Skip to content

Parameter --source-addresses is not optional for a NatRule #26336

Open
Open
Parameter --source-addresses is not optional for a NatRule#26336
Assignees
necusjz
Labels
Auto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamNetworkaz network vnet/lb/nic/dns/etc...act-quality-productivity-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.feature-request
Milestone
Backlog
@AndrewBryson

Description

@AndrewBryson
AndrewBryson
opened on May 4, 2023

The parameter --source-addresses is not optional for NatRule, without it az network firewall policy rule-collection-group collection rule add command will fails with:

Operation returned an invalid status 'Bad Request'

Example failing command:

$ az network firewall policy rule-collection-group collection rule add \
>     -g $RG \
>     --policy-name fw-policy \
>     --collection-name nat_collection \
>     --rcg-name collection-1 \
>     --name port-8082-to-spoke1-web-server \
>     --rule-type NatRule \
>     --description "port-8082-to-spoke1-web-server" \
>     --destination-addresses "$fwpublicaddr" \
>     --destination-ports 8082 \
>     --translated-address "10.1.10.4" \
>     --translated-port 80 \
>     --ip-protocols TCP
Command group 'network firewall policy rule-collection-group collection rule' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Operation returned an invalid status 'Bad Request'

Example working command:

$ az network firewall policy rule-collection-group collection rule add \
>     -g $RG \
>     --policy-name fw-policy \
>     --collection-name nat_collection \
>     --rcg-name collection-1 \
>     --name port-8082-to-spoke1-web-server \
>     --rule-type NatRule \
>     --source-addresses "*" \
>     --description "port-8082-to-spoke1-web-server" \
>     --destination-addresses "$fwpublicaddr" \
>     --destination-ports 8082 \
>     --translated-address "10.1.10.4" \
>     --translated-port 80 \
>     --ip-protocols TCP
Command group 'network firewall policy rule-collection-group collection rule' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstCommand group 'network firewall policy rule-collection-group collection rule' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
{
  "etag": "953489d1-2b14-48f4-adfb-319c61f808e7",

... snipped ...

"type": "Microsoft.Network/FirewallPolicies/RuleCollectionGroups"
}

Please consider:

  1. Improving the documentation.
  2. Improving command validation and error messages returned to the client to avoid unhelpful "Bad request" messages.
  3. Adding several command examples for the various rule types.

Thanks!

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

Metadata

Metadata

Assignees

Labels

Auto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamNetworkaz network vnet/lb/nic/dns/etc...act-quality-productivity-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.feature-request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions