NAME
    gcloud alpha compute firewall-policies mirroring-rules create - creates a
        Compute Engine firewall policy packet mirroring rule

SYNOPSIS
    gcloud alpha compute firewall-policies mirroring-rules create PRIORITY
        --action=ACTION --firewall-policy=FIREWALL_POLICY
        --layer4-configs=[LAYER4_CONFIG,...] [--description=DESCRIPTION]
        [--dest-ip-ranges=[DEST_IP_RANGE,...]] [--direction=DIRECTION]
        [--[no-]disabled] [--organization=ORGANIZATION]
        [--security-profile-group=SECURITY_PROFILE_GROUP]
        [--src-ip-ranges=[SRC_IP_RANGE,...]]
        [--target-resources=[TARGET_RESOURCES,...]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    (ALPHA) gcloud alpha compute firewall-policies mirroring-rules create is
    used to create organization firewall policy packet mirroring rules.

EXAMPLES
    To create a packet mirroring rule with priority ``10" in an organization
    firewall policy with ID ``123456789", run:

        $ gcloud alpha compute firewall-policies mirroring-rules create 10 \
            --firewall-policy=123456789 --action=mirror \
            --security-profile-group=organizations/123/locations/global/\
        securityProfileGroups/custom-security-profile-group \
            --description=example-rule

POSITIONAL ARGUMENTS
     PRIORITY
        Priority of the firewall policy rule to create.

REQUIRED FLAGS
     --action=ACTION
        Action to take if the request matches the match condition. ACTION must
        be one of: mirror, do_not_mirror, goto_next.

     --firewall-policy=FIREWALL_POLICY
        Short name of the firewall policy into which the rule should be
        inserted.

     --layer4-configs=[LAYER4_CONFIG,...]
        A list of destination protocols and ports to which the firewall rule
        will apply.

OPTIONAL FLAGS
     --description=DESCRIPTION
        An optional, textual description for the rule.

     --dest-ip-ranges=[DEST_IP_RANGE,...]
        Destination IP ranges to match for this rule.

     --direction=DIRECTION
        Direction of the traffic the rule is applied. The default is to apply
        on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS.

     --[no-]disabled
        Use this flag to disable the rule. Disabled rules will not affect
        traffic. Use --disabled to enable and --no-disabled to disable.

     --organization=ORGANIZATION
        Organization which the organization firewall policy belongs to. Must be
        set if FIREWALL_POLICY is short name.

     --security-profile-group=SECURITY_PROFILE_GROUP
        An org-based security profile group to be used with mirror action.
        Allowed formats are: a)
        http(s)://<namespace>/<api>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
        b)
        (//)<namespace>/organizations/<org_id>/locations/global/securityProfileGroups/<profile>
        c) <profile>. In case "c" gcloud CLI will create a reference matching
        format "a", but to make it work
        CLOUDSDK_API_ENDPOINT_OVERRIDES_NETWORKSECURITY property must be set.
        In order to set this property, please run the command gcloud config set
        api_endpoint_overrides/networksecurity https://<namespace>/.

     --src-ip-ranges=[SRC_IP_RANGE,...]
        Source IP ranges to match for this rule.

     --target-resources=[TARGET_RESOURCES,...]
        List of URLs of target resources to which the rule is applied.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    This command is currently in alpha and might change without notice. If this
    command fails with API permission errors despite specifying the correct
    project, you might be trying to access an API with an invitation-only early
    access allowlist. This variant is also available:

        $ gcloud beta compute firewall-policies mirroring-rules create

