You are implementing firewall controls to protect your compute resources in a newly created VPC. To simplify management and control, you've configured hierarchical firewall policies (bound at the organization level), global network firewall policies (enforcing IPS for external traffic), and VPC firewall rules (allowing RFC 1918 internal communication). The VPC firewall also includes an explicit deny rule with logging enabled.

This setup works in existing VPCs, but in a newly created VPC, logs are missing, external traffic is failing, and internal traffic functions normally. How do you resolve the connectivity issue?

Exam-Like

Create a new VPC and migrate existing resources to the new VPC. Delete the old VPC, and reapply the firewall policies and rules in the newVPC.

0.0%

Raise the priority numbers of the firewall policy rules and lower the priority numbers of the VPC firewall rules.

21.4%

Review the order in which the VPC firewall rules and policies are evaluated. If the VPC firewall rules are being evaluated before firewall policies, switch the order.

35.7%

Lower the priority numbers of the firewall policy rules and raise the priority numbers of the VPC firewall rules.

42.9%

Google Professional Cloud Network Engineer

Comments

Get started today