Console
    Contact Us Start free

    Create attachments

    This document explains how to create Secure Access Connect attachments. A Secure Access Connect attachment enables NCC Gateway to process traffic with an SSE product.

    Before you begin

    Before you begin, do the following:

    Required roles

    To get the permissions that you need to create attachments, ask your administrator to grant you the Compute Network Admin ( roles/compute.networkAdmin ) IAM role on the project. For more information about granting roles, see Manage access to projects, folders, and organizations .

    You might also be able to get the required permissions through custom roles or other predefined roles .

    Create a Secure Access Connect attachment

    Create a Secure Access Connect attachment by following the instructions that correspond with your SSE provider.

    Palo Alto Networks Prisma Access

    gcloud

    Create an attachment by running the gcloud beta network-security secure-access-connect attachments create command :

     gcloud beta network-security secure-access-connect attachments create ATTACHMENT_ID 
\
      --project= PROJECT_ID 
\
      --location= REGION 
\
      --realm= REALM_ID 
\
      --gateway= NCC_GATEWAY_SPOKE_ID

    Replace the following:

    • ATTACHMENT_ID : the name for the attachment
    • PROJECT_ID : your project ID
    • REGION : the region for the attachment
    • REALM_ID : the ID of your realm
    • NCC_GATEWAY_SPOKE_ID : the ID of your NCC Gateway spoke

    API

    To create an attachment in a given project and location, use the projects.locations.sacAttachments.create method .

     POST https://networksecurity.googleapis.com/v1beta1/{parent=project/ PROJECT_ID 
/locations/ REGION 
}/sacAttachments
{
  "sacRealm": " REALM_ID 
",
  "nccGateway": " NCC_GATEWAY_SPOKE_ID 
"
}

    Replace the following:

    • PROJECT_ID : your project ID
    • REGION : the region for the attachment
    • REALM_ID : the ID of your realm
    • NCC_GATEWAY_SPOKE_ID : the ID of your NCC Gateway spoke

    Symantec Cloud SWG

    gcloud

    Create an attachment by doing the following:

    1. Identify the Symantec site that you want to connect your attachment to by running the gcloud beta network-security secure-access-connect realms describe command :

       gcloud beta network-security secure-access-connect realms describe REALM_ID 
\
      --project= PROJECT_ID

      Replace the following:

      • REALM_ID : the name of your realm
      • PROJECT_ID : your project ID

      The output is similar to the following:

       name: projects/project-id/locations/global/sacRealms/realm-id
createTime: '...'
updateTime: '...'
securityService: SYMANTEC_CLOUD_SWG
state: PARTNER_ATTACHED
symantecOptions:
  availableSymantecSites: SYMANTEC_SITE_1 
 SYMANTEC_SITE_2 
secretPath: SECRET_PATH 
symantecConnectionState: SUCCEEDED

      The availableSymantecSites field contains the Symantec Cloud SWG sites that are available for you to connect to.

    2. Create an attachment by running the gcloud beta network-security secure-access-connect attachments create command :

       gcloud beta network-security secure-access-connect attachments create ATTACHMENT_ID 
\
      --project= PROJECT_ID 
\
      --location= REGION 
\
      --realm= REALM_ID 
\
      --gateway= NCC_GATEWAY_SPOKE_ID 
\
      --symantec-site= SYMANTEC_SITE 
\
      --symantec-location-name= SYMANTEC_LOCATION_NAME 
--country= COUNTRY 
\
      --timezone= TIMEZONE

      Replace the following:

      • ATTACHMENT_ID : the name for the attachment
      • PROJECT_ID : your project ID
      • REALM_ID : the ID of your realm
      • NCC_GATEWAY_SPOKE_ID : the ID of your NCC Gateway spoke

      • SYMANTEC_SITE : the Symantec site that you want to connect the attachment to

        Must be one of the availableSymantecSites from the previous step.

      • SYMANTEC_LOCATION_NAME : the name to give to the Symantec location

        For more information about naming requirements, see the Location schema in the Symantec Location Management API documentation .

      • COUNTRY : an optional country code in the ISO 3166 alpha-2 country code format

      • TIMEZONE : an optional timezone in the IANA timezone format

    API

    To create an attachment in a given project and location, use the projects.locations.sacAttachments.create method .

     POST https://networksecurity.googleapis.com/v1beta1/projects/ PROJECT_ID 
/locations/ REGION 
/sacAttachments
{
  "name": " ATTACHMENT_ID 
",
  "sacRealm": " REALM_ID 
",
  "nccGateway": " NCC_GATEWAY_SPOKE_ID 
",
  "country": " COUNTRY 
",
  "timeZone": " TIMEZONE 
",
  "symantecOptions": {
    "symantecLocationName": " SYMANTEC_LOCATION_NAME 
",
    "symantecSite": " SYMANTEC_SITE 
"
  }
}

    Replace the following:

    • PROJECT_ID : your project ID
    • REGION : the region for the attachment
    • ATTACHMENT_ID : the name for the attachment
    • REALM_ID : the ID of your realm
    • NCC_GATEWAY_SPOKE_ID : the ID of your NCC Gateway spoke
    • COUNTRY : an optional country code in the ISO 3166 alpha-2 country code format
    • TIMEZONE : an optional timezone in the IANA timezone format

    • SYMANTEC_SITE : the Symantec site that you want to connect the attachment to

      Must be one of the availableSymantecSites from the previous step.

    • SYMANTEC_LOCATION_NAME : the name to give to the Symantec location

      For more information about naming requirements, see the Location schema in the Symantec Location Management API documentation .

    What's next
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: