Reputation: 87
Setting Firewall rules - from Google Cloud Console vs from within Instance
I have a google cloud Windows VM which is hosting a QlikSense server. The server should be accessible using the VM's External IP using https i.e. port 443 as this is one of the default rules in Google Firewall rules. But it is not. It only works when I set the Inbound rule for to allow TCP:443 from within the instance (from Windows Firewall settings). My question is
Why do I need to set up a firewall from within the instance?
Why doesn't the firewall rule enabled from Google Cloud Console doesn't work here?
Upvotes: 0
Views: 506
Answers (1)
Reputation: 81424
Why do I need to set up a firewall from within the instance?
You do not need an internal firewall (Windows Defender Firewall). However, this is a good idea (multiple lines of defense). Google firewalls are protocol / port based. Windows firewalls also provide software rules and other intelligence.
Let's say that you want to provide services on HTTPS (TCP port 443). You then need to enable a rule to allow TCP port 443 in both the Google Cloud Firewall and the Windows Defender Firewall.
Why doesn't the firewall rule enabled from Google Cloud Console doesn't work here?
If you have multiple firewalls, all firewalls must have a similar allow rule, otherwise any deny will result in denial.
Upvotes: 2
Related Questions
- Are GCP default firewall-rules a security-concern?
- Google Cloud Compute Engine refusing connections despite firewall rule
- Can't connect to port 80 on Google Cloud Compute instance despite firewall rule
- GCP firewall rule for tcp port are not working
- Allow firewall rules for a GCP instance (port:8080) from CLI
- GCP Firewall rules are applied unidirectonal or bidirectional?
- How can I set firewall rule to allow ssh to a instance from Google Cloud console only
- Several firewalls when creating Google Cloud Platform instance. Which to use?
- Do I need to restart my instance for firewall rules to apply
- Google Cloud Platform Firewall Rules PORT