Google Cloud - VPN and Firewall Rules

Create Firewall rules to make sure you enable traffic between on-premise network and Google Cloud

Craig Medland avatar
Written by Craig Medland
Updated over a week ago

By default the itopia VPN module will create the site-to-site tunnel to allow connections between your on site network and the network in the Google cloud. 

However, what the process does not do is open up any firewall rules between your on-prem network and the Google cloud network. This is done by default to allow you to dictate what traffic is allowed into the Google cloud network through the VPN. You will be able to ping devices across the tunnel because of a default firewall rule created by Google allowing ICMP requests but nothing else.

In order to allow traffic from your on-site network you will need to log into the Google console and go into the Firewall rules under VPC network:

Once in the Firewall rules page, click on Create Firewall Rule at the top of the page:

When creating the firewall rule, create a name for it, make sure the direction of traffic is Ingress, select Allow in the Action to Match section, type in your source IP range(s) and either allow all ports or select the ports you want to allow. Below is a screenshot showing most of those options filled in or selected:

Once you hit create, Google will create the firewall rule and traffic will be allowed from IP's on the source network you filled in and only on the ports you selected.

Note: When creating firewall rules, make sure not to configure the tags as the server names, since it causes CAS to delete it because of the conflict of it matching with the actual instance name. The correct way to do it would be creating the tag as the actual name of the rule, then applying the tag to the images. 

Additional resources:

Did this answer your question?