mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-08 18:45:13 +00:00
166 lines
6.8 KiB
Text
166 lines
6.8 KiB
Text
NAME
|
|
gcloud alpha network-security firewall-endpoints create - create a Firewall
|
|
Plus endpoint
|
|
|
|
SYNOPSIS
|
|
gcloud alpha network-security firewall-endpoints create
|
|
(FIREWALL_ENDPOINT : --organization=ORGANIZATION --zone=ZONE) [--async]
|
|
[--billing-project=BILLING_PROJECT] [--block-partial-http]
|
|
[--content-cloud-region=CONTENT_CLOUD_REGION]
|
|
[--description=DESCRIPTION] [--enable-jumbo-frames] [--enable-wildfire]
|
|
[--enable-wildfire-analysis-logging] [--labels=[KEY=VALUE,...]]
|
|
[--max-wait=MAX_WAIT; default="60m"]
|
|
[--target-firewall-attachment=TARGET_FIREWALL_ATTACHMENT]
|
|
[--wildfire-analysis-action=WILDFIRE_ANALYSIS_ACTION]
|
|
[--wildfire-analysis-timeout=WILDFIRE_ANALYSIS_TIMEOUT]
|
|
[--wildfire-lookup-action=WILDFIRE_LOOKUP_ACTION]
|
|
[--wildfire-lookup-timeout=WILDFIRE_LOOKUP_TIMEOUT]
|
|
[--wildfire-region=WILDFIRE_REGION] [GCLOUD_WIDE_FLAG ...]
|
|
|
|
DESCRIPTION
|
|
(ALPHA) Create a firewall endpoint. Successful creation of an endpoint
|
|
results in an endpoint in READY state. Check the progress of endpoint
|
|
creation by using gcloud network-security firewall-endpoints list.
|
|
|
|
For more examples, refer to the EXAMPLES section below.
|
|
|
|
EXAMPLES
|
|
To create a firewall endpoint called my-endpoint, in zone us-central1-a and
|
|
organization ID 1234, run:
|
|
|
|
$ gcloud alpha network-security firewall-endpoints create \
|
|
my-endpoint --zone=us-central1-a --organization=1234
|
|
|
|
POSITIONAL ARGUMENTS
|
|
Firewall endpoint resource - Firewall Plus. The arguments in this group
|
|
can be used to specify the attributes of this resource. (NOTE) Some
|
|
attributes are not given arguments in this group but can be set in other
|
|
ways.
|
|
|
|
To set the project attribute:
|
|
◆ provide the argument FIREWALL_ENDPOINT on the command line with a
|
|
fully specified name;
|
|
◆ set the property core/project. This resource can be one of the
|
|
following types:
|
|
[networksecurity.organizations.locations.firewallEndpoints,
|
|
networksecurity.projects.locations.firewallEndpoints].
|
|
|
|
This must be specified.
|
|
|
|
FIREWALL_ENDPOINT
|
|
ID of the firewall endpoint or fully qualified identifier for the
|
|
firewall endpoint.
|
|
|
|
To set the endpoint-name attribute:
|
|
▸ provide the argument FIREWALL_ENDPOINT on the command line.
|
|
|
|
This positional argument must be specified if any of the other
|
|
arguments in this group are specified.
|
|
|
|
--organization=ORGANIZATION
|
|
Organization ID of the firewall endpoint.
|
|
|
|
To set the organization attribute:
|
|
▸ provide the argument FIREWALL_ENDPOINT on the command line with a
|
|
fully specified name;
|
|
▸ provide the argument --organization on the command line. Must be
|
|
specified for resource of type
|
|
[networksecurity.organizations.locations.firewallEndpoints].
|
|
|
|
--zone=ZONE
|
|
Zone of the firewall endpoint.
|
|
|
|
To set the zone attribute:
|
|
▸ provide the argument FIREWALL_ENDPOINT on the command line with a
|
|
fully specified name;
|
|
▸ provide the argument --zone on the command line.
