Google Cloud firewall

0
votes

I have this doubt about GCP firewall rules in the default network. I create two VMs in two different regions inside the same network and so they can ping via internal ip each other. Why if I delete the firewall rule default-allow-internal they are still able to ping them each other via internal ip?

Instead, if I also remove the default-allow-icmp rule they are not able to ping each other via internal ip.

1
google-cloud-platformfirewall
Piing use icmp protocol. Your test is correct, no doubt, it works well!guillaume blaquiere
While practicing with Google Cloud Firewall rules, create rules (allow and deny) for each of the primary protocols: ICMP, UDP, and TCP (HTTP is built on top of TCP). In normal day-to-day Google Cloud networking, TCP is the most important. UDP is popular with VPNs such as OpenVPN and WireGuard. ICMP is mostly used as a diagnostics tool.John Hanley

1 Answers

3
votes

As per the GCP documentation default-allow-internal allows ingress connections for all protocols and ports among instances in the network. If you delete this FW rule instance can be pinged using the FW rule default-allow-icmp and it's intended behavior.

FW rule default-allow-icmp Allows ingress ICMP traffic from any source to any instance in the network.