Create attachments
Stay organized with collections Save and categorize content based on your preferences.

This document explains how to create Secure Access Connect attachments. A Secure Access Connect attachment enables NCC Gateway to process traffic with an SSE product.

Before you begin

Before you begin, do the following:

Required roles

To get the permissions that you need to create attachments, ask your administrator to grant you the Compute Network Admin (roles/compute.networkAdmin) IAM role on the project. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create a Secure Access Connect attachment

Create a realm by following the instructions that correspond with your SSE provider.

Palo Alto Networks Prisma Access

Create an attachment by running the gcloud beta network-security secure-access-connect attachments create command:

  gcloud beta network-security secure-access-connect attachments create ATTACHMENT_ID \
      --project=PROJECT_ID \
      --location=REGION \
      --realm=REALM_ID \
      --gateway=NCC_GATEWAY_SPOKE_ID

Replace the following:

ATTACHMENT_ID: the name for the attachment
PROJECT_ID: your project ID
REALM_ID: the ID of your realm
NCC_GATEWAY_SPOKE_ID: the ID of your NCC Gateway spoke

Symantec Cloud SWG

Create an attachment by doing the following:

Identify the Symantec site that you want to connect your attachment to by running the gcloud beta network-security secure-access-connect realms describe command:

  gcloud beta network-security secure-access-connect realms describe REALM_ID \
      --project=PROJECT_ID

Replace the following:

REALM_ID: the name of your realm
PROJECT_ID: your project ID

The output is similar to the following:

name: projects/project-id/locations/global/sacRealms/realm-id
createTime: '...'
updateTime: '...'
securityService: SYMANTEC_CLOUD_SWG
state: PARTNER_ATTACHED
symantecOptions:
  availableSymantecSites:
               SYMANTEC_SITE_1
               SYMANTEC_SITE_2
  secretPath:SECRET_PATH
  symantecConnectionState: SUCCEEDED

The availableSymantecSites field contains the Symantec Cloud SWG sites that are available for you to connect to.

Create an attachment by running the gcloud beta network-security secure-access-connect attachments create command:
```
  gcloud beta network-security secure-access-connect attachments create ATTACHMENT_ID \
      --project=PROJECT_ID \
      --location=REGION \
      --realm=REALM_ID \
      --gateway=NCC_GATEWAY_SPOKE_ID \
      --symantec-site=SYMANTEC_SITE \
      --symantec-location-name=SYMANTEC_LOCATION_NAME
      --country=COUNTRY \
      --timezone=TIMEZONE
```
Replace the following:
- ATTACHMENT_ID: the name for the attachment
- PROJECT_ID: your project ID
- REALM_ID: the ID of your realm
- NCC_GATEWAY_SPOKE_ID: the ID of your NCC Gateway spoke
- SYMANTEC_SITE: the Symantec site that you want to connect the attachment to
  
  Must be one of the availableSymantecSites from the previous step.
- SYMANTEC_LOCATION_NAME: the name to give to the Symantec location
  
  For more information about naming requirements, see the Location schema in the Symantec Location Management API documentation.
- COUNTRY: an optional country code in the ISO 3166 alpha-2 country code format
- TIMEZONE: an optional timezone in the IANA timezone format

What's next

Add hybrid connections to NCC Gateway