morpheus-cli 5.3.2 → 5.3.2.1

data/lib/morpheus/cli/network_routers_command.rb

@@ -11,10 +11,12 @@ class Morpheus::Cli::NetworkRoutersCommand
   include Morpheus::Cli::WhoamiHelper
 
   set_command_name :'network-routers'
-  register_subcommands :list, :get, :firewall, :dhcp, :routes, :types, :type, :add, :update, :remove
-  register_subcommands :add_firewall_rule, :remove_firewall_rule
-  register_subcommands :add_route, :remove_route
+  register_subcommands :list, :get, :firewall, :dhcp, :types, :type, :add, :update, :remove
+  register_subcommands :add_firewall_rule_group, :update_firewall_rule_group, :remove_firewall_rule_group, :firewall_rule_groups, :firewall_rule_group
+  register_subcommands :add_firewall_rule, :update_firewall_rule, :remove_firewall_rule, :firewall_rules, :firewall_rule
+  register_subcommands :add_route, :remove_route, :routes
   register_subcommands :update_permissions
+  register_subcommands :add_nat, :update_nat, :remove_nat, :nats, :nat
 
   def initialize()
   end
@@ -107,7 +109,7 @@ class Morpheus::Cli::NetworkRoutersCommand
     options = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
       opts.banner = subcommand_usage("[router]")
-      opts.on('--details', "Display details: firewall, DHCP, and routing." ) do
+      opts.on('--details', "Display details: firewall, DHCP, routing, and NATs." ) do
         options[:details] = true
       end
       build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
@@ -192,7 +194,7 @@ class Morpheus::Cli::NetworkRoutersCommand
       if router['type']['hasFirewall']
         print_h2 "Firewall"
         print cyan
-        print_firewall(router, options[:details])
+        print_firewall(router, options)
       end
       if router['type']['hasDhcp']
         print_h2 "DHCP"
@@ -204,6 +206,11 @@ class Morpheus::Cli::NetworkRoutersCommand
         print cyan
         print_routes(router)
       end
+      if router['type']['hasNat'] && options[:details]
+        print_h2 "NATs"
+        print cyan
+        print_nats(router)
+      end
       if router['permissions'] && options[:details]
         print_h2 "Tenant Permissions"
         print cyan
@@ -360,9 +367,15 @@ class Morpheus::Cli::NetworkRoutersCommand
     params = {}
     optparse = Morpheus::Cli::OptionParser.new do|opts|
       opts.banner = subcommand_usage("[router]")
-      opts.on('-D', '--description VALUE', String, "Description") do |val|
+      opts.on('-n', '--name VALUE', String, "Name for this network") do |val|
+        params['name'] = val
+      end
+      opts.on('-D', '--description VALUE', String, "Description for this network") do |val|
         params['description'] = val
       end
+      opts.on('--enabled [on|off]', String, "Can be used to enable / disable the network router. Default is on") do |val|
+        options[:enabled] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
+      end
       build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
       opts.footer = "Update a network router."
     end
@@ -388,7 +401,7 @@ class Morpheus::Cli::NetworkRoutersCommand
         end
 
         if options[:options]
-          params.deep_merge!(options[:options].reject {|k,v| k.is_a?(Symbol) || ['name', 'routerType'].include?(k)})
+          params.deep_merge!(options[:options].reject {|k,v| k.is_a?(Symbol) || ['name', 'routerType', 'enabled', 'description'].include?(k)})
         end
         payload = {'networkRouter' => params}
       end
@@ -468,6 +481,9 @@ class Morpheus::Cli::NetworkRoutersCommand
     options = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
       opts.banner = subcommand_usage("[router]")
+      opts.on('--details', "Display details." ) do
+        options[:details] = true
+      end
       build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
       opts.footer = "Display network router firewall details." + "\n" +
           "[router] is required. This is the name or id of a network router."
@@ -480,21 +496,18 @@ class Morpheus::Cli::NetworkRoutersCommand
       puts optparse
       return 1
     end
-    _firewall(args[0], options)
-  end
 
-  def _firewall(router_id, options)
     begin
       @network_routers_interface.setopts(options)
       if options[:dry_run]
         if args[0].to_s =~ /\A\d{1,}\Z/
-          print_dry_run @network_routers_interface.dry.get(router_id.to_i)
+          print_dry_run @network_routers_interface.dry.get(args[0].to_i)
         else
-          print_dry_run @network_routers_interface.dry.list({name:router_id})
+          print_dry_run @network_routers_interface.dry.list({name:args[0]})
         end
         return
       end
-      router = find_router(router_id)
+      router = find_router(args[0])
       if router.nil?
         return 1
       end
@@ -512,34 +525,930 @@ class Morpheus::Cli::NetworkRoutersCommand
         return 0
       end
 
-      if !options[:rules_only]
-        print_h1 "Network Router Firewall Details for: #{router['name']}"
-      end
-
+      print_h1 "Network Router Firewall Details For: #{router['name']}"
       print cyan
 
