BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
News Articles Presentations Podcasts Guides

Topics

Choose your language

InfoQ Dev Summit Boston

Discover transformative insights to level up your software development decisions. Use code LIMITEDOFFERIDSBOSTON24 for an exclusive offer.
InfoQ Dev Summit Munich

Get practical advice from senior developers to navigate your current dev challenges. Use code LIMITEDOFFERIDSMUNICH24 for an exclusive offer.
QCon San Francisco

Level up your software skills by uncovering the emerging trends you should focus on. Register now.
The Software Architects' Newsletter

Your monthly guide to all the topics, technologies and techniques that every professional needs to know about. Subscribe for free.

InfoQ Homepage News Google Announces General Availability of New Features for Cloud Firewall

DevOps

Google Announces General Availability of New Features for Cloud Firewall

Bookmarks

Jul 05, 2023 1 min read

InfoQ Article Contest

Share your knowledge Win a ticket to a QCon event
or an InfoQ Dev SummitFind out more

Google announced new functionality for Google Cloud Firewall, a managed firewall service that is cloud native and distributed. The new features now in general availability are threat intelligence for Cloud Firewall, geo-location objects, address groups, and local IP ranges. These features are available in two tiers, described in the following table:

The new threat intelligence for Cloud Firewall feature allows administrators to update the firewall rules with a list of threat intelligence data from many sources like Google, third-party data, and open-source databases. Threat Intelligence data includes lists of IPs from these categories:

  • Tor exit nodes: the users who hide their identity behind Tor, the open-source software that allows anonymous communications
  • Known malicious IP addresses: known IPs to be the origin of web application attacks
  • Search engines: IP addresses of site indexing
  • Public cloud IP address ranges: this category avoids malicious automated tools from browsing web applications

Thanks to the Geo-location object, Cloud Firewall allows the administrators to create firewall rules that block or allow ingress and egress traffic from a specific zone around the globe. Google manages the country-to-IP address mapping and the match between the IP addresses associated with the country code and the sources or the traffic destinations based on the traffic's direction.

An address group is a logical collection of IPv4 and IPv6 address ranges in the CIDR format. Thanks to this new feature, it will be easier to maintain the firewall rules. The administrators don’t anymore need to maintain the IP range sets in each rule that reference them. Many different firewall rules and network firewall policies can use address groups.

With local IP range support, the administrators can configure destination IPs in ingress firewall rules to allow ingress traffic targeting from only specific IPs. Before this new feature, when a tag or service account was specified, it was impossible to specify a target workload's IP address. For example, if the target workload is a GKE node with multiple IPs assigned to it, then the previous configuration did not enable you only to allow traffic from a particular IP.

Administrators can activate these new features using Google Console, a command line interface, and API.

About the Author

Claudio Masolo

Show moreShow less

Rate this Article

Adoption
Style

This content is in the DevOps topic

Related Topics:
BT