By default deny rules take precedence over allow rules of the same priority.

So firewall rules can target the entire VPC or specific tags. But how would I create a firewall rule that targets only a specific subnet?

In Google Cloud Platform (GCP), firewall rules are evaluated based on their priority and the action they take (allow or deny). When two firewall rules have the same priority, the deny rule takes precedence over the allow rule. This means that if there is a conflict between an allow and a deny rule with the same priority, the traffic will be denied.

When you have allow and deny firewall rules with the same priority, the deny rules take precedence over the allow rules.

Super useful as always. Thanks for sharing.

For a REST API request from GCP compute to internet do we need to enable both egress and Ingress ?

Does adding tons of firewalls rules with many parameters over a large global network, can slow down traffic by some milisecs ? You mentioned something over stateful nature of firewall, does it play a part in reducing the calc time for every ingres, egress transfer ?

Super insightful, thank you!

DENY TAKES PRIORITY

Nice architecture GK.. thanks a lot for explanation.. It is easy to understand how the firewall rules can configure and work.

Well explained..... Thank you Bro.

1. If you have 2 firewall rules with the same priority one allow and another deny and then firewall rule with the action deny will take precedence

Deny rule has a priority over allow rule

Deny rule give the most priority. I need a suggestion from you actually I am preparing for Associate cloud engineer certification. On which part I work the most means like deep divd about the apps or resources, or focusing on installation and IAM rules and many more that, I am little confuse about that.

Thanks for the lesson.

1. Firewall Policy vs Firewall Rule (Where to use which one and why) 2. Create Firewall Policy and Implement it for Hybrid use case (Typically customer has dev and prod projects, hence a implement it considering both project) 3. Rules, Policy and Association (Understand use case in detail) 4. Automation of this using terraform (Hierarchical Firewall Policy Automation with Terraform | Google Cloud Blog) can you make a documentation on these ? Need help in understanding clearly kindly look into it, if you can answer all of them.

I am looking for GCP training. are you provide gcp training.

I love your videos and channel, please do more stuff about GCP!

Well explained... brilliant!

This is so helpful.

The effort you put in delivering knowledge is lit 🤩

Hi GK I am currently working as a database administrator(Progress DBA..its a RDBMS). I want to shift to a cloud career and I am interested in GCP but I am confused about how to proceed. Can you suggest me a cloud course ?

Explanation is in detail GK bro.thanks for sharing the information.

could u explain more about ssh, icmp and rdp? :)

Thanks for wonderful video and explanation. Can I get more complex examples as you said it is stateful.

Thanks very much, this is very helpful

Nice explanation 👍

Do you need app devlopment knowledge to get into cloud ..? Plz reply

I currently work as a network engineer, I am interested to shift to cloud, any tips please?

We need geoip in firewall rules, define ranges is exhaustive.

Superb Stuff @GK :) I always like the way you explain the things :)

deny will take precedence i guess

Totaly confused