       if router['type']['hasFirewall']
-        print_firewall(router, true, options[:rules_only])
+        print_firewall(router, options)
       else
         print_red_alert "Firewall not supported for #{router['type']['name']}"
       end
-      println reset
-    rescue RestClient::Exception => e
-      print_rest_exception(e, options)
-      return 1
-    end
-  end
-
-  def add_firewall_rule(args)
-    options = {:options=>{}}
-    params = {}
-    optparse = Morpheus::Cli::OptionParser.new do|opts|
-      opts.banner = subcommand_usage("[router] [name]")
-      opts.on('-n', '--name VALUE', String, "Name for this firewall rule") do |val|
-        params['name'] = val
+      println reset
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      return 1
+    end
+  end
+
+  def firewall_rule_groups(args)
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[router]")
+      build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
+      opts.footer = "Display network router firewall rule groups.\n" +
+        "[router] is required. This is the name or id of a network router."
+    end
+
+    optparse.parse!(args)
+    connect(options)
+
+    if args.count < 1
+      puts optparse
+      return 1
+    end
+
+    begin
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        if router_id.to_s =~ /\A\d{1,}\Z/
+          print_dry_run @network_routers_interface.dry.get(router_id.to_i)
+        else
+          print_dry_run @network_routers_interface.dry.list({name:router_id})
+        end
+        return
+      end
+
+      router = find_router(args[0])
+      if router.nil?
+        return 1
+      end
+      _firewall_rule_groups(router, options)
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      return 1
+    end
+  end
+
+  def _firewall_rule_groups(router, options)
+    if router['type']['hasFirewallGroups']
+      json_response = {'ruleGroups' => router['firewall']['ruleGroups'] || []}
+
+      if options[:json]
+        puts as_json(json_response, options, "ruleGroups")
+        return 0
+      elsif options[:yaml]
+        puts as_yaml(json_response, options, "ruleGroups")
+        return 0
+      elsif options[:csv]
+        puts records_as_csv(json_response['ruleGroups'], options)
+        return 0
+      end
+
+      if (router['firewall']['ruleGroups'] || []).count > 0
+        print_h1 "Firewall Rule Groups For: #{router['name']}"
+        rows = router['firewall']['ruleGroups'].collect do |rule_group|
+          {
+            id: rule_group['id'],
+            name: rule_group['name'],
+            description: rule_group['description'],
+            priority: rule_group['priority'],
+            category: rule_group['groupLayer']
+          }
+        end
+        rows = rows.reject {|it| it[:id].to_s != options[:rule_group_id].to_s} if options[:rule_group_id]
+        puts as_pretty_table(rows, [:id, :name, :description, :priority, :category])
+      else
+        print_h1 "No Firewall Rule Groups"
+      end
+    else
+      print_red_alert "Firewall rule groups not supported for #{router['type']['name']}"
+    end
+    println reset
+  end
+
+  def firewall_rule_group(args)
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[router]")
+      build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
+      opts.footer = "Display network router firewall rule group details." + "\n" +
+        "[router] is required. This is the name or id of a network router.\n" +
+        "[group] is required. This is the name or id of a firewall rule group.\n"
+    end
+
+    optparse.parse!(args)
+    connect(options)
+
+    if args.count < 2
+      puts optparse
+      return 1
+    end
+    _firewall_rule_group(args[0], args[1], options)
+  end
+
+  def _firewall_rule_group(router_id, group_id, options)
+    begin
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        if args[0].to_s =~ /\A\d{1,}\Z/
+          print_dry_run @network_routers_interface.dry.get(router_id.to_i)
+        else
+          print_dry_run @network_routers_interface.dry.list({name:router_id})
+        end
+        return
+      end
+      router = find_router(router_id)
+      if router.nil?
+        return 1
+      end
+
+      if router['type']['hasFirewallGroups']
+        group = (router['firewall']['ruleGroups'] || []).find {|it| it['id'].to_s == group_id.to_s || it['name'] == group_id.to_s}
+
+        if group
+          json_response = {'ruleGroup' => group}
+
+          if options[:json]
+            puts as_json(json_response, options, "ruleGroup")
+            return 0
+          elsif options[:yaml]
+            puts as_yaml(json_response, options, "ruleGroup")
+            return 0
+          elsif options[:csv]
+            puts records_as_csv([json_response['ruleGroup']], options)
+            return 0
+          end
+
+          print_h1 "Firewall Rule Group Details"
+          print cyan
+          description_cols = {
+            "ID" => lambda {|it| it['id'] },
+            "Name" => lambda {|it| it['name'] },
+            "Description" => lambda {|it| it['description']},
+            "Priority" => lambda {|it| it['priority']},
+            "Category" => lambda {|it| it['groupLayer']}
+          }
+          print_description_list(description_cols, group)
+        else
+          print_red_alert "Firewall rule group #{group_id} not found for router #{router['name']}"
+        end
+      else
+        print_h1 "No Firewall Rule Groups"
+      end
+      println reset
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      return 1
+    end
+  end
+
+  def add_firewall_rule_group(args)
+    options = {:options=>{}}
+    params = {}
+    optparse = Morpheus::Cli::OptionParser.new do|opts|
+      opts.banner = subcommand_usage("[router] [name]")
+      opts.on('-n', '--name VALUE', String, "Name for this firewall rule group") do |val|
+        params['name'] = val
+      end
+      opts.on('-D', '--description VALUE', String, "Description for this firewall rule group") do |val|
+        params['description'] = val
+      end
+      opts.on('--priority VALUE', Integer, "Priority for this firewall rule group (not applicable to all firewall types)") do |val|
+        params['priority'] = val
+      end
+      build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
+      opts.footer = "Create a network router firewall rule group."
+    end
+    optparse.parse!(args)
+    connect(options)
+    if args.count < 1 || args.count > 2
+      print_error Morpheus::Terminal.angry_prompt
+      puts_error  "wrong number of arguments, expected 1-2 and got (#{args.count}) #{args.inspect}\n#{optparse}"
+      return 1
+    end
+    if args.count > 1
+      params['name'] = args[1]
+    end
+    begin
+      router = find_router(args[0])
+
+      if router.nil?
+        return 1
+      end
+
+      if !router['type']['hasFirewallGroups']
+        print_red_alert "Firewall rule groups not supported for #{router['type']['name']}"
+        return 1
+      end
+
+      if options[:payload]
+        payload = options[:payload]
+      else
+        params['name'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'name', 'type' => 'text', 'fieldLabel' => 'Group Name', 'required' => true}], options[:options], @api_client, params)['name']
+        params['description'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'description', 'type' => 'text', 'fieldLabel' => 'Description', 'required' => false}], options[:options], @api_client, params)['description']
+
+        if router['type']['hasSecurityGroupPriority']
+          params['priority'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'priority', 'type' => 'number', 'fieldLabel' => 'Priority', 'required' => false}], options[:options], @api_client, params)['priority']
+        end
+
+        option_types = router['type']['ruleGroupOptionTypes'].reject {|it| ['name'].include?(it['fieldName'])}.sort {|it| it['displayOrder']}
+
+        # prompt options
+        option_result = Morpheus::Cli::OptionTypes.prompt(option_types, options[:options].deep_merge({:context_map => {'group' => ''}}), @api_client, {}, nil, true)
+        payload = {'ruleGroup' => params.deep_merge(option_result)}
+      end
+
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @network_routers_interface.dry.create_firewall_rule_group(router['id'], payload)
+        return
+      end
+
+      json_response = @network_routers_interface.create_firewall_rule_group(router['id'], payload)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response), "\n"
+        return
+      end
+      print_green_success "\nAdded Network Router Firewall Rule Group #{payload['ruleGroup']['name']}\n"
+      _firewall_rule_group(router['id'], json_response['id'], options)
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def update_firewall_rule_group(args)
+    options = {:options=>{}}
+    params = {}
+    optparse = Morpheus::Cli::OptionParser.new do|opts|
+      opts.banner = subcommand_usage("[router] [name]")
+      opts.on('-n', '--name VALUE', String, "Name for this firewall rule group") do |val|
+        params['name'] = val
+      end
+      opts.on('-D', '--description VALUE', String, "Description for this firewall rule group") do |val|
+        params['description'] = val
+      end
+      opts.on('--priority VALUE', Integer, "Priority for this firewall rule group (not applicable to all firewall types)") do |val|
+        params['priority'] = val
+      end
+      build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
+      opts.footer = "Update a network router firewall rule group.\n" +
+        "[router] is required. This is the name or id of an existing network router.\n" +
+        "[name] is required. This is the name or id of an existing network router firewall rule group."
+    end
+
+    optparse.parse!(args)
+    if args.count != 2
+      raise_command_error "wrong number of arguments, expected 2 and got (#{args.count}) #{args}\n#{optparse}"
+    end
+    connect(options)
+
+    begin
+      router = find_router(args[0])
+
+      if router.nil?
+        return 1
+      end
+
+      if !router['type']['hasFirewallGroups']
+        print_red_alert "Firewall rule group not supported for #{router['type']['name']}"
+        return 1
+      end
+
+      group = router['firewall'] && router['firewall']['ruleGroups'] ? router['firewall']['ruleGroups'].find {|it| it['name'] == args[1] || it['id'] == args[1].to_i} : nil
+
+      if !group
+        print_red_alert "Firewall rule group #{args[1]} not found for router #{router['name']}"
+        exit 1
+      end
+
+      payload = parse_payload(options) || {'ruleGroup' => params}
+      payload['ruleGroup'].deep_merge!(options[:options].reject {|k,v| k.is_a?(Symbol) }) if options[:options]
+
+      if payload['ruleGroup'].empty?
+        print_green_success "Nothing to update"
+        exit 1
+      end
+
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @network_routers_interface.dry.update_firewall_rule_group(router['id'], group['id'], payload)
+        return
+      end
+
+      json_response = @network_routers_interface.update_firewall_rule_group(router['id'], group['id'], payload)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response), "\n"
+        return
+      end
