Network Data Models

Table of Contents

1. Overview
2. Model Types
3. Common Model Patterns
4. Usage Examples
5. Models by Category
6. NAT Rules
7. Best Practices
8. Related Documentation

Overview

The Strata Cloud Manager SDK uses Pydantic models for data validation and serialization of network configurations. These models ensure that the data being sent to and received from the Strata Cloud Manager API adheres to the expected structure and constraints. This section documents the models for network configuration resources.

Model Types

For each network configuration, there are corresponding model types:

• Create Models: Used when creating new network resources ({Object}CreateModel)
• Update Models: Used when updating existing network resources ({Object}UpdateModel)
• Response Models: Used when parsing network data retrieved from the API ({Object}ResponseModel)
• Base Models: Common shared attributes for related network models ({Object}BaseModel)

Common Model Patterns

Network models share common patterns:

• Container validation (exactly one of folder/snippet/device)
• UUID validation for identifiers
• Network address and service validation
• Translation configuration validation
• Rule positioning and ordering logic
• Discriminated union patterns for advanced configurations

Usage Examples

from scm.client import ScmClient
from scm.models.network import NatRuleCreateModel, NatRuleUpdateModel
# Initialize clientclient = ScmClient(
client_id="your_client_id",
client_secret="your_client_secret",
tsg_id="your_tsg_id"
)
# Create a new NAT rule using a modelnat_rule = NatRuleCreateModel(
name="outbound-nat",
source=["10.0.0.0/24"],
destination=["any"],
service="any",
nat_type="ipv4",
source_translation={
"dynamic_ip_and_port": {
"type": "dynamic_ip_and_port",
"translated_address": ["192.168.1.100"]
}
},
folder="NAT Rules"
)
# Convert the model to a dictionary for the API callrule_dict = nat_rule.model_dump(exclude_unset=True)
result = client.nat_rule.create(rule_dict)
# Update an existing NAT rule using a modelupdate_rule = NatRuleUpdateModel(
id=result.id,
name="outbound-nat-updated",
description="Updated outbound NAT rule",
folder="NAT Rules"
)

update_dict = update_rule.model_dump(exclude_unset=True)
updated_result = client.nat_rule.update(update_dict)

Models by Category

IKE Crypto Profiles

• IKE Crypto Profile Models - Internet Key Exchange crypto profiles for VPN tunnels

IKE Gateways

• IKE Gateway Models - Internet Key Exchange gateways for VPN tunnel endpoints

IPsec Crypto Profiles

• IPsec Crypto Profile Models - IPsec crypto profiles for VPN tunnels

NAT Rules

• NAT Rule Models - Network Address Translation rules

Security Zones

• Security Zone Models - Security Zone configuration and management

Best Practices

1. Model Validation
2. Always validate network configuration data with models before sending to the API
3. Handle validation errors appropriately for network configurations

4. Use model_dump(exclude_unset=True) to avoid sending default values in network rules

5. NAT Rule Configuration

6. Ensure source and destination addresses are properly formatted
7. Validate that exactly one translation type is specified
8. Test NAT rules in a non-production environment first

9. Document NAT rules and their intended purpose

10. Network Address Handling

11. Validate IP addresses and subnets before creating rules
12. Use CIDR notation consistently for network addresses
13. Be aware of overlapping network definitions

14. Consider using address objects for frequently used networks

15. Error Handling

16. Catch and handle ValueError exceptions from network model validation
17. Check for common NAT configuration issues (missing translation, invalid addresses)
18. Validate that referenced services exist when used in NAT rules

Related Documentation

• Network Configuration - Working with network configurations
• NAT Rules Configuration - NAT rule operations
• Address Models - Address models used in network configurations