DEMO: Creating an Ingress Firewall Rule for a VPC
Start course
1h 21m

*** NOTICE: This course is outdated and has been deprecated ***




This course has been designed to teach you how to deploy network and compute resources on Google Cloud Platform. The content in this course will help prepare you for the Associate Cloud Engineer exam.

Learning Objectives

  • To understand key networking and compute resources on Google Cloud Platform
  • Be able to explain different networking and compute features commonly used on GCP
  • Be able to deploy key networking and compute resources on Google Cloud Platform

Intended Audience

  • Those who are preparing for the Associate Cloud Engineer exam
  • Those looking to learn more about GCP networking and compute features


To get the most from this course then you should have some exposure to GCP resources, such as VPCs and Compute Instances. However, this is not essential.


Welcome back. In this demonstration, we're going to walk through the process of creating an Ingress Firewall Rule for the VPC network that we created earlier. 

So, let's get started by going to the Firewall rules page in our Google Cloud Platform console. Now, to get there, what I need to do is, browse to VPC network, under the Networking section, and then from here, click on Firewall rules. 

Now, from here, what I need to do is, click on Create Firewall Rule, and this begins the process. Now, let's give our firewall rule a Name, and then specify the network where the firewall rule is going to be implemented. I'll call my firewall rule, rdp-in, and what I'm going to do is apply it to my testnetwork. 

What we need to do here is specify the priority of the rule that we're deploying. The lower the number, the higher the priority, the higher the number, the lower the priority. For this exercise, I'm going to leave it at the default setting of 1000. 

Now for this rule, I'm going to choose Ingress as the direction of traffic, because I want to allow rdp from my workstation IP. 

Obviously, we want to choose Allow as the action on match, and then we need to specify the Targets of our rule. 

Now what I'm going to do here, is select All instances in the network. Now what this does, is ensure that this rule applies to all instances that are eventually connected to this network. We'll deploy a VM later to this network, so I want this Ingress rule to apply to it when it's deployed. Now, with that said, what I could do here, if I wanted to, is instead, set the rule to apply to specific instances by target tag. This would allow me to specify which instances the rule would apply to. 

For this exercise, we're applying the rule to all instances, so there's no need to do this. What we need to do next here, is specify the Source filter. In the Source filter dropdown, I can specify an IP address range, source tags, or even in some cases, a service account. I'm going to leave this set to IP ranges, since I'm going to specifically allow traffic from the IP of my workstation that I'm working from. For this exercise, I'm going to browse to to check the public IP of my workstation. 

What we'll do here is, get my public IP address, and bounce back over to our portal here. We'll put my public IP in the Source IP ranges field. Now, when I do this, I need to use the CIDR notation. So what I had to do is append the /32 to my IP address. At this point, I need to define the protocols and ports to which my new rule is going to apply. In this case, I'm going to specify a destination port of TCP 3389, so I can allow rdp to any VM instances I deploy later. So we'll select tcp, and then we'll specify 3389. Now with that set, I can leave the rest of the options at their defaults, and then click Create to deploy my Ingress rule. 

So now that I have my Ingress rule deployed, when I spin up my VM later on and connect it to my subnet, the VM will be protected by my new rule.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.

Covered Topics