+      print_green_success "\nUpdated Network Router Firewall Rule Group #{payload['ruleGroup']['name']}\n"
+      _firewall_rule_group(router['id'], args[1], options)
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def remove_firewall_rule_group(args)
+    options = {}
+    query_params = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[router] [group]")
+      build_common_options(opts, options, [:auto_confirm, :json, :dry_run, :quiet, :remote])
+      opts.footer = "Delete a network router firewall rule group.\n" +
+        "[router] is required. This is the name or id of an existing network router."
+        "[group] is required. This is the name or id of an existing network router firewall rule group."
+    end
+    optparse.parse!(args)
+    if args.count != 2
+      raise_command_error "wrong number of arguments, expected 2 and got (#{args.count}) #{args}\n#{optparse}"
+    end
+    connect(options)
+
+    begin
+      router = find_router(args[0])
+      return if !router
+
+      group = router['firewall'] && router['firewall']['ruleGroups'] ? router['firewall']['ruleGroups'].find {|it| it['name'] == args[1] || it['id'] == args[1].to_i} : nil
+
+      if !group
+        print_red_alert "Firewall rule group #{args[1]} not found for router #{router['name']}"
+        exit 1
+      end
+
+      unless options[:yes] || ::Morpheus::Cli::OptionTypes::confirm("Are you sure you would like to remove the firewall rule group '#{group['name']}' from router '#{router['name']}'?", options)
+        return 9, "aborted command"
+      end
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @network_routers_interface.dry.destroy_firewall_rule_group(router['id'], group['id'])
+        return
+      end
+      json_response = @network_routers_interface.destroy_firewall_rule_group(router['id'], group['id'])
+      if options[:json]
+        print JSON.pretty_generate(json_response)
+        print "\n"
+      elsif !options[:quiet]
+        print_green_success "\nFirewall rule group #{group['name']} for router #{router['name']} is being removed...\n"
+        _firewall_rule_groups(find_router(router['id']), options)
+      end
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def firewall_rules(args)
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[router]")
+      build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
+      opts.footer = "Display network router firewall rules.\n" +
+        "[router] is required. This is the name or id of a network router."
+    end
+
+    optparse.parse!(args)
+    connect(options)
+
+    if args.count < 1
+      puts optparse
+      return 1
+    end
+
+    begin
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        if args[0].to_s =~ /\A\d{1,}\Z/
+          print_dry_run @network_routers_interface.dry.get(args[0].to_i)
+        else
+          print_dry_run @network_routers_interface.dry.list({name:args[0]})
+        end
+        return
+      end
+      router = find_router(args[0])
+      if router.nil?
+        return 1
+      end
+
+      _firewall_rules(router, options)
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      return 1
+    end
+  end
+
+  def _firewall_rules(router, options)
+    if router['type']['hasFirewall']
+      rules = router['type']['hasFirewallGroups'] ? (router['firewall']['ruleGroups'] || []).collect {|it| it['rules']}.flatten : router['firewall']['rules']
+
+      json_response = {'rules' => rules}
+
+      if options[:json]
+        puts as_json(json_response, options, "rules")
+        return 0
+      elsif options[:yaml]
+        puts as_yaml(json_response, options, "rules")
+        return 0
+      elsif options[:csv]
+        puts records_as_csv(json_response['rules'], options)
+        return 0
+      end
+
+      if router['type']['hasFirewallGroups']
+        rules = []
+        (router['firewall']['ruleGroups'] || []).each do |rule_group|
+          (rule_group['rules'] || []).each do |rule|
+            rule['groupId'] = rule_group['id']
+            rule['groupName'] ||= rule_group['name']
+            rules << rule
+          end
+        end
+      end
+
+      if rules.count > 0
+        print_h1 "Firewall Rules For: #{router['name']}"
+        rows = rules.collect do |it|
+          {
+            id: it['id'],
+            group_name: it['groupName'],
+            name: it['name'],
+            type: it['ruleType'],
+            policy: it['policy'],
+            direction: it['direction'] || 'any',
+            source: it['source'].kind_of?(Array) && it['source'].count > 0 ? it['source'].join(', ') : (it['source'].nil? || it['source'].empty? ? 'any' : it['source']),
+            destination: it['destination'].kind_of?(Array) && it['destination'].count > 0 ? it['destination'].join(', ') : (it['destination'].nil? || it['destination'].empty? ? 'any' : it['destination']),
+            application: it['applications'].count > 0 ? it['applications'][0]['name'] : "#{(it['protocol'] || 'any')} #{it['portRange'] || ''}"
+          }
+        end
+
+        if router['type']['hasFirewallGroups']
+          puts as_pretty_table(rows, [:id, :group_name, :name, :type, :policy, :direction, :source, :destination, :application])
+        else
+          puts as_pretty_table(rows, [:id, :name, :type, :policy, :direction, :source, :destination, :application])
+        end
+      else
+        print_h1 "No Firewall Rules"
+      end
+    else
+      print_red_alert "Firewall not supported for #{router['type']['name']}"
+    end
+    println reset
+  end
+
+  def firewall_rule(args)
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[router] [rule]")
+      build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
+      opts.footer = "Display network router firewall rule details." + "\n" +
+        "[router] is required. This is the name or id of a network router.\n" +
+        "[rule] is required. This is the name or id of a firewall rule.\n"
+    end
+
+    optparse.parse!(args)
+    connect(options)
+
+    if args.count < 2
+      puts optparse
+      return 1
+    end
+    _firewall_rule(args[0], args[1], options)
+  end
+
+  def _firewall_rule(router_id, rule_id, options)
+    begin
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        if args[0].to_s =~ /\A\d{1,}\Z/
+          print_dry_run @network_routers_interface.dry.get(router_id.to_i)
+        else
+          print_dry_run @network_routers_interface.dry.list({name:router_id})
+        end
+        return
+      end
+      router = find_router(router_id)
+      if router.nil?
+        return 1
+      end
+
+      if router['type']['hasFirewall']
+        rule = find_firewall_rule(router, rule_id)
+
+        if rule
+          json_response = {'rule' => rule}
+
+          if options[:json]
+            puts as_json(json_response, options, "rule")
+            return 0
+          elsif options[:yaml]
+            puts as_yaml(json_response, options, "rule")
+            return 0
+          elsif options[:csv]
+            puts records_as_csv([json_response['rule']], options)
+            return 0
+          end
+
+          print_h1 "Firewall Rule Details"
+          print cyan
+          description_cols = {
+            "ID" => lambda {|it| it['id'] },
+            "Enabled" => lambda {|it| format_boolean(it['enabled'])},
+            "Priority" => lambda {|it| it['priority']},
+            "Name" => lambda {|it| it['name'] },
+            "Type" => lambda {|it| it['ruleType'] },
+            "Policy" => lambda {|it| it['policy'] },
+            "Direction" => lambda {|it| it['direction'] || 'any' },
+            "Source" => lambda {|it| it['source'].kind_of?(Array) && it['source'].count > 0 ? it['source'].join(', ') : (it['source'].nil? || it['source'].empty? ? 'any' : it['source']) },
+            "Destination" => lambda {|it| it['destination'].kind_of?(Array) && it['destination'].count > 0 ? it['destination'].join(', ') : (it['destination'].nil? || it['destination'].empty? ? 'any' : it['destination'])},
+            "Application" => lambda {|it| it['applications'].count > 0 ? it['applications'][0]['name'] : "#{(it['protocol'] || 'any')} #{it['portRange'] || ''}"}
+          }
+          print_description_list(description_cols, rule)
+        else
+          print_red_alert "Firewall rule #{rule_id} not found for router #{router['name']}"
+        end
+      else
+        print_red_alert "Firewall not supported for #{router['type']['name']}"
+      end
+      println reset
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      return 1
+    end
+  end
+
+  def add_firewall_rule(args)
+    options = {:options=>{}}
+    params = {}
+    optparse = Morpheus::Cli::OptionParser.new do|opts|
+      opts.banner = subcommand_usage("[router] [name]")
+      opts.on('-n', '--name VALUE', String, "Name for this firewall rule") do |val|
+        params['name'] = val
+      end
+      opts.on('--enabled [on|off]', String, "Can be used to enable / disable the rule. Default is on") do |val|
+        params['enabled'] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
+      end
+      opts.on( '-g', '--group GROUP', "Firewall rule group name or ID (not applicable to all firewall types)" ) do |val|
+        options[:group] = val
+      end
+      opts.on('--priority VALUE', Integer, "Priority for this rule (not applicable to all firewall types)") do |val|
+        params['priority'] = val
+      end
+      build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
+      opts.footer = "Create a network router firewall rule."
+    end
+    optparse.parse!(args)
+    connect(options)
+    if args.count < 1 || args.count > 2
+      print_error Morpheus::Terminal.angry_prompt
+      puts_error  "wrong number of arguments, expected 1-2 and got (#{args.count}) #{args.inspect}\n#{optparse}"
+      return 1
+    end
+    if args.count > 1
+      params['name'] = args[1]
+    end
+    begin
+      router = find_router(args[0])
+
+      if router.nil?
+        return 1
+      end
+
+      if !router['type']['hasFirewall']
+        print_red_alert "Firewall not supported for #{router['type']['name']}"
+        return 1
+      end
+
+      if options[:payload]
+        payload = options[:payload]
+      else
+        params['name'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'name', 'type' => 'text', 'fieldLabel' => 'Rule Name', 'required' => true}], options[:options], @api_client, params)['name']
+
+        if router['type']['hasFirewallGroups']
+          if !router['firewall']['ruleGroups'].count
+            print_red_alert "No firewall rule group found for #{router['type']['name']}"
+            return 1
+          end
+
+          if options[:group]
+            group = router['firewall']['ruleGroups'].find {|it| it['name'] == options[:group] || it['id'] == options[:group].to_i}
+            if !group
+              print_red_alert "Firewall rule group #{options[:group]} not found for #{router['type']['name']}"
+              return 1
+            end
+            group_id = group['id']
+          else
+            group_id = Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'group', 'type' => 'select', 'fieldLabel' => 'Rule Group', 'required' => true, 'selectOptions' => router['firewall']['ruleGroups'].collect {|it| {'name' => it['name'], 'value' => it['id']}}}])['group']
