Settings to Enable VM Information Sources for Google Compute
Enable monitoring of GCE instances to consistently enforce policy for workloads.
VM Information Sources
The following table describes the settings you need to configure to enable VM Information Sources for Google Compute Engine instances on Google Cloud Platform. Enable monitoring of Google Compute Engine (GCE) instances to allow the firewall (physical or virtual on-premise, or running in Google Cloud) to retrieve tag, label, and other metadata about the instances running in a particular Google Cloud zone of the specified project. For information on the VM-Series on Google Cloud Platform, refer to the VM-Series Deployment Guide.
Settings to Enable VM Information Sources for Google Compute Engine
Enter a name to identify the monitored source (up to 31 characters). The name is case-sensitive, must be unique, and can contain only letters, numbers, spaces, hyphens, and underscores.
Google Compute Engine.
Optional) Add a label to identify the location or function of the source.
The communication between the firewall and the configured source is enabled by default.
The connection status between the monitored source and the firewall displays in the interface as follows:
When you disable communication, all the registered IP address and tags are removed from the associated dynamic address group. This means that policy rules will not apply to the GCE instances from this Google Cloud Project.
Enabledoption to disable communication between the configured source and the firewall.
Service Authentication Type
Select VM-Series running on GCE or Service Account.
Service Account Credential
Only for Service Account) Upload the JSON file with the credentials for the service account. This file allows the firewall to authenticate to the instance and authorizes access to the metadata.
You can create an account on the Google Cloud console (
). Refer to the Google documentation for information on how to create an account, add a key to it, and download the JSON file that you need to upload to the firewall.
IAM & admin
Enter the alphanumeric text string that uniquely identifies the Google Cloud Project that you