gcloud compute routers nats update

NAME

gcloud compute routers nats update - update a NAT on a Compute Engine router

SYNOPSIS

gcloud compute routers nats update NAME --router=ROUTER [--async] [--auto-network-tier=AUTO_NETWORK_TIER] [--[no-]enable-dynamic-port-allocation] [--enable-endpoint-independent-mapping] [--enable-logging] [--log-filter=LOG_FILTER] [--region=REGION] [--rules=RULES] [--auto-allocate-nat-external-ips | --nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,…]] [--clear-icmp-idle-timeout | --icmp-idle-timeout=ICMP_IDLE_TIMEOUT] [--clear-max-ports-per-vm | --max-ports-per-vm=MAX_PORTS_PER_VM] [--clear-min-ports-per-vm | --min-ports-per-vm=MIN_PORTS_PER_VM] [--clear-nat-external-drain-ip-pool | --nat-external-drain-ip-pool=NAT_EXTERNAL_DRAIN_IP_POOL,[…]] [--clear-nat-subnet-ip-ranges | --nat-all-subnet-ip-ranges | --nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[…] | --nat-primary-subnet-ip-ranges] [--clear-nat64-subnet-ip-ranges | --nat64-all-v6-subnet-ip-ranges | --nat64-custom-v6-subnet-ip-ranges=SUBNETWORK,[SUBNETWORK,…]] [--clear-tcp-established-idle-timeout | --tcp-established-idle-timeout=TCP_ESTABLISHED_IDLE_TIMEOUT] [--clear-tcp-time-wait-timeout | --tcp-time-wait-timeout=TCP_TIME_WAIT_TIMEOUT] [--clear-tcp-transitory-idle-timeout | --tcp-transitory-idle-timeout=TCP_TRANSITORY_IDLE_TIMEOUT] [--clear-udp-idle-timeout | --udp-idle-timeout=UDP_IDLE_TIMEOUT] [GCLOUD_WIDE_FLAG …]

DESCRIPTION

gcloud compute routers nats update is used to update a NAT in a Compute Engine router.

EXAMPLES

Change subnetworks and IP address resources associated with NAT:

gcloud compute routers nats update nat1 --router=my-router --nat-external-ip-pool=ip-address2,ip-address3 --nat-custom-subnet-ip-ranges=subnet-2,subnet-3:secondary-range-2

Change minimum default ports allocated per VM associated with NAT:

gcloud compute routers nats update nat1 --router=my-router --min-ports-per-vm=128

Change connection timeouts associated with NAT:

gcloud compute routers nats update nat1 --router=my-router --udp-idle-timeout=60s --icmp-idle-timeout=60s --tcp-established-idle-timeout=60s --tcp-transitory-idle-timeout=60s

Reset connection timeouts associated NAT to default values:

gcloud compute routers nats update nat1 --router=my-router --clear-udp-idle-timeout --clear-icmp-idle-timeout --clear-tcp-established-idle-timeout --clear-tcp-transitory-idle-timeout

POSITIONAL ARGUMENTS

NAME: Name of the NAT to create

REQUIRED FLAGS

--router=ROUTER: Router to use for NAT.

OPTIONAL FLAGS

--async

Return immediately, without waiting for the operation in progress to complete.

--auto-network-tier=AUTO_NETWORK_TIER

Network tier to use when automatically reserving NAT IP addresses. AUTO_NETWORK_TIER must be one of:

PREMIUM: High quality, Google-grade network tier with support for all networking products.
STANDARD: Public internet quality, with only limited support for other networking products.

--[no-]enable-dynamic-port-allocation

Enable dynamic port allocation.

If not specified, Dynamic Port Allocation is disabled by default.

Use --enable-dynamic-port-allocation to enable and --no-enable-dynamic-port-allocation to disable.

--enable-endpoint-independent-mapping

Enable endpoint-independent mapping for the NAT (as defined in RFC 5128).

If not specified, NATs have endpoint-independent mapping disabled by default.

Use --no-enable-endpoint-independent-mapping to disable endpoint-independent mapping.

--enable-logging

Enable logging for the NAT. Logs will be exported to Stackdriver. NAT logging is disabled by default. To disable logging for the NAT, use $ gcloud compute routers nats update MY-NAT --no-enable-logging \ --router ROUTER --region REGION

--log-filter=LOG_FILTER

Filter for logs exported to stackdriver.

The default is ALL.

If logging is not enabled, filter settings will be persisted but will have no effect.

Use --[no-]enable-logging to enable and disable logging.

LOG_FILTER must be one of:

ALL: Export logs for all connections handled by this NAT.
ERRORS_ONLY: Export logs for connection failures only.
TRANSLATIONS_ONLY: Export logs for successful connections only.

--region=REGION

Region of the NAT to create. If not specified, you might be prompted to select a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set the compute/region property:

gcloud config set compute/region REGION

A list of regions can be fetched by running:

gcloud compute regions list

To unset the property, run:

gcloud config unset compute/region

Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION.

