hands-on lab

Monitoring VPC and Firewall Operations With Network Telemetry

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Google Cloud provides you the possibility to create, handle, modify, and secure a custom network infrastructure following the latest security requirements. You can create subnets, define a firewall to protect incoming and outgoing traffic, and many other operations to keep your resources safe. One of the potential features is logging every event and operation that occurs inside the network infrastructure. Following this idea, Google offers few useful features you can use to log operations inside the network (Flow Logs) and log firewall rules usage (Firewall Rules Logging). All the logs created are available under Cloud Logging. That way you can constantly log whatever it happens inside your infrastructure and then analyze the logs.

In this lab, you will create a VPC and create a subnet inside it with flow logs enabled. You will then create a firewall rule with firewall rule logging enabled, to block HTTP traffic directed to a VM that Cloud Academy has deployed into your environment. Finally, you will switch to Cloud Logging to view the logs created.

Learning Objectives

Upon completion of this lab you will be able to:

  • Create a subnet with flow logs enabled
  • Define a firewall rule with firewall rule logging enabled
  • Use Cloud Logging to view the generated logs

Intended Audience

This lab is intended for:

  • Google Cloud Network Engineer (NE) certification candidates
  • Network engineers who want to improve logging for their network infrastructure
  • Individuals who want to better understand how to set up a logging solution for a network infrastructure


Basic knowledge of Google Networking is preferred, but it's not required. You can follow the Google Networking lab following this link.


May 29th, 2024 - Updated lab to use Debian 12

October 6th, 2022 - Updated the lab to include flow logs of the default subnet

December 15th, 2021 - Updated instructions and screenshot to reflect updated VPC and Logging console interface

Environment before

Environment after

About the author

Learning paths

Stefano studies Computer Science and is passionate about technology. He loves working with Cloud services and learning all the best practices for them. Google Cloud Platform and Amazon Web Services are the cloud providers he prefers. He is a Google Cloud Certified Associate Cloud Engineer. Node.js is the programming language he always uses to code. When he's not involved in studying or working, Stefano loves riding his motorbike and exploring new places.

Covered topics

Lab steps

Signing In to the Google Cloud Console
Enable Flow Logs for Subnet
Creating a Firewall Rule With Firewall Rule Logging Enabled
Generating Firewall Rule Logs
Exploring Firewall Rule Logs with Cloud Logging