Create a new Site.
Site object.
ID of the object.
Name of the object.
Notes for the object. Used for documentation purposes.
Array of tags.
Description of the Site to be displayed on the Client.
Geolocation of the Site.
Network subnets in CIDR format to define the Site's boundaries. They are added as routes by the Client. Comments are supported with "#" delimiter.
When the Client fails to connect to the Site for a certain period of time, configured Entitlements (see Policy) will be moved to this "Fallback" Site.
Local Site Detection feature settings.
Enables the Local Site Detection feature.
The public IPs or the CIDRs of the clients that will be considered local to this Site. Those clients will connect to Gateways with the configured local hostname and local weights in Appliance configuration.
If enabled, this Site will be included in the nearest Site override selection in Policies.
List of IP Pool mappings for this specific Site. When IPs are allocated this Site, they will be mapped to a new one using this setting.
IP Pool ID to map from. If a user is authorizing with this IP Pool via Identity Provider assignment and has access to this Site, mapping will occur for that user.
IP Pool ID to map to.
Mapping type.
Default Gateway configuration.
When enabled, the Client uses this Site as the Default Default for all IPV4 traffic.
When enabled, the Client uses this Site as the Default Default for all IPv6 traffic.
Network subnets to exclude when Default Gateway is enabled. The traffic for these subnets will not go through the Gateway in this Site. Comments are supported with "#" delimiter.
When enabled, the routes are sent to the Client by the Gateways according to the user's Entitlements "networkSubnets" should be left be empty if it's enabled.
VPN configuration for this Site.
Source NAT.
VPN over TLS protocol configuration.
TLS version.
Deprecated as of 6.6. VPN over DTLS protocol configuration.
VPN over QUIC protocol configuration.
Override routing for tunnel traffic.
IPv4 address for routing tunnel traffic.
IPv6 address for routing tunnel traffic.
Whether to enable URL Access feature or not.
P12 files for proxying traffic for URL Access feature.
Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.
Contents of the P12 file in Base64 format.
Password for the P12 file.
Gateway will verify upstream certificate of the endpoints.
Frequency configuration for generating IP Access audit logs for a connection.
Whether to log NAT traffic or not.
Settings for asset name resolution.
Name resolution to use Appliance's /etc/hosts file.
Resolver to resolve hostnames using DNS servers. If there are no DNS Resolvers with empty match domains, one will be added automatically.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
Perform AAAA lookups.
Perform zones transfer.
Deprecated as of 6.4. This will apply whenever Gateway gets a DNS response which has no TTL set.
DNS Server addresses that will be used to resolve hostnames within the Site. Leave it empty to use the Gateways' own DNS configuration.
The DNS resolver will only attempt to resolve names matching the match domains. If match domains are not specified the DNS resolver will attempt to resolve all hostnames.
This will configure Client machines' DNS according to this resolver if the Client connects to this Site.
Resolvers to resolve Amazon machines by querying Amazon Web Services.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
VPC IDs to resolve names.
Use VPC auto discovery.
Amazon regions.
Uses the built-in IAM role in AWS instances to authenticate against the API.
ID of the access key.
Secret access key for accessKeyId.
Proxy address to use while communicating with AWS. format: https://username:password@ip/hostname:port
Use master credentials to resolve names in addition to any assumed roles.
What AWS partition to use such as 'aws-cn' or 'aws-us-gov'
Resolve EC2 resources.
Resolve API Gateway resources.
Resolve EKS resources.
Resolve RDS resources.
Roles to be assumed to perform AWS name resolution.
AWS account ID.
AWS role name
AWS role external id.
AWS regions.
Resolvers to resolve Azure machines by querying Azure App Service.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
Uses the built-in Managed Identities in Azure instances to authenticate against the API.
Azure tenant id, visible with the azure cli command azure account show.
Azure client id, also called app id. Visible for a given application using the azure cli command azure ad app show.
Azure client secret. For Azure AD Apps this is done by creating a key for the app.
Subscription IDs to resolve names for.
Use subscription auto discovery.
Resolvers to resolve VMware vSphere machines by querying the vCenter.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
Hostname of the vCenter.
Username with admin access to the vCenter.
Password for the username.
Resolvers to resolve GCP machine by querying Google web services.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
GCP project filter.
GCP instance filter.
GCP forwarding rules filter.
Resolvers to resolve names by querying Appgate Illumio Resolver.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
Organization ID of the Illumio Resolver.
Hostname of the Illumio Resolver.
Port number of the Illumio Resolver.
Username with access to the Illumio Resolver.
Password for the username.
DNS Forwarding feature. Always enabled and will be filled if there is no object is passed.
DNS Forwarder Site IPv4 address.
DNS Forwarder Site IPv6 address.
DNS Servers to use for resolving endpoints. Leave it empty to use the Gateways' own DNS configuration.
A list of subnets to allow access.
IP address
netmask
Deprecated as of 6.4. This will apply whenever Gateway gets a DNS response which has no TTL set.
The match domains to use for automatic Client DNS configuration.
This will configure Client machines' DNS according to this forwarder if the Client connects to this Site.
Created Site.
ID of the object.
Name of the object.
Notes for the object. Used for documentation purposes.
Create date.
Last update date.
Array of tags.
Description of the Site to be displayed on the Client.
Geolocation of the Site.
Network subnets in CIDR format to define the Site's boundaries. They are added as routes by the Client. Comments are supported with "#" delimiter.