+          end
+
+          params['config'] = {} if params['config'].nil?
+          params['config']['parentId'] = "group-#{group_id}"
+        end
+
+        params['enabled'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'enabled', 'fieldLabel' => 'Enabled', 'type' => 'checkbox', 'description' => 'Enable Rule.', 'defaultValue' => true, 'required' => false}], options, @api_client, {})['enabled'] == 'on'
+
+        if router['type']['code'].start_with?('nsx-t')
+          params['priority'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'priority', 'type' => 'number', 'fieldLabel' => 'Priority', 'required' => false}], options[:options], @api_client, params)['priority']
+        end
+
+        option_types = router['type']['ruleOptionTypes'].reject {|it| ['name'].include?(it['fieldName'])}.sort {|it| it['displayOrder']}
+
+        # prompt options
+        api_params = {}
+        api_params['networkServerId'] = router['networkServer']['id'] if router['networkServer']
+        api_params['zoneId'] = router['zone']['id'] if router['networkServer'].nil?
+        api_params['groupId'] = options[:group] if !options[:group].nil?
+        option_result = Morpheus::Cli::OptionTypes.prompt(option_types, options[:options].deep_merge({:context_map => {'rule' => ''}}), @api_client, api_params, nil, true)
+        payload = {'rule' => params.deep_merge(option_result)}
+      end
+
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @network_routers_interface.dry.create_firewall_rule(router['id'], payload)
+        return
+      end
+
+      json_response = @network_routers_interface.create_firewall_rule(router['id'], payload)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response), "\n"
+        return
+      end
+      print_green_success "\nAdded Network Router Firewall Rule #{payload['rule']['name']}\n"
+      _firewall_rule(router['id'], json_response['id'], options)
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def update_firewall_rule(args)
+    options = {:options=>{}}
+    params = {}
+    optparse = Morpheus::Cli::OptionParser.new do|opts|
+      opts.banner = subcommand_usage("[router] [name]")
+      opts.on('-n', '--name VALUE', String, "Name for this firewall rule") do |val|
+        params['name'] = val
+      end
+      opts.on('--enabled [on|off]', String, "Can be used to enable / disable the rule. Default is on") do |val|
+        params['enabled'] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
+      end
+      opts.on('--priority VALUE', Integer, "Priority for this rule (not applicable to all firewall types)") do |val|
+        params['priority'] = val
+      end
+      build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
+      opts.footer = "Update a network router firewall rule.\n" +
+        "[router] is required. This is the name or id of an existing network router.\n" +
+        "[name] is required. This is the name or id of an existing network router firewall rule."
+    end
+
+    optparse.parse!(args)
+    if args.count != 2
+      raise_command_error "wrong number of arguments, expected 2 and got (#{args.count}) #{args}\n#{optparse}"
+    end
+    connect(options)
+
+    begin
+      router = find_router(args[0])
+
+      if router.nil?
+        return 1
+      end
+
+      if !router['type']['hasFirewall']
+        print_red_alert "Firewall not supported for #{router['type']['name']}"
+        return 1
+      end
+
+      rule = find_firewall_rule(router, args[1])
+
+      if !rule
+        print_red_alert "Firewall rule #{args[1]} not found for router #{router['name']}"
+        exit 1
+      end
+
+      payload = parse_payload(options) || {'rule' => params}
+      payload['rule'].deep_merge!(options[:options].reject {|k,v| k.is_a?(Symbol) }) if options[:options]
+
+      if payload['rule'].empty?
+        print_green_success "Nothing to update"
+        exit 1
+      end
+
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @network_routers_interface.dry.update_firewall_rule(router['id'], rule['id'], payload)
+        return
+      end
+
+      json_response = @network_routers_interface.update_firewall_rule(router['id'], rule['id'], payload)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response), "\n"
+        return
+      end
+      print_green_success "\nUpdated Network Router Firewall Rule #{payload['rule']['name']}\n"
+      _firewall_rule(router['id'], args[1], options)
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def remove_firewall_rule(args)
+    options = {}
+    query_params = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[router] [rule]")
+      build_common_options(opts, options, [:auto_confirm, :json, :dry_run, :quiet, :remote])
+      opts.footer = "Delete a network router firewall rule.\n" +
+          "[router] is required. This is the name or id of an existing network router."
+          "[rule] is required. This is the name or id of an existing network router firewall rule."
+    end
+    optparse.parse!(args)
+    if args.count != 2
+      raise_command_error "wrong number of arguments, expected 2 and got (#{args.count}) #{args}\n#{optparse}"
+    end
+    connect(options)
+
+    begin
+      router = find_router(args[0])
+      return if !router
+
+      rule = find_firewall_rule(router, args[1])
+
+      if !rule
+        print_red_alert "Firewall rule #{args[1]} not found for router #{router['name']}"
+        exit 1
+      end
+
+      unless options[:yes] || ::Morpheus::Cli::OptionTypes::confirm("Are you sure you would like to remove the firewall rule '#{rule['name']}' from router '#{router['name']}'?", options)
+        return 9, "aborted command"
+      end
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @network_routers_interface.dry.destroy_firewall_rule(router['id'], rule['id'])
+        return
+      end
+      json_response = @network_routers_interface.destroy_firewall_rule(router['id'], rule['id'])
+      if options[:json]
+        print JSON.pretty_generate(json_response)
+        print "\n"
+      elsif !options[:quiet]
+        print_green_success "\nFirewall rule #{rule['name']} for router #{router['name']} is being removed...\n"
+        _firewall_rules(find_router(router['id']), options)
+      end
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def dhcp(args)
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[router]")
+      build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
+      opts.footer = "Display network router DHCP details." + "\n" +
+          "[router] is required. This is the name or id of a network router."
+    end
+
+    optparse.parse!(args)
+    connect(options)
+
+    if args.count < 1
+      puts optparse
+      return 1
+    end
+
+    begin
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        if args[0].to_s =~ /\A\d{1,}\Z/
+          print_dry_run @network_routers_interface.dry.get(args[0].to_i)
+        else
+          print_dry_run @network_routers_interface.dry.list({name:args[0]})
+        end
+        return
+      end
+      router = find_router(args[0])
+      if router.nil?
+        return 1
+      end
+
+      json_response = {'networkRouter' => router}
+
+      if options[:json]
+        puts as_json(json_response, options, "networkRouter")
+        return 0
+      elsif options[:yaml]
+        puts as_yaml(json_response, options, "networkRouter")
+        return 0
+      elsif options[:csv]
+        puts records_as_csv([json_response['networkRouter']], options)
+        return 0
+      end
+
+      print_h1 "Network Router DHCP Details For: #{router['name']}"
+      print cyan
+
+      if router['type']['hasDhcp']
+        print_dhcp(router, true)
+      else
+        print_red_alert "DHCP not supported for #{router['type']['name']}"
+      end
+      println reset
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      return 1
+    end
+  end
+
+  def routes(args)
+    options = {}
+    optparse = Morpheus::Cli::OptionParser.new do |opts|
+      opts.banner = subcommand_usage("[router]")
+      build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
+      opts.footer = "List network router routes." + "\n" +
+          "[router] is required. This is the name or id of a network router."
+    end
+
+    optparse.parse!(args)
+    connect(options)
+
+    if args.count < 1
+      puts optparse
+      return 1
+    end
+    _routes(args[0], options)
+  end
+
+  def _routes(router_id, options)
+    begin
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        if args[0].to_s =~ /\A\d{1,}\Z/
+          print_dry_run @network_routers_interface.dry.get(router_id.to_i)
+        else
+          print_dry_run @network_routers_interface.dry.list({name:router_id})
+        end
+        return
+      end
+      router = find_router(router_id)
+      if router.nil?
+        return 1
+      end
+
+      json_response = {'networkRoutes' => router['routes']}
+
+      if options[:json]
+        puts as_json(json_response, options, "networkRoutes")
+        return 0
+      elsif options[:yaml]
+        puts as_yaml(json_response, options, "networkRoutes")
+        return 0
+      elsif options[:csv]
+        puts records_as_csv(json_response['networkRoutes'], options)
+        return 0
+      end
+
+      print_h1 "Network Router Routes For: #{router['name']}"
+      print cyan
+
+      if router['type']['hasRouting']
+        print_routes(router)
+      else
+        print_red_alert "Routes not supported for #{router['type']['name']}"
+      end
+      print reset
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      return 1
+    end
+  end
+
+  def add_route(args)
+    options = {:options=>{}}
+    params = {}
+    optparse = Morpheus::Cli::OptionParser.new do|opts|
+      opts.banner = subcommand_usage("[router] [name]")
+      opts.on('-n', '--name VALUE', String, "Name for this route") do |val|
+        params['name'] = val
+      end
+      opts.on('-D', '--description VALUE', String, "Description") do |val|
+        params['description'] = val
+      end
+      opts.on('--enabled [on|off]', String, "Can be used to enable / disable the route. Default is on") do |val|
+        options[:enabled] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
+      end
+      opts.on('--default [on|off]', String, "Can be used to enable / disable as default route. Default is off") do |val|
+        options[:defaultRoute] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
+      end
+      opts.on('--source VALUE', String, "Network for this route") do |val|
+        params['source'] = val
+      end
+      opts.on('--destination VALUE', String, "Next hop for this route") do |val|
+        params['destination'] = val
+      end
+      opts.on('--mtu VALUE', String, "MTU for this route") do |val|
+        params['networkMtu'] = val
+      end
+      opts.on('--priority VALUE', Integer, "Priority for this route") do |val|
+        params['priority'] = val
       end
       build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
-      opts.footer = "Create a network router firewall rule."
+      opts.footer = "Create a network router route."
     end
     optparse.parse!(args)
     connect(options)
@@ -558,55 +1467,61 @@ class Morpheus::Cli::NetworkRoutersCommand
         return 1
       end
 
