternalPort string

EdgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

Enabled bool

Enables or disables NAT rule (default true)

ExternalAddress string

FirewallMatch string

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

InternalAddress string

Logging bool

Name string

A name for NAT rule

NsxtNatRuleId string

Org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

Priority float64

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

RuleType string

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

SnatDestinationAddress string

Vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

appPortProfileId String

description String

An optional description of the NAT rule

dnatExternalPort String

edgeGatewayId String

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

enabled Boolean

Enables or disables NAT rule (default true)

externalAddress String

firewallMatch String

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

internalAddress String

logging Boolean

name String

A name for NAT rule

nsxtNatRuleId String

org String

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

priority Double

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

ruleType String

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

snatDestinationAddress String

vdc String

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

appPortProfileId string

description string

An optional description of the NAT rule

dnatExternalPort string

edgeGatewayId string

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

enabled boolean

Enables or disables NAT rule (default true)

externalAddress string

firewallMatch string

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

internalAddress string

logging boolean

name string

A name for NAT rule

nsxtNatRuleId string

org string

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

priority number

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

ruleType string

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

snatDestinationAddress string

vdc string

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

app_port_profile_id str

description str

An optional description of the NAT rule

dnat_external_port str

edge_gateway_id str

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

enabled bool

Enables or disables NAT rule (default true)

external_address str

firewall_match str

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

internal_address str

logging bool

name str

A name for NAT rule

nsxt_nat_rule_id str

org str

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

priority float

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

rule_type str

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

snat_destination_address str

vdc str

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

appPortProfileId String

description String

An optional description of the NAT rule

dnatExternalPort String

edgeGatewayId String

The ID of the Edge Gateway (NSX-T only). Can be looked up using vcd.NsxtEdgegateway data source

enabled Boolean

Enables or disables NAT rule (default true)

externalAddress String

firewallMatch String

You can set a firewall match rule to determine how firewall is applied during NAT. One of MATCH_INTERNAL_ADDRESS, MATCH_EXTERNAL_ADDRESS, BYPASS

MATCH_INTERNAL_ADDRESS - applies firewall rules to the internal address of a NAT rule
MATCH_EXTERNAL_ADDRESS - applies firewall rules to the external address of a NAT rule
BYPASS - skip applying firewall rules to NAT rule

internalAddress String

logging Boolean

name String

A name for NAT rule

nsxtNatRuleId String

org String

The name of organization to use, optional if defined at provider level. Useful when connected as sysadmin working across different organisations.

priority Number

if an address has multiple NAT rules, you can assign these rules different priorities to determine the order in which they are applied. A lower value means a higher priority for this rule.

ruleType String

One of DNAT, NO_DNAT, SNAT, NO_SNAT, REFLEXIVE

DNAT rule translates the external IP to an internal IP and is used for inbound traffic
NO_DNAT prevents external IP translation
SNAT translates an internal IP to an external IP and is used for outbound traffic
NO_SNAT prevents internal IP translation
REFLEXIVE (VCD 10.3+) is also known as Stateless NAT. This translates an internal IP to an external IP and vice versa. The number of internal addresses should be exactly the same as that of external addresses.

snatDestinationAddress String

vdc String

The name of VDC to use, optional if defined at provider level

Deprecated: Deprecated

Package Details

Repository: vcd vmware/terraform-provider-vcd
License
Notes: This Pulumi package is based on the vcd Terraform Provider.

vcd 3.14.1 published on Monday, Apr 14, 2025 by vmware

vmware/terraform-provider-vcd

vcd.NsxtNatRule

On this page

On this page

Create NsxtNatRule Resource

Constructor syntax

Parameters

Constructor example

NsxtNatRule Resource Properties

Inputs

Outputs

Look up Existing NsxtNatRule Resource

Package Details

On this page

On this page