This article describes how to use the REST API to add an IPv4 Range to the Network Domain SNAT Exclusion list. This can only be done on an Enterprise Network Domain.

Note that the REST client used for demonstration purposes in this article may differ somewhat from yours but the basic functions should be common. Please refer to REST API Client Requirements for the CloudControl API for an overview of the REST client requirements for CloudControl APIs.


  1. User must have Primary Administrator or Network role
  2. Network Domain id must be valid and belong to the organization
  3. Network Domain must be in a NORMAL state
  4. New IPv4 SNAT Exclusions can only be added to an Enterprise Network Domain
    1. On Essentials/Advanced, users can:
      1.  View and Delete client SNAT Exclusions
      2. Restore the system default IPv4 SNAT Exclusion List to the Network Domain
      3. Cannot Add client SNAT Exclusions
  5. The Source IPv4 Network Address must be a valid IPv4 address in the form of x.x.x.x
  6. The Source IPv4 Prefix Size must be a range between /8 and /28 inclusive
    1. This includes all ranges from /8 to /28, i.e. /9, /10.../27, /28
  7. The Source IPv4 Network Address and Source IPv4 Prefix Size cannot match any other SNAT Exclusion
  8. Users can have a maximum of 100 IPv4 SNAT Exclusions per Network Domain, including the System SNAT Exclusions
  9. The description cannot exceed 255 characters.
  10. Some Ranges are not allowed:

    CIDR Block


    Any destination base address of except with destinationPrefixSize of 0 (i.e. is ok) is valid.

    Other prefixes such as or or are NOT allowed
    100.64.x.x/28 (the portion associated with the Network Domain)CGNAT Space–––

Other requirements to use this API function

  1. Must have a REST client installed on your computer
  2. Network Domain must be Enterprise. See How to Manage a Network Domain Type using REST API

Content / Solution:

  1. Open your desired REST client and Set the HTTP Request to the POST method:

  2. Set the Authorization Type to Basic Auth:

  3. Enter the Username and Password for the Cloud account:

    Note: These are the same credentials you use to login to the Updated UI

  4. Navigate to the Headers tab and set the following Headers:

    Key: Authorization

    • Value: Basic

    Key: Content-Type

    • Value: application/json

  5. Enter the API Request URL in the address bar of the REST Client:

    https://<Cloud API Host>/caas/2.9/{orgid}/network/addSnatExclusion

    Note: The Cloud API Host address can be found in the Support and Additional URLs dashboard. See Support and Additional URLs

  6. Replace "<Cloud API Host>" with the appropriate Cloud API URL, and replace "{orgid}" with your organization ID:

    Note: Be sure to remove any brackets around the Cloud API URL and the ORG ID.

  7. Navigate to the Body portion of the REST Client, and select "raw":

  8. Enter the body of the API request:

      "networkDomainId": "043a31ca-3323-4c31-84de-074d69c024b7",
      "destinationIpv4NetworkAddress" : "",
      "destinationIpv4PrefixSize" : "24",
      "description" : "A Customer SNAT Exclusion"

    Note: Paste the correct values for each input between the quotation marks. Be sure to remove the <angle brackets> from around the inputs

  9. Click Send:

  10. The response will be displayed in the Response section of the REST Client: