Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"nat_traversal_keep_alive" is optional but throws an error if not set #444

Open
ivanchakarov opened this issue Aug 1, 2024 · 0 comments
Open

"nat_traversal_keep_alive" is optional but throws an error if not set #444

ivanchakarov opened this issue Aug 1, 2024 · 0 comments
Labels
bug

Comments

@ivanchakarov
Copy link

Describe the bug

The "nat_traversal_keep_alive" argument of the "panos_ike_gateway" resource is marked as optional, but if not set it throws an error. This happens only if "enable_nat_traversal" is set to true.

Expected behavior

The expectation is that we should be able to enable NAT Traversal without setting this parameter.

Current behavior

If I dont set a value for this argument I get the following error:

Error: Second-GW -> protocol-common -> nat-traversal -> keep-alive-interval should be equal to or between 10 and 3600 | Second-GW -> protocol-common -> nat-traversal -> keep-alive-interval is invalid

Possible solution

Steps to reproduce

  1. Create a variable without "nat_traversal_keep_alive" and set "enable_nat_traversal" to "true".
ikeGateways = {
    Second-GW = {
        version                     = "ikev2"
        enable_ipv6                 = false        
        interface                   = "ethernet1/2"
        local_ip_address_value      = "10.10.10.1/24"
        peer_ip_type                = "ip"
        peer_ip_value               = "9.9.9.9"
        auth_type                   = "pre-shared-key"
        pre_shared_key              = "P@ssw0rd123$"
        enable_passive_mode         = false
        enable_nat_traversal        = true
        ikev2_crypto_profile        = "Second-IKE-Profile"
        enable_liveness_check       = false
        liveness_check_interval     = "5"
        disabled                    = true
    }
}
  1. Create the following ressource
resource "panos_ike_gateway" "CreateIKEGateways" {
    for_each                    = var.ikeGateways
    name                        = each.key
    version                     = each.value.version
    enable_ipv6                 = each.value.enable_ipv6
    interface                   = each.value.interface
    local_ip_address_value      = each.value.local_ip_address_value
    peer_ip_type                = each.value.peer_ip_type
    peer_ip_value               = each.value.peer_ip_value
    auth_type                   = each.value.auth_type
    pre_shared_key              = each.value.pre_shared_key
    enable_passive_mode         = each.value.enable_passive_mode
    enable_nat_traversal        = each.value.enable_nat_traversal
    ikev2_crypto_profile        = each.value.ikev2_crypto_profile
    enable_liveness_check       = each.value.enable_liveness_check
    liveness_check_interval     = each.value.liveness_check_interval
    disabled                    = each.value.disabled

    lifecycle {
        create_before_destroy = true
    }
}
  1. Apply the configuration

Screenshots

Screenshot 2024-08-01 164850

Context

I don't think this parameter is needed in order to create IKE gateway. Even in the PAN GUI, there is no option to change its value.

Your Environment

  • Version used:

Terraform v1.9.2
PAN-OS 10.2.8
Python 3.10.12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ivanchakarov