You can add, edit, and delete existing NSX NAT rules in a deployed NAT one-to-many network.

You can also change the order in which the NAT rules are processed.


If the deployment's source blueprint is imported from a YAML file that contains a NAT network component, and the NAT network component's name and ID values are not identical, the Change NAT Rules action fails. To allow the Change NAT Rules action for a deployment that is based on an imported blueprint, perform the following steps in the blueprint before you provision a deployment.

  1. Start vRealize Automation, click the Design tab, and open the blueprint.

  2. Click Edit and change the blueprint name. This sets the name and embedded ID to the same value.

  3. Select the NAT network component in the blueprint.

  4. Click Edit and re-enter the component name. This sets the name and embedded ID to the same value.

  5. Repeat for all NAT network components in the blueprint.

  6. Save the blueprint.

To avoid this issue, ensure that all YAML files have identical name and ID values for all blueprints and load balancer, network, and security components prior to importing them.

For related information, see Creating and Using NAT Rules and Add an On-Demand NAT or On-Demand Routed Network Component.


  • Log in to vRealize Automation as a machine owner, support user, business group user with a shared access role, or business group manager.

  • Verify that you are entitled to change NAT rules in a network.

  • Verify that the NAT network is configured as a NAT one-to-many network. The action is not available for NAT one-to-one networks.


  1. Select Items > Deployment.
  2. Locate the deployment and display its children components.

  3. Select the NAT network component to edit.

    For an on-demand NAT network associated with a third-party IPAM provider, you cannot edit the component. However, you can manually add a new a destination IP address. When you add a new destination IP address, the component value is nulled. The new destination IP address and the null machine ID are processed when you submit the reconfiguration request.
  4. Click Change NAT Rules from the Actions menu.

  5. Add new NAT port forwarding rules, reorder rules, edit existing rules, or delete rules.
  6. When you have finished making changes, click Save or Submit to submit the reconfiguration request.