|
|
|
|
FLAGS
|
|
--async
|
|
Return immediately, without waiting for the operation in progress to
|
|
complete. The default is True. Enabled by default, use --no-async to
|
|
disable.
|
|
|
|
--billing-project=BILLING_PROJECT
|
|
The Google Cloud project ID to use for API enablement check, quota, and
|
|
endpoint uptime billing. Overrides the default billing/quota_project
|
|
property value for this command invocation.
|
|
|
|
--block-partial-http
|
|
Whether the endpoint will block HTTP partial responses. Defaults to
|
|
false.
|
|
|
|
--content-cloud-region=CONTENT_CLOUD_REGION
|
|
The content cloud region the endpoint will use. Defaults to the nearest
|
|
available region.
|
|
|
|
--description=DESCRIPTION
|
|
Description of the endpoint
|
|
|
|
--enable-jumbo-frames
|
|
Enable jumbo frames for the firewall endpoint. To disable jumbo frames,
|
|
use --no-enable-jumbo-frames.
|
|
|
|
--enable-wildfire
|
|
If set to true, enable WildFire functionality on the endpoint. Use
|
|
--enable-wildfire to enable. To disable, use --no-enable-wildfire.
|
|
|
|
--enable-wildfire-analysis-logging
|
|
Whether to disable WildFire submission log generation for files that
|
|
timeout during WildFire inline cloud analysis. Defaults to false.
|
|
|
|
--labels=[KEY=VALUE,...]
|
|
List of label KEY=VALUE pairs to add.
|
|
|
|
Keys must start with a lowercase character and contain only hyphens
|
|
(-), underscores (_), lowercase characters, and numbers. Values must
|
|
contain only hyphens (-), underscores (_), lowercase characters, and
|
|
numbers.
|
|
|
|
--max-wait=MAX_WAIT; default="60m"
|
|
Time to synchronously wait for the operation to complete, after which
|
|
the operation continues asynchronously. Ignored if --no-async isn't
|
|
specified. See $ gcloud topic datetimes for information on time
|
|
formats.
|
|
|
|
--target-firewall-attachment=TARGET_FIREWALL_ATTACHMENT
|
|
Target firewall attachment where third party endpoint forwards traffic.
|
|
|
|
--wildfire-analysis-action=WILDFIRE_ANALYSIS_ACTION
|
|
The action to take on WildFire inline cloud analysis timeout.
|
|
WILDFIRE_ANALYSIS_ACTION must be one of: ALLOW, DENY.
|
|
|
|
--wildfire-analysis-timeout=WILDFIRE_ANALYSIS_TIMEOUT
|
|
The timeout (in milliseconds) on a file being held while WildFire
|
|
inline cloud analysis is performed.
|
|
|
|
--wildfire-lookup-action=WILDFIRE_LOOKUP_ACTION
|
|
The action to take on WildFire real time signature lookup timeout.
|
|
WILDFIRE_LOOKUP_ACTION must be one of: ALLOW, DENY.
|
|
|
|
--wildfire-lookup-timeout=WILDFIRE_LOOKUP_TIMEOUT
|
|
The timeout (in milliseconds) to hold a file while the WildFire real
|
|
time signature cloud performs a signature lookup.
|
|
|
|
--wildfire-region=WILDFIRE_REGION
|
|
The region WildFire submissions from this endpoint will be sent to for
|
|
analysis by WildFire. Defaults to the nearest available region.
|
|
|
|
GCLOUD WIDE FLAGS
|
|
These flags are available to all commands: --access-token-file, --account,
|
|
--billing-project, --configuration, --flags-file, --flatten, --format,
|
|
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
|
--trace-token, --user-output-enabled, --verbosity.
|
|
|
|
Run $ gcloud help for details.
|
|
|
|
NOTES
|
|
This command is currently in alpha and might change without notice. If this
|
|
command fails with API permission errors despite specifying the correct
|
|
project, you might be trying to access an API with an invitation-only early
|
|
access allowlist. These variants are also available:
|
|
|
|
$ gcloud network-security firewall-endpoints create
|
|
|
|
$ gcloud beta network-security firewall-endpoints create
|
|
|