1. Home
  2. Training Library
  3. Google Cloud Platform
  4. Courses
  5. Deploying Networking and Compute Resources on Google Cloud Platform

Ingress and Egress Firewall Rules for a VPC

Start course
1h 21m

This course has been designed to teach you how to deploy network and compute resources on Google Cloud Platform. The content in this course will help prepare you for the Associate Cloud Engineer exam.

Learning Objectives

  • To understand key networking and compute resources on Google Cloud Platform
  • Be able to explain different networking and compute features commonly used on GCP
  • Be able to deploy key networking and compute resources on Google Cloud Platform

Intended Audience

  • Those who are preparing for the Associate Cloud Engineer exam
  • Those looking to learn more about GCP networking and compute features


To get the most from this course then you should have some exposure to GCP resources, such as VPCs and Compute Instances. However, this is not essential.


GCP firewall rules are used to allow or deny traffic to and from VM instances, based on your security needs. Once configured and enabled, GCP firewall rules are always enforced, which means deployed instances are protected, regardless of their OS, configuration, or even startup status. 

It's worth noting that every VPC network actually functions as a distributed firewall. That said, although firewall rules are defined at the network level, connections to instances are actually allowed and denied on a per-instance basis. As such, GCP firewall rules essentially exist between instances and networks, as well as between individual instances within the same network. 

Whenever you create GCP firewall rules, you need to specify a VPC network, along with settings that define what the rule is supposed to do. The settings that you configure will allow you to target specific types of traffic, based on protocols, sources, destinations, and ports. 

There are three ways to create and modify GCP firewall rules. You can perform these functions through the Google Cloud Platform Console, the gcloud command line tool, and via REST API. 

Anytime you create or modify a firewall rule, you can also specify the distinct instances to which the rule should apply. You can do this by using the target component of the rule that you're defining. 

In the next lesson, I'm going to show you how to create an ingress firewall for a VPC network.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.

Covered Topics