-      if !router['type']['hasFirewall']
-        print_red_alert "Firewall not supported for #{router['type']['name']}"
+      if !router['type']['hasRouting']
+        print_red_alert "Routes not supported for #{router['type']['name']}"
         return 1
       end
 
       if options[:payload]
         payload = options[:payload]
+        payload = {'networkRoute' => payload['route']} if payload['route']
       else
-        params['name'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'name', 'type' => 'text', 'fieldLabel' => 'Rule Name', 'required' => true}], options[:options], @api_client, params)['name']
+        params['name'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'name', 'type' => 'text', 'fieldLabel' => 'Name', 'required' => true}], options[:options], @api_client, params)['name']
+        params['description'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'description', 'type' => 'text', 'fieldLabel' => 'Description', 'required' => false}], options[:options], @api_client, params)['description']
 
-        option_types = router['type']['ruleOptionTypes'].reject {|it| ['name'].include?(it['fieldName'])}.sort {|it| it['displayOrder']}
+        # prompt for enabled if not set
+        params['enabled'] = options[:enabled].nil? ? Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'enabled', 'fieldLabel' => 'Enabled', 'type' => 'checkbox', 'description' => 'Enabling Route.', 'defaultValue' => true, 'required' => false}], options, @api_client, {})['enabled'] == 'on' : options[:enabled]
 
-        # prompt options
-        api_params = {}
-        api_params['networkServerId'] = router['networkServer']['id'] if router['networkServer']
-        api_params['zoneId'] = router['zone']['id'] if router['networkServer'].nil?
-        option_result = Morpheus::Cli::OptionTypes.prompt(option_types, options[:options].deep_merge({:context_map => {'rule' => ''}}), @api_client, api_params, nil, true)
-        payload = {'rule' => params.deep_merge(option_result)}
+        # default route
+        params['defaultRoute'] = options[:defaultRoute].nil? ? Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'defaultRoute', 'fieldLabel' => 'Default Route', 'type' => 'checkbox', 'description' => 'Default Route.', 'defaultValue' => false, 'required' => false}], options, @api_client, {})['defaultRoute'] == 'on' : options[:defaultRoute]
+
+        params['source'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'source', 'type' => 'text', 'fieldLabel' => 'Network', 'required' => true}], options[:options], @api_client, params)['source']
+        params['destination'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'destination', 'type' => 'text', 'fieldLabel' => 'Next Hop', 'required' => true}], options[:options], @api_client, params)['destination']
+        params['networkMtu'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'networkMtu', 'type' => 'text', 'fieldLabel' => 'MTU', 'required' => false}], options[:options], @api_client, params)['networkMtu']
+        params['priority'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'priority', 'type' => 'number', 'fieldLabel' => 'Priority', 'required' => false}], options[:options], @api_client, params)['priority']
+
+        payload = {'networkRoute' => params}
       end
 
       @network_routers_interface.setopts(options)
       if options[:dry_run]
-        print_dry_run @network_routers_interface.dry.create_firewall_rule(router['id'], payload)
+        print_dry_run @network_routers_interface.dry.create_route(router['id'], payload)
         return
       end
 
-      json_response = @network_routers_interface.create_firewall_rule(router['id'], payload)
+      json_response = @network_routers_interface.create_route(router['id'], payload)
 
       if options[:json]
         print JSON.pretty_generate(json_response), "\n"
         return
       end
-      print_green_success "\nAdded Network Router Firewall Rule #{payload['rule']['name']}\n"
-      _firewall(router['id'], options.merge({:rules_only => true}))
+      print_green_success "\nAdded Network Router Route #{payload['networkRoute']['name']}"
+      _routes(router['id'], options)
     rescue RestClient::Exception => e
       print_rest_exception(e, options)
       exit 1
     end
   end
 
-  def remove_firewall_rule(args)
+  def remove_route(args)
     options = {}
     query_params = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
       opts.banner = subcommand_usage("[router] [rule]")
       build_common_options(opts, options, [:auto_confirm, :json, :dry_run, :quiet, :remote])
-      opts.footer = "Delete a network router firewall rule.\n" +
+      opts.footer = "Delete a network router route.\n" +
           "[router] is required. This is the name or id of an existing network router."
-          "[rule] is required. This is the name or id of an existing network router firewall rule."
+      "[route] is required. This is the name or id of an existing network router route."
     end
     optparse.parse!(args)
     if args.count != 2
@@ -618,28 +1533,28 @@ class Morpheus::Cli::NetworkRoutersCommand
       router = find_router(args[0])
       return if !router
 
-      rule = router['firewall'] && router['firewall']['rules'] ? router['firewall']['rules'].find {|it| it['name'] == args[1] || it['id'] == args[1].to_i} : nil
+      route = router['routes'] ? router['routes'].find {|it| it['name'] == args[1] || it['id'] == args[1].to_i} : nil
 
-      if !rule
-        print_red_alert "Firewall rule #{args[1]} not found for router #{router['name']}"
+      if !route
+        print_red_alert "Route #{args[1]} not found for router #{router['name']}"
         exit 1
       end
 
-      unless options[:yes] || ::Morpheus::Cli::OptionTypes::confirm("Are you sure you would like to remove the firewall rule '#{rule['name']}' from router '#{router['name']}'?", options)
+      unless options[:yes] || ::Morpheus::Cli::OptionTypes::confirm("Are you sure you would like to remove the route '#{route['name']}' from router '#{router['name']}'?", options)
         return 9, "aborted command"
       end
       @network_routers_interface.setopts(options)
       if options[:dry_run]
-        print_dry_run @network_routers_interface.dry.destroy_firewall_rule(router['id'], rule['id'])
+        print_dry_run @network_routers_interface.dry.destroy_route(router['id'], route['id'])
         return
       end
-      json_response = @network_routers_interface.destroy_firewall_rule(router['id'], rule['id'])
+      json_response = @network_routers_interface.destroy_route(router['id'], route['id'])
       if options[:json]
         print JSON.pretty_generate(json_response)
         print "\n"
       elsif !options[:quiet]
-        print_green_success "\nFirewall rule #{rule['name']} for router #{router['name']} is being removed...\n"
-        _firewall(router['id'], options.merge({:rules_only => true}))
+        print_green_success "\nRoute #{route['name']} for router #{router['name']} is being removed..."
+        _routes(router['id'], options)
       end
     rescue RestClient::Exception => e
       print_rest_exception(e, options)
@@ -647,13 +1562,13 @@ class Morpheus::Cli::NetworkRoutersCommand
     end
   end
 
-  def dhcp(args)
+  def nats(args)
     options = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
       opts.banner = subcommand_usage("[router]")
       build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
-      opts.footer = "Display network router DHCP details." + "\n" +
-          "[router] is required. This is the name or id of a network router."
+      opts.footer = "List network router NATs." + "\n" +
+        "[router] is required. This is the name or id of a network router."
     end
 
     optparse.parse!(args)
@@ -663,144 +1578,141 @@ class Morpheus::Cli::NetworkRoutersCommand
       puts optparse
       return 1
     end
+    _nats(args[0], options)
+  end
 
+  def _nats(router_id, options)
     begin
       @network_routers_interface.setopts(options)
       if options[:dry_run]
         if args[0].to_s =~ /\A\d{1,}\Z/
-          print_dry_run @network_routers_interface.dry.get(args[0].to_i)
+          print_dry_run @network_routers_interface.dry.get(router_id.to_i)
         else
-          print_dry_run @network_routers_interface.dry.list({name:args[0]})
+          print_dry_run @network_routers_interface.dry.list({name:router_id})
         end
         return
       end
-      router = find_router(args[0])
+      router = find_router(router_id)
       if router.nil?
         return 1
       end
 
-      json_response = {'networkRouter' => router}
+      json_response = {'networkRouterNATs' => router['nats']}
 
       if options[:json]
-        puts as_json(json_response, options, "networkRouter")
+        puts as_json(json_response, options, "networkRouterNATs")
         return 0
       elsif options[:yaml]
-        puts as_yaml(json_response, options, "networkRouter")
+        puts as_yaml(json_response, options, "networkRouterNATs")
         return 0
       elsif options[:csv]
-        puts records_as_csv([json_response['networkRouter']], options)
+        puts records_as_csv(json_response['networkRouterNATs'], options)
         return 0
       end
 
-      print_h1 "Network Router DHCP Details for: #{router['name']}"
+      print_h1 "Network Router NATs For: #{router['name']}"
       print cyan
 
-      if router['type']['hasDhcp']
-        print_dhcp(router, true)
+      if router['type']['hasNat']
+        print_nats(router)
       else
-        print_red_alert "DHCP not supported for #{router['type']['name']}"
+        print_red_alert "NATs not supported for #{router['type']['name']}"
       end
-      println reset
+      print reset
     rescue RestClient::Exception => e
       print_rest_exception(e, options)
       return 1
     end
   end
 
-  def routes(args)
+  def nat(args)
     options = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
-      opts.banner = subcommand_usage("[router]")
+      opts.banner = subcommand_usage("[router] [rule]")
       build_common_options(opts, options, [:json, :yaml, :csv, :fields, :dry_run, :remote])
-      opts.footer = "List network router routes." + "\n" +
-          "[router] is required. This is the name or id of a network router."
+      opts.footer = "Display network router firewall rule details." + "\n" +
+        "[router] is required. This is the name or id of a network router.\n" +
+        "[rule] is required. This is the name or id of a firewall rule.\n"
     end
 
     optparse.parse!(args)
     connect(options)
 
-    if args.count < 1
+    if args.count < 2
       puts optparse
       return 1
     end
-    _routes(args[0], options)
-  end
 
-  def _routes(router_id, options)
     begin
       @network_routers_interface.setopts(options)
       if options[:dry_run]
         if args[0].to_s =~ /\A\d{1,}\Z/
-          print_dry_run @network_routers_interface.dry.get(router_id.to_i)
+          print_dry_run @network_routers_interface.dry.get(args[0].to_i)
         else
-          print_dry_run @network_routers_interface.dry.list({name:router_id})
+          print_dry_run @network_routers_interface.dry.list({name:args[0]})
         end
         return
       end
-      router = find_router(router_id)
+      router = find_router(args[0])
       if router.nil?
         return 1
       end
 
-      json_response = {'networkRouter' => router}
+      if router['type']['hasNat']
+        nat = (router['nats'] || []).find {|it| it['id'] == args[1].to_i || it['name'] == args[1]}
 
-      if options[:json]
-        puts as_json(json_response, options, "networkRouter")
-        return 0
-      elsif options[:yaml]
-        puts as_yaml(json_response, options, "networkRouter")
-        return 0
-      elsif options[:csv]
-        puts records_as_csv([json_response['networkRouter']], options)
-        return 0
-      end
+        if nat
+          json_response = {'networkRouterNAT' => nat}
 
-      print_h1 "Network Router Routes for: #{router['name']}"
-      print cyan
+          if options[:json]
+            puts as_json(json_response, options, "networkRouterNAT")
+            return 0
+          elsif options[:yaml]
+            puts as_yaml(json_response, options, "networkRouterNAT")
+            return 0
+          elsif options[:csv]
+            puts records_as_csv([json_response['networkRouterNAT']], options)
+            return 0
+          end
 
-      if router['type']['hasRouting']
-        print_routes(router)
+          print_h1 "Network Router NAT Details"
+          print cyan
+
+          description_cols = {
+            "ID" => lambda {|it| it['id'] },
+            "Name" => lambda {|it| it['name'] },
+            "Description" => lambda {|it| it['description'] },
+            "Enabled" => lambda {|it| format_boolean(it['enabled'])},
+            "Source Network" => lambda {|it| it['sourceNetwork']},
+            "Destination Network" => lambda {|it| it['destinationNetwork']},
+            "Translated Network" => lambda {|it| it['translatedNetwork']},
+            "Translated Port" => lambda {|it| it['translatedPorts']},
+            "Priority" => lambda {|it| it['priority'] }
+          }
+          print_description_list(description_cols, nat)
+        else
+          print_red_alert "NAT #{args[1]} not found for router #{router['name']}"
+        end
       else
-        print_red_alert "Routes not supported for #{router['type']['name']}"
+        print_red_alert "NATs not supported for #{router['type']['name']}"
       end
-      print reset
+      println reset
     rescue RestClient::Exception => e
       print_rest_exception(e, options)
       return 1
     end
   end
 
