Answer-first summary for fast verification
Answer: Enable "Overly permissive rules insights" in Firewall Insights. Review results for rules that show allowed ingress traffic from internet sources.
To efficiently review Cloud NGFW configurations for overly permissive ingress rules without manual effort, the best approach is to enable 'Overly permissive rules insights' in Firewall Insights. This feature automatically identifies and flags rules that allow traffic from the internet, such as those with the source `0.0.0.0/0`, making it a more efficient and less error-prone method than manual review. Connectivity Tests, while useful, are more reactive and do not provide the same level of automated insight into firewall rule configurations. The Network Analyzer API offers broader VPC configuration insights but does not specifically target overly permissive firewall rules like Firewall Insights does.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you automatically review and verify that your Google Cloud Next Generation Firewall (Cloud NGFW) configurations do not contain any rules allowing inbound internet traffic to your VMs and services, without performing manual checks?
A
Review the firewall policy rules associated with the VPC, and filter for rules that allow ingress from 0.0.0.0/0.
B
Enable "Overly permissive rules insights" in Firewall Insights. Review results for rules that show allowed ingress traffic from internet sources.
C
Run Connectivity Tests from multiple external sources to double-check ingress traffic settings.
D
Enable the Network Analyzer API and review the "VPC Network" category insights.
No comments yet.