When the Client fails to connect to the Site for a certain period of time, configured Entitlements (see Policy) will be moved to this "Fallback" Site.
Local Site Detection feature settings.
Enables the Local Site Detection feature.
The public IPs or the CIDRs of the clients that will be considered local to this Site. Those clients will connect to Gateways with the configured local hostname and local weights in Appliance configuration.
If enabled, this Site will be included in the nearest Site override selection in Policies.
List of IP Pool mappings for this specific Site. When IPs are allocated this Site, they will be mapped to a new one using this setting.
IP Pool ID to map from. If a user is authorizing with this IP Pool via Identity Provider assignment and has access to this Site, mapping will occur for that user.
IP Pool ID to map to.
Mapping type.
Default Gateway configuration.
When enabled, the Client uses this Site as the Default Default for all IPV4 traffic.
When enabled, the Client uses this Site as the Default Default for all IPv6 traffic.
Network subnets to exclude when Default Gateway is enabled. The traffic for these subnets will not go through the Gateway in this Site. Comments are supported with "#" delimiter.
When enabled, the routes are sent to the Client by the Gateways according to the user's Entitlements "networkSubnets" should be left be empty if it's enabled.
VPN configuration for this Site.
Source NAT.
VPN over TLS protocol configuration.
TLS version.
Deprecated as of 6.6. VPN over DTLS protocol configuration.
VPN over QUIC protocol configuration.
Override routing for tunnel traffic.
IPv4 address for routing tunnel traffic.
IPv6 address for routing tunnel traffic.
Whether to enable URL Access feature or not.
P12 files for proxying traffic for URL Access feature.
Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.
Subject name of the certificate in the file.
Gateway will verify upstream certificate of the endpoints.
Frequency configuration for generating IP Access audit logs for a connection.
Whether to log NAT traffic or not.
Settings for asset name resolution.
Name resolution to use Appliance's /etc/hosts file.
Resolver to resolve hostnames using DNS servers. If there are no DNS Resolvers with empty match domains, one will be added automatically.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
Perform AAAA lookups.
Perform zones transfer.
Deprecated as of 6.4. This will apply whenever Gateway gets a DNS response which has no TTL set.
DNS Server addresses that will be used to resolve hostnames within the Site. Leave it empty to use the Gateways' own DNS configuration.
The DNS resolver will only attempt to resolve names matching the match domains. If match domains are not specified the DNS resolver will attempt to resolve all hostnames.
This will configure Client machines' DNS according to this resolver if the Client connects to this Site.
Resolvers to resolve Amazon machines by querying Amazon Web Services.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
VPC IDs to resolve names.
Use VPC auto discovery.
Amazon regions.
Uses the built-in IAM role in AWS instances to authenticate against the API.
ID of the access key.
Proxy address to use while communicating with AWS. format: https://username:password@ip/hostname:port
Use master credentials to resolve names in addition to any assumed roles.
What AWS partition to use such as 'aws-cn' or 'aws-us-gov'
Resolve EC2 resources.
Resolve API Gateway resources.
Resolve EKS resources.
Resolve RDS resources.
Roles to be assumed to perform AWS name resolution.
AWS account ID.
AWS role name
AWS role external id.
AWS regions.
Resolvers to resolve Azure machines by querying Azure App Service.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
Uses the built-in Managed Identities in Azure instances to authenticate against the API.
Azure tenant id, visible with the azure cli command azure account show.
Azure client id, also called app id. Visible for a given application using the azure cli command azure ad app show.
Subscription IDs to resolve names for.
Use subscription auto discovery.
Resolvers to resolve VMware vSphere machines by querying the vCenter.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
Hostname of the vCenter.
Username with admin access to the vCenter.
Resolvers to resolve GCP machine by querying Google web services.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
GCP project filter.
GCP instance filter.
GCP forwarding rules filter.
Resolvers to resolve names by querying Appgate Illumio Resolver.
Identifier name. Has no functional effect.
How often will the resolver poll the server. In seconds.
Organization ID of the Illumio Resolver.
Hostname of the Illumio Resolver.
Port number of the Illumio Resolver.
Username with access to the Illumio Resolver.
DNS Forwarding feature. Always enabled and will be filled if there is no object is passed.
DNS Forwarder Site IPv4 address.
DNS Forwarder Site IPv6 address.
DNS Servers to use for resolving endpoints. Leave it empty to use the Gateways' own DNS configuration.
A list of subnets to allow access.
IP address
netmask
Deprecated as of 6.4. This will apply whenever Gateway gets a DNS response which has no TTL set.
The match domains to use for automatic Client DNS configuration.
This will configure Client machines' DNS according to this forwarder if the Client connects to this Site.
JSON error. Check the JSON format.
Generic HTTP error.
Machine readable error code.
Human readable error details.
Token error. Login again.
Generic HTTP error.
Machine readable error code.
Human readable error details.
Insufficient license.
Generic HTTP error.
Machine readable error code.
Human readable error details.
Insufficient permissions to access this resource.
Generic HTTP error.
Machine readable error code.
Human readable error details.
Invalid 'Accept' header.
Generic HTTP error.
Machine readable error code.
Human readable error details.
The submitted resource conflicts with another.
Generic HTTP error.
Machine readable error code.
Human readable error details.
Request validation error. Check "errors" array for details.
Http 422 error for object validation.
Machine readable error code.
Human readable error details.
List of fields with validation errors.
Name of the field that failed validation.
Failure reason.
Unexpected server side error.
Generic HTTP error.
Machine readable error code.
Human readable error details.