- NAME
-
- gcloud vmware network-policies external-access-rules create - create a VMware Engine external access firewall rule
- SYNOPSIS
-
-
gcloud vmware network-policies external-access-rules create(EXTERNAL_ACCESS_RULE:--location=LOCATION--network-policy=NETWORK_POLICY)--destination-ranges=DESTINATION_IP_RANGES,[…]--ip-protocol=IP_PROTOCOL--priority=PRIORITY--source-ranges=SOURCE_IP_RANGES,[…] [--action=ACTION; default="ALLOW"] [--async] [--description=DESCRIPTION] [--destination-ports=DESTINATION_PORTS,[…]] [--source-ports=SOURCE_PORTS,[…]] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
Create a VMware Engine external access firewall rule. Check the progress of a
VMware Engine external access firewall rule creation using
gcloud vmware network-policies external-access-rules list. - EXAMPLES
-
To create an external access firewall rule called
my-external-access-ruleassociated with the network policymy-network-policyin theus-west2region, run:gcloud vmware network-policies external-access-rules create my-external-access-rule --network-policy=my-network-policy --priority=1000 --ip-protocol=TCP --source-ranges=34.148.30.114/32 --destination-ranges=projects/sample-project/locations/us-west2-a/privateClouds/my-private-cloud/externalAddresses/my-external-address --source-ports=22,10000-11000 --destination-ports=22 --action=ALLOW --location=us-west2 --project=sample-projectOr:
gcloud vmware network-policies external-access-rules create my-external-access-rule --network-policy=my-network-policy --priority=1000 --ip-protocol=TCP --source-ranges=34.148.30.114/32 --destination-ranges=projects/sample-project/locations/us-west2-a/privateClouds/my-private-cloud/externalAddresses/my-external-address --source-ports=22,10000-11000 --destination-ports=22In the second example, the project and the location are taken from gcloud properties core/project and compute/region respectively. The
--actionfield also isn't specified, so its value defaults toALLOW. - POSITIONAL ARGUMENTS
-
-
VMware Engine External Access Rule resource - external_access_rule. The
arguments in this group can be used to specify the attributes of this resource.
(NOTE) Some attributes are not given arguments in this group but can be set in
other ways.
To set the
projectattribute:-
provide the argument
external_access_ruleon the command line with a fully specified name; -
provide the argument
--projecton the command line; -
set the property
core/project.
This must be specified.
EXTERNAL_ACCESS_RULE-
ID of the VMware Engine External Access Rule or fully qualified identifier for
the VMware Engine External Access Rule.
To set the
external-access-ruleattribute:-
provide the argument
external_access_ruleon the command line.
This positional argument must be specified if any of the other arguments in this group are specified.
-
provide the argument
--location=LOCATION-
The resource name of the location.
To set the
locationattribute:-
provide the argument
external_access_ruleon the command line with a fully specified name; -
provide the argument
--locationon the command line; -
set the property
compute/region.
-
provide the argument
--network-policy=NETWORK_POLICY-
VMware Engine network policy
To set the
network-policyattribute:-
provide the argument
external_access_ruleon the command line with a fully specified name; -
provide the argument
--network-policyon the command line.
-
provide the argument
-
provide the argument
-
VMware Engine External Access Rule resource - external_access_rule. The
arguments in this group can be used to specify the attributes of this resource.
(NOTE) Some attributes are not given arguments in this group but can be set in
other ways.
- REQUIRED FLAGS
-
--destination-ranges=DESTINATION_IP_RANGES,[…]-
A list of destination IP addresses that the rule applies to. Each entry in the
list can be an ExternalAddress resource name or
0.0.0.0/0. When the value is set to0.0.0.0/0, all IP addresses are allowed. --ip-protocol=IP_PROTOCOL-
Internet protocol covered by the rule. Valid values are TCP, UDP, and ICMP.
IP_PROTOCOLmust be one of:TCP,UDP,ICMP. --priority=PRIORITY- Priority of this external access rule. Valid values are numbers between 100 and 4096, with 100 being the highest priority. Firewall rules are processed from highest to lowest priority.
--source-ranges=SOURCE_IP_RANGES,[…]-
A list of source IP addresses that the rule applies to. Each entry in the list
can be a CIDR notation or a single IP address. When the value is set to
0.0.0.0/0, all IP addresses are allowed.
- OPTIONAL FLAGS
-
--action=ACTION; default="ALLOW"-
Whether the firewall rule allows or denies traffic based on a successful rule
match. By default, the action is ALLOW.
ACTIONmust be one of:ALLOW,DENY. --async-
Return immediately, without waiting for the operation in progress to complete.
The default is
True. Enabled by default, use--no-asyncto disable. --description=DESCRIPTION- User-provided description of the external access rule.
--destination-ports=DESTINATION_PORTS,[…]- List of allowed destination ports. Each entry must be either an integer or a range.
--source-ports=SOURCE_PORTS,[…]- List of allowed source ports. Each entry must be either an integer or a range.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details.
gcloud vmware network-policies external-access-rules create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-05-07 UTC.