Monitoring VPC and Firewall Operations With Network Telemetry
Google Cloud provides you the possibility to create, handle, modify, and secure a custom network infrastructure following the latest security requirements. You can create subnets, define a firewall to protect incoming and outgoing traffic, and many other operations to keep your resources safe. One of the potential features is logging every event and operation that occurs inside the network infrastructure. Following this idea, Google offers few useful features you can use to log operations inside the network (Flow Logs) and log firewall rules usage (Firewall Rules Logging). All the logs created are available under Cloud Logging. That way you can constantly log whatever it happens inside your infrastructure and then analyze the logs.
In this lab, you will create a VPC and create a subnet inside it with flow logs enabled. You will then create a firewall rule with firewall rule logging enabled, to block HTTP traffic directed to a VM that Cloud Academy has deployed into your environment. Finally, you will switch to Cloud Logging to view the logs created.
Upon completion of this lab you will be able to:
- Create a subnet with flow logs enabled
- Define a firewall rule with firewall rule logging enabled
- Use Cloud Logging to view the generated logs
This lab is intended for:
- Google Cloud Network Engineer (NE) certification candidates
- Network engineers who want to improve logging for their network infrastructure
- Individuals who want to better understand how to set up a logging solution for a network infrastructure
Basic knowledge of Google Networking is preferred, but it's not required. You can follow the Google Networking lab following this link.
October 6th, 2022 - Updated the lab to include flow logs of the default subnet
December 15th, 2021 - Updated instructions and screenshot to reflect updated VPC and Logging console interface
Stefano studies Computer Science and is passionate about technology. He loves working with Cloud services and learning all the best practices for them. Google Cloud Platform and Amazon Web Services are the cloud providers he prefers. He is a Google Cloud Certified Associate Cloud Engineer. Node.js is the programming language he always uses to code. When he's not involved in studying or working, Stefano loves riding his motorbike and exploring new places.