--rules=RULES

Path to YAML file containing NAT Rules applied to the NAT. The YAML file format must follow the REST API schema for NAT Rules. See API Discovery docs for reference.

At most one of these can be specified:

--auto-allocate-nat-external-ips: Automatically allocate external IP addresses for Cloud NAT
--nat-external-ip-pool=IP_ADDRESS,[IP_ADDRESS,…]: External IP Addresses to use for Cloud NAT

At most one of these can be specified:

--clear-icmp-idle-timeout: Clear timeout for ICMP connections
--icmp-idle-timeout=ICMP_IDLE_TIMEOUT: Timeout for ICMP connections. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.

At most one of these can be specified:

--clear-max-ports-per-vm

Clear maximum ports to be allocated to a VM

--max-ports-per-vm=MAX_PORTS_PER_VM

Maximum ports to be allocated to a VM. This field can only be set when Dynamic Port Allocation is enabled and defaults to 65536. It must be set to a power of 2 that is greater than minPortsPerVm and at most 65536. At most one of these can be specified:

--clear-min-ports-per-vm

Clear minimum ports to be allocated to a VM

--min-ports-per-vm=MIN_PORTS_PER_VM

Minimum ports to be allocated to a VM.

If Dynamic Port Allocation is disabled, this defaults to 64.

If Dynamic Port Allocation is enabled, this defaults to 32 and must be set to a power of 2 that is at least 32 and lower than maxPortsPerVm. At most one of these can be specified:

--clear-nat-external-drain-ip-pool

Clear the drained NAT IPs

--nat-external-drain-ip-pool=NAT_EXTERNAL_DRAIN_IP_POOL,[…]

External IP Addresses to be drained These IPs must be valid external IPs that have been used as NAT IPs Options for IPv4 subnetwork ranges. At most one of these can be specified:

--clear-nat-subnet-ip-ranges

Clear IPv4 subnetwork ranges.

--nat-all-subnet-ip-ranges

Allow all IP ranges of all subnetworks in the region, including primary and secondary ranges, to use NAT.

--nat-custom-subnet-ip-ranges=SUBNETWORK[:RANGE_NAME|:ALL],[…]

List of subnetwork primary and secondary IP ranges to be allowed to use NAT.

SUBNETWORK:ALL - specifying a subnetwork name with ALL includes the primary range and all secondary ranges of the subnet.
SUBNETWORK - including a subnetwork name includes only the primary subnet range of the subnetwork.
SUBNETWORK:RANGE_NAME - specifying a subnetwork and secondary range name includes only that secondary range. It does not include the primary range of the subnet.

--nat-primary-subnet-ip-ranges

Allow only primary IP ranges of all subnetworks in the region to use NAT.

Options for IPv6 subnetwork ranges. At most one of these can be specified:

--clear-nat64-subnet-ip-ranges: Clear IPv6 subnetwork ranges.
--nat64-all-v6-subnet-ip-ranges: Allow all IPv6 subnetwork ranges in the region to use NAT.
--nat64-custom-v6-subnet-ip-ranges=SUBNETWORK,[SUBNETWORK,…]: List of subnetworks with IPv6 ranges to be allowed to use NAT.

At most one of these can be specified:

--clear-tcp-established-idle-timeout: Clear timeout for TCP established connections
--tcp-established-idle-timeout=TCP_ESTABLISHED_IDLE_TIMEOUT: Timeout for TCP established connections. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.

At most one of these can be specified:

--clear-tcp-time-wait-timeout: Clear timeout for TCP connections in the TIME_WAIT state
--tcp-time-wait-timeout=TCP_TIME_WAIT_TIMEOUT: Timeout for TCP connections in the TIME_WAIT state. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.

At most one of these can be specified:

--clear-tcp-transitory-idle-timeout: Clear timeout for TCP transitory connections
--tcp-transitory-idle-timeout=TCP_TRANSITORY_IDLE_TIMEOUT: Timeout for TCP transitory connections. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.

At most one of these can be specified:

--clear-udp-idle-timeout: Clear timeout for UDP connections
--udp-idle-timeout=UDP_IDLE_TIMEOUT: Timeout for UDP connections. See https://cloud.google.com/sdk/gcloud/reference/topic/datetimes for information on duration formats.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.

API REFERENCE

This command, when specified without alpha or beta, uses the compute/v1/routers API. The full documentation for this API can be found at: https://cloud.google.com/compute/docs/reference/rest/v1/routers/

The beta command uses the compute/beta/routers API. The full documentation for this API can be found at: https://cloud.google.com/compute/docs/reference/rest/beta/routers/

The alpha command uses the compute/alpha/routers API. Full documentation is not available for the alpha API.

NOTES

These variants are also available:

gcloud alpha compute routers nats update

gcloud beta compute routers nats update

gcloud preview compute routers nats update

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-05-27 UTC.

gcloud compute routers nats update Stay organized with collections Save and categorize content based on your preferences.

gcloud compute routers nats update