Creates a NAT firewall.
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Lang |
string |
No |
The language of the response. Valid values:
|
zh |
| ProxyName |
string |
Yes |
The name of the NAT firewall. The name must be 4 to 50 characters in length. It can contain letters, digits, Chinese characters, and underscores (_). The name cannot start with an underscore (_). |
nat-防火墙名称 |
| RegionNo |
string |
Yes |
The region ID of the VPC. Note
For more information about the regions where Cloud Firewall is available, see Supported regions. |
cn-hangzhou |
| VpcId |
string |
Yes |
The ID of the VPC instance. |
vpc-uf6b5lyul0x****** |
| NatGatewayId |
string |
Yes |
The ID of the NAT Gateway. |
ngw-bp1okz6k7****** |
| VswitchAuto |
string |
No |
Specifies whether to use the automatic vSwitch selection feature. Valid values:
|
true |
| VswitchId |
string |
No |
The ID of the vSwitch. This parameter is required if you use the manual vSwitch selection feature. |
vsw-bp1sqg9w****** |
| NatRouteEntryList |
array<object> |
Yes |
The list of routes of the NAT Gateway that you want to switch. |
|
|
object |
No |
A list of destination addresses that require security protection. |
||
| NextHopId |
string |
Yes |
The next hop of the original NAT Gateway. |
ngw-bp1okz6****** |
| DestinationCidr |
string |
Yes |
The destination CIDR block of the default route. |
0.0.0.0/0 |
| NextHopType |
string |
Yes |
The network type of the next hop. Set the value to NatGateway. |
NatGateway |
| RouteTableId |
string |
Yes |
The route table that contains the default route of the NAT Gateway. |
vtb-2ze1****** |
| FirewallSwitch |
string |
No |
The security protection switch. Valid values:
|
close |
| StrictMode |
integer |
No |
Specifies whether to enable strict mode.
|
0 |
| VswitchCidr |
string |
No |
The CIDR block of the vSwitch. This parameter is required if you use the automatic vSwitch selection feature. |
0.0.0.0/0 |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| ProxyId |
string |
The ID of the NAT firewall. |
proxy-nat97a****** |
| RequestId |
string |
The ID of the request. |
15FCCC52-1E23-57AE-B5EF-3E00A3****** |
Examples
Success response
JSON format
{
"ProxyId": "proxy-nat97a******",
"RequestId": "15FCCC52-1E23-57AE-B5EF-3E00A3******"
}Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | ErrorAliUid | Aliuid invalid. | The aliuid is invalid. |
| 400 | ErrorParamProxyNameError | proxy name invalid. | Invalid NAT firewall name. |
| 400 | ErrorRegionNoError | Region is error, please reselect | The specified region is invalid. Enter another value. |
| 400 | ErrorVpcIdError | Vpc ID invalid. | The VPC is incorrectly selected. Select another VPC. |
| 400 | ErrorDnatNotSupport | Secure proxy does not support DNAT entries. | NAT firewall does not support DNAT. |
| 400 | ErrorProxySnatIpEmpty | SNAT entry is empty. | SNAT entry is empty. |
| 400 | ErrorSnatIpQuotaExceed | The number of SNAT IP exceeds the specification. | The number of NAT Gateway EIPs exceeds the specifications supported by a single NAT firewall. |
| 400 | ErrorDBSelectError | A database select error occurred. | The error message returned because an internal error has occurred in querying the database. |
| 400 | ErrorDefaultRouteConflicts | Default route conflicts. | A default route already exists in the routing table bound to the selected switch. |
| 400 | ErrorUserCredentials | User credentials failed. | Unauthorized, not accessible, please first authorize firewall permissions. |
| 400 | ErrorVpcOpenApi | vpc open api failed | Failed to call the VPC API. |
| 400 | ErrorVswitchNotFound | vswitch not found | The vSwitch does not exist. Select another vSwitch. |
| 400 | ErrorProxyRouteEntryConflicts | Proxy custom route table Nat Gateway and Attachment route entry conflict. | The custom route table of the NAT gateway has a route entry with the next hop of NatGateway and Attachment. |
| 400 | ErrorVswitchNoAvailableCidr | No available CIDR to create a vswitch. | There is no free CIDR block in the VPC to create a VSwitch. |
| 400 | ErrorCidrFormat | Network segment CIDR format error, please select again | The format of the specified CIDR block is invalid. Enter another value. |
| 400 | ErrorInternal | internal error | An internal error occurred. |
| 400 | ErrorVswitchCidrNotInVpc | Vswitch CIDR address not in vpc. | The CIDR block address of the switch does not belong to the current VPC. |
| 400 | ErrorVswitchRouteConflict | vswitch route conflict. | The entered VSwitch CIDR block conflicts with the existing VSwitch CIDR block. |
| 400 | ErrorVswitchCidrIpNumNotEnough | No enough private proxy IP in vswitch cidr. | The firewall switch does not have enough private IP addresses. |
| 400 | ErrorRouteEntryNotFound | route entry not found. | The route entry does not exist. |
| 400 | ErrorUserNotFound | User not found | The user does not exist. |
| 400 | ErrorProxyVpcNotSupportAdvFeature | This vpc advanced feature is not supported. | The VPC contains ECS instances that do not support advanced features of VPC. |
| 400 | ErrorDBInsertError | A database insert error occurred. | An error occurred while performing an insert operation in the database. |
| 400 | ErrorProxyNumQuotaTop | Proxy num reaches maximum. | Insufficient quota. |
| 400 | ErrorProxyClusterNotAvailable | Can not find available cluster for nat firewall. | Failed to assign cluster for nat firewall. |
| 400 | ErrorDBTxError | A database transaction error occurred. | The error message returned because an internal error has occurred in the database transaction. |
| 400 | ErrorRecordLog | record operation log error. | Update operation log error. |
| 400 | ErrorBandwidthPenalty | Cloud Firewall bandwidth is being overused. | Cloud Firewall bandwidth is being overused. |
| 400 | ErrorGeneralInstanceSpecFull | Cloud Firewall instance specifications are full. | Cloud Firewall instance specifications are full. |
| 400 | ErrorNatVpnRouteEntryQuotaLimit | The number of VPN routes has reached the quota. | VPN route arrival specification limit |
| 400 | ErrorVpcRouteTableQuotaLimit | The number of VPC routing tables has reached the specification limit. | The number of VPC route tables reaches the maximum specification |
| 400 | ErrorNatCustomRouteEntryDifferent | The custom route entries in the routing tables are inconsistent. | The custom route entries in the routing tables are inconsistent. |
| 400 | ErrorSnatEntryQuotaExceed | SNAT entry quota exceeded. | The number of SNAT entries reaches the specification limit |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.