-  def add_route(args)
+  def add_nat(args)
     options = {:options=>{}}
     params = {}
     optparse = Morpheus::Cli::OptionParser.new do|opts|
       opts.banner = subcommand_usage("[router] [name]")
-      opts.on('-n', '--name VALUE', String, "Name for this route") do |val|
+      opts.on('-n', '--name VALUE', String, "Name for this NAT") do |val|
         params['name'] = val
       end
-      opts.on('-D', '--description VALUE', String, "Description") do |val|
-        params['description'] = val
-      end
-      opts.on('--enabled [on|off]', String, "Can be used to enable / disable the route. Default is on") do |val|
-        options[:enabled] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
-      end
-      opts.on('--default [on|off]', String, "Can be used to enable / disable as default route. Default is off") do |val|
-        options[:defaultRoute] = val.to_s == 'on' || val.to_s == 'true' || val.to_s == '1' || val.to_s == ''
-      end
-      opts.on('--source VALUE', String, "Network for this route") do |val|
-        params['source'] = val
-      end
-      opts.on('--destination VALUE', String, "Next hop for this route") do |val|
-        params['destination'] = val
-        end
-      opts.on('--mtu VALUE', String, "MTU for this route") do |val|
-        params['networkMtu'] = val
-      end
-      opts.on('--priority VALUE', Integer, "Priority for this route") do |val|
-        params['priority'] = val
-      end
       build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
-      opts.footer = "Create a network router route."
+      opts.footer = "Create a network router NAT."
     end
     optparse.parse!(args)
     connect(options)
@@ -819,8 +1731,8 @@ class Morpheus::Cli::NetworkRoutersCommand
         return 1
       end
 
-      if !router['type']['hasRouting']
-        print_red_alert "Routes not supported for #{router['type']['name']}"
+      if !router['type']['hasNat']
+        print_red_alert "NATs not supported for #{router['type']['name']}"
         return 1
       end
 
@@ -828,51 +1740,108 @@ class Morpheus::Cli::NetworkRoutersCommand
         payload = options[:payload]
       else
         params['name'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'name', 'type' => 'text', 'fieldLabel' => 'Name', 'required' => true}], options[:options], @api_client, params)['name']
-        params['description'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'description', 'type' => 'text', 'fieldLabel' => 'Description', 'required' => false}], options[:options], @api_client, params)['description']
 
-        # prompt for enabled if not set
-        params['enabled'] = options[:enabled].nil? ? Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'enabled', 'fieldLabel' => 'Enabled', 'type' => 'checkbox', 'description' => 'Enabling Route.', 'defaultValue' => true, 'required' => false}], options, @api_client, {})['enabled'] == 'on' : options[:enabled]
+        option_types = router['type']['natOptionTypes'].reject {|it| ['name'].include?(it['fieldName'])}.sort {|it| it['displayOrder']}
 
-        # default route
-        params['defaultRoute'] = options[:defaultRoute].nil? ? Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'defaultRoute', 'fieldLabel' => 'Default Route', 'type' => 'checkbox', 'description' => 'Default Route.', 'defaultValue' => false, 'required' => false}], options, @api_client, {})['defaultRoute'] == 'on' : options[:defaultRoute]
+        # prompt options
+        option_result = Morpheus::Cli::OptionTypes.prompt(option_types, options[:options].deep_merge({:context_map => {'nat' => ''}}), @api_client, {'networkServer' => {'id' => router['networkServer']['id']}}, nil, true)
+        payload = {'networkRouterNAT' => params.deep_merge(option_result)}
+      end
 
-        params['source'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'source', 'type' => 'text', 'fieldLabel' => 'Network', 'required' => true}], options[:options], @api_client, params)['source']
-        params['destination'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'destination', 'type' => 'text', 'fieldLabel' => 'Next Hop', 'required' => true}], options[:options], @api_client, params)['destination']
-        params['networkMtu'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'networkMtu', 'type' => 'text', 'fieldLabel' => 'MTU', 'required' => false}], options[:options], @api_client, params)['networkMtu']
-        params['priority'] ||= Morpheus::Cli::OptionTypes.prompt([{'fieldName' => 'priority', 'type' => 'number', 'fieldLabel' => 'Priority', 'required' => false}], options[:options], @api_client, params)['priority']
+      @network_routers_interface.setopts(options)
+      if options[:dry_run]
+        print_dry_run @network_routers_interface.dry.create_nat(router['id'], payload)
+        return
+      end
+
+      json_response = @network_routers_interface.create_nat(router['id'], payload)
+
+      if options[:json]
+        print JSON.pretty_generate(json_response), "\n"
+        return
+      end
+      print_green_success "\nAdded Network Router NAT #{payload['networkRouterNAT']['name']}\n"
+      _nats(router['id'], options)
+    rescue RestClient::Exception => e
+      print_rest_exception(e, options)
+      exit 1
+    end
+  end
+
+  def update_nat(args)
+    options = {:options=>{}}
+    params = {}
+    optparse = Morpheus::Cli::OptionParser.new do|opts|
+      opts.banner = subcommand_usage("[router] [NAT]")
+      opts.on('-n', '--name VALUE', String, "Name for this NAT") do |val|
+        params['name'] = val
+      end
+      build_common_options(opts, options, [:options, :payload, :json, :dry_run, :remote])
+      opts.footer = "Update a network router NAT.\n" +
+        "[router] is required. This is the name or id of an existing network router.\n" +
+        "[NAT] is required. This is the name or id of an existing network router NAT."
+    end
+    optparse.parse!(args)
+    if args.count != 2
+      raise_command_error "wrong number of arguments, expected 2 and got (#{args.count}) #{args}\n#{optparse}"
+    end
+    connect(options)
+    begin
+      router = find_router(args[0])
+
+      if router.nil?
+        return 1
+      end
+
+      if !router['type']['hasNat']
+        print_red_alert "NATs not supported for #{router['type']['name']}"
+        return 1
+      end
+
+      nat = router['firewall'] && router['nats'] ? router['nats'].find {|it| it['name'] == args[1] || it['id'] == args[1].to_i} : nil
+
+      if !nat
+        print_red_alert "NAT #{args[1]} not found for router #{router['name']}"
+        exit 1
+      end
+
+      payload = parse_payload(options) || {'networkRouterNAT' => params}
+      payload['networkRouterNAT'].deep_merge!(options[:options].reject {|k,v| k.is_a?(Symbol) }) if options[:options] && !payload['networkRouterNAT'].nil?
 
-        payload = {'route' => params}
+      if payload['networkRouterNAT'].empty?
+        print_green_success "Nothing to update"
+        exit 1
       end
 
       @network_routers_interface.setopts(options)
       if options[:dry_run]
-        print_dry_run @network_routers_interface.dry.create_route(router['id'], payload)
+        print_dry_run @network_routers_interface.dry.update_nat(router['id'], nat['id'], payload)
         return
       end
 
-      json_response = @network_routers_interface.create_route(router['id'], payload)
+      json_response = @network_routers_interface.update_nat(router['id'], nat['id'], payload)
 
       if options[:json]
         print JSON.pretty_generate(json_response), "\n"
         return
       end
-      print_green_success "\nAdded Network Router Route #{payload['route']['name']}"
-      _routes(router['id'], options)
+      print_green_success "\nUpdated Network Router NAT #{nat['name']}\n"
+      _nats(router['id'], options)
     rescue RestClient::Exception => e
       print_rest_exception(e, options)
       exit 1
     end
   end
 
-  def remove_route(args)
+  def remove_nat(args)
     options = {}
     query_params = {}
     optparse = Morpheus::Cli::OptionParser.new do |opts|
-      opts.banner = subcommand_usage("[router] [rule]")
+      opts.banner = subcommand_usage("[router] [NAT]")
       build_common_options(opts, options, [:auto_confirm, :json, :dry_run, :quiet, :remote])
-      opts.footer = "Delete a network router route.\n" +
-          "[router] is required. This is the name or id of an existing network router."
-      "[route] is required. This is the name or id of an existing network router route."
+      opts.footer = "Delete a network router NAT.\n" +
+        "[router] is required. This is the name or id of an existing network router."
+        "[NAT] is required. This is the name or id of an existing network router NAT."
     end
     optparse.parse!(args)
     if args.count != 2
@@ -884,28 +1853,33 @@ class Morpheus::Cli::NetworkRoutersCommand
       router = find_router(args[0])
       return if !router
 
-      route = router['routes'] ? router['routes'].find {|it| it['name'] == args[1] || it['id'] == args[1].to_i} : nil
+      if !router['type']['hasNat']
+        print_red_alert "NATs not supported for #{router['type']['name']}"
+        return 1
+      end
 
-      if !route
-        print_red_alert "Route #{args[1]} not found for router #{router['name']}"
+      nat = router['nats'] ? router['nats'].find {|it| it['name'] == args[1] || it['id'] == args[1].to_i} : nil
+
+      if !nat
+        print_red_alert "NAT #{args[1]} not found for router #{router['name']}"
         exit 1
       end
 
-      unless options[:yes] || ::Morpheus::Cli::OptionTypes::confirm("Are you sure you would like to remove the route '#{route['name']}' from router '#{router['name']}'?", options)
+      unless options[:yes] || ::Morpheus::Cli::OptionTypes::confirm("Are you sure you would like to remove the NAT '#{nat['name']}' from router '#{router['name']}'?", options)
         return 9, "aborted command"
       end
       @network_routers_interface.setopts(options)
       if options[:dry_run]
-        print_dry_run @network_routers_interface.dry.destroy_route(router['id'], route['id'])
+        print_dry_run @network_routers_interface.dry.destroy_nat(router['id'], nat['id'])
         return
       end
-      json_response = @network_routers_interface.destroy_route(router['id'], route['id'])
+      json_response = @network_routers_interface.destroy_nat(router['id'], nat['id'])
       if options[:json]
         print JSON.pretty_generate(json_response)
         print "\n"
       elsif !options[:quiet]
-        print_green_success "\nRoute #{route['name']} for router #{router['name']} is being removed..."
-        _routes(router['id'], options)
+        print_green_success "\nNAT #{nat['name']} for router #{router['name']} is being removed...\n"
+        _nats(router['id'], options)
       end
     rescue RestClient::Exception => e
       print_rest_exception(e, options)
@@ -998,7 +1972,7 @@ class Morpheus::Cli::NetworkRoutersCommand
         return
       end
 
-      print_h1 "Network Router Type Details for: #{router_type['name']}"
+      print_h1 "Network Router Type Details For: #{router_type['name']}"
       print cyan
 
       description_cols = {
@@ -1015,12 +1989,14 @@ class Morpheus::Cli::NetworkRoutersCommand
       }
       print_description_list(description_cols, router_type)
 
-      if router_type['optionTypes'].count > 0
-        println cyan
-        print Morpheus::Cli::OptionTypes.display_option_types_help(
-            router_type['optionTypes'].reject {|it| ['enabled'].include?(it['fieldName'])},
-            {:include_context => true, :context_map => {'networkRouter' => ''}, :color => cyan, :title => "Available Router Options"}
-        )
+      {'optionTypes' => 'Router', 'ruleOptionTypes' => 'Firewall Rule', 'ruleGroupOptionTypes' => 'Firewall Rule Group', 'natOptionTypes' => 'NAT'}.each_pair do |field, title|
+        if !router_type[field].nil? && router_type[field].count > 0
+          println cyan
+          print Morpheus::Cli::OptionTypes.display_option_types_help(
+            router_type[field].reject {|it| ['enabled'].include?(it['fieldName'])},
+            {:include_context => true, :context_map => {'networkRouter' => ''}, :color => cyan, :title => "Available #{title} Options"}
+          )
+        end
       end
       print reset
       return 0
@@ -1092,10 +2068,10 @@ class Morpheus::Cli::NetworkRoutersCommand
 
   private
 
-  def print_firewall(router, details=false, rules_only=false)
+  def print_firewall(router, options = {}) #details=false, rules_only=false, rule_groups_only=false)
     if router['type']['hasFirewall']
       if router['firewall']
-        if details
+        if options[:details]
           description_cols = {
               "Network Router" => lambda {|it| it['name'] },
               "Enabled" => lambda {|it| format_boolean(it['firewall']['enabled'])},
@@ -1106,28 +2082,10 @@ class Morpheus::Cli::NetworkRoutersCommand
             description_cols[k.gsub(/[A-Z]/, ' \0').downcase] = lambda {|it| it['firewall']['global'][k]}
           end
 
-          if !rules_only
-            print_description_list(description_cols, router)
-            print_h2 "Firewall Rules"
-          end
+          print_description_list(description_cols, router)
 
-          if (router['firewall']['rules'] || []).count > 0
-            rows = router['firewall']['rules'].collect do |it|
-              {
-                  id: it['id'],
-                  name: it['name'],
-                  type: it['ruleType'],
-                  policy: it['policy'],
-                  direction: it['direction'] || 'any',
-                  source: it['source'] || 'any',
-                  destination: it['destination'] || 'any',
-                  application: it['applications'].count > 0 ? it['applications'][0]['name'] : "#{(it['protocol'] || 'any')} #{it['portRange'] || ''}"
-              }
-            end
-            puts as_pretty_table(rows, [:id, :name, :type, :policy, :direction, :source, :destination, :application])
-          else
-            println "No firewall rules"
-          end
+          _firewall_rule_groups(router, options) if router['type']['hasFirewallGroups']
+          _firewall_rules(router, options) if router['type']['hasFirewall']
         else
           print "Enabled: #{format_boolean(router['firewall']['enabled'])}".center(20)
           print "Version: #{router['firewall']['version']}".center(20)
@@ -1209,6 +2167,26 @@ class Morpheus::Cli::NetworkRoutersCommand
     end
   end
 
+  def print_nats(router)
+    if router['type']['hasNat']
+      if router['nats'].count > 0
+        rows = router['nats'].collect do |it|
+          {
+            id: it['id'],
+            name: it['name'],
+            description: it['description'],
+            source_network: it['sourceNetwork'],
+            destination_network: it['destinationNetwork'],
+            translated_network: it['translatedNetwork']
+          }
+        end
+        puts as_pretty_table(rows, [:id, :name, :description, :source_network, :destination_network, :translated_network])
+      else
+        println "No NATs\n"
+      end
+    end
+  end
+
   def format_router_status(router, return_color = cyan)
     status = router['status']
     color = white
@@ -1227,7 +2205,9 @@ class Morpheus::Cli::NetworkRoutersCommand
     if val.to_s =~ /\A\d{1,}\Z/
       return find_router_by_id(val)
     else
-      return find_router_by_name(val)
+      if router = find_router_by_name(val)
+        return find_router_by_id(router['id'])
+      end
     end
   end
 
@@ -1291,4 +2271,22 @@ class Morpheus::Cli::NetworkRoutersCommand
     services = @network_services_interface.list()['networkServices']
     (val.to_s =~ /\A\d{1,}\Z/) ? services.find {|it| it['id'].to_i == val.to_i} : services.find {|it| it['name'] == val}
   end
+
+  def find_firewall_rule(router, rule_id)
+    rule = nil
+    if router['type']['hasFirewallGroups']
+      if router['firewall'] && router['firewall']['ruleGroups']
+        router['firewall']['ruleGroups'].each do |group|
+          if !rule && group['rules']
+            if rule = group['rules'].find { |it| it['name'] == rule_id || it['id'] == rule_id.to_i }
+              rule['groupId'] = group['id']
+            end
+          end
+        end
+      end
+    else
+      rule = router['firewall'] && router['firewall']['rules'] ? router['firewall']['rules'].find {|it| it['name'] == args[1] || it['id'] == args[1].to_i} : nil
+    end
+    rule
+  end
 end