Policy > Networking > Network Services > NAT > Rules > Tier-1 Gateways

Create or update a Nat Rule

If a NAT Rule is not already present on Tier-1 denoted by Tier-1 ID,
under NAT section denoted by <nat-id>, create a new NAT Rule.
If it already exists, update the NAT Rule.
Under tier-1 there will be 3 different NATs(sections).
(INTERNAL, USER and DEFAULT)
For more details related to NAT section please refer to PolicyNAT schema.
Note:
IPSecVpnSession as Scope: Please note that old IPSecVpnSession policy path deprecated. If user specifiy old IPSecVpnSession path in the
scope property, the path returned in the GET response payload will be a new path instead of the deprecated IPSecVpnSession path
Both old and new IPSecVpnSession path refer to same resource. there is no functional impact.
This API is available when using VMware Cloud (AWS, Dell-EMC, Outpost, Hyperscalers) or VMware NSX-T.

Request:

Method:
PATCH
URI Path(s):
/policy/api/v1/infra/tier-1s/<tier-1-id>/nat/<nat-id>/nat-rules/<nat-rule-id>
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
PolicyNatRule+

Example Request:

PATCH https://<policy-mgr>/policy/api/v1/infra/tier-1s/vmc_network-demo/nat/USER/nat-rules/MyNATRuleDemo { "display_name" : "MyNATRuleDemo", "description" : "Example of a NAT rule", "action" : "DNAT", "destination_network" : "10.117.5.19", "service": "/infra/services/AD_Server", "translated_network" : "192.168.1.1", "translated_ports" : "80-82", "sequence_number" : 10, "enabled" : true, "logging" : false, "firewall_match" : "MATCH_EXTERNAL_ADDRESS", "scope" : ["infra/tier-0s/tier-0-vmc/interfaces/internet"], "_revision" : 0 }

Successful Response:

Response Code:
200 OK
Response Headers:
n/a
Response Body:
n/a

Required Permissions:

crud

Feature:

policy_nat_rules

Additional Errors: