Create a Firewall Rule

Every VPC network has two implied firewall rules that permit outgoing connections and block incoming connections. These rules allow egress traffic to everywhere "Implied IPv4 allow egress rule" and block incoming traffic from everywhere "Implied IPv4 deny ingress rule". These rules are not shown in the Google Cloud console. Firewall rules that you create can override these implied rules.

To allow RDP and SSH access to all VM instances in your network, you must create a fire wall rule.

To create a firewall rule

  1. Log in to the Google Cloud Console.

  2. Click Firewall rule.

  3. Click Create firewall rule.

    The Create a firewall rule view is displayed.

    netwitness_create_firewall_rule_243x438.png

  4. Fill in the details to configure a firewall rule:

    • Name: Enter a name for firewall rule.

    • Description: Enter the description for firewall rule.

    • Logs: By default, Off is selected.

    • Network: Select a network from the drop-down list.

    • Priority: Enter the priority range. Lower integers indicate higher priorities.

      Note: Priority range can be between 0 to 65536.

    • Direction of traffic: Select Ingress.

    • Action on match: Select Allow.

    • Targets: Select All instances in the network from the drop-down list.

    • Source filter: Select IPv4 ranges from the drop-down list.

    • Source IPv4 ranges: Enter 35.235.240.0/20.

    • Second source filter: Enter any secondary source filter if available.

    • Protocols and ports: Select specified protocols and ports and select TCP and enter 22,3389 to allow both RDP and SSH.

  5. Click Create.

    Source IPv4 35.235.240.0/20 range contains all IP addresses that IAP uses for TCP forwarding in GCP.