Introduction VPC firewall rules in GCP control ingress and egress traffic. When rules are misconfigured, traffic between instances is silently dropped, causing connectivity issues that are difficult to diagnose without proper firewall analysis.

Symptoms - Connection timeout between instances on allowed ports - Firewall rule shows enabled but traffic still blocked - Only some instances affected while others on same network work - Telnet/nc to target port hangs indefinitely

Common Causes - Target tags or service accounts not matching the instances - Implicit deny rule blocking traffic (no allow rule exists) - Higher priority deny rule overriding the allow rule - Egress rules blocking return traffic - Network tags changed after firewall rule created

Step-by-Step Fix 1. **List firewall rules for the VPC**: ```bash gcloud compute firewall-rules list --filter="network=default" --sort-by=priority ```

  1. 1.Check which rules apply to a specific instance:
  2. 2.```bash
  3. 3.gcloud compute instances describe <instance-name> --zone <zone> \
  4. 4.--format="value(tags.items,serviceAccounts[].email)"
  5. 5.`
  6. 6.Use VPC Flow Logs to diagnose:
  7. 7.```bash
  8. 8.gcloud compute networks subnets update <subnet-name> --region <region> --enable-flow-logs
  9. 9.# Then query in Cloud Logging:
  10. 10.resource.type="gce_subnetwork" AND jsonpayload.reporter="DEST" AND jsonpayload.src_vpc.vpc_name="<vpc-name>"
  11. 11.`
  12. 12.Create missing allow rule:
  13. 13.```bash
  14. 14.gcloud compute firewall-rules create allow-app-traffic \
  15. 15.--network=default --allow=tcp:8080 \
  16. 16.--source-ranges=10.0.0.0/8 --target-tags=app-server \
  17. 17.--priority=1000 --description="Allow app traffic"
  18. 18.`

Prevention - Document all firewall rules with descriptions - Use VPC Flow Logs for traffic analysis - Test firewall changes with connectivity checks - Use network tags consistently across instance templates - Set up firewall policy change monitoring - Use hierarchical firewall policies for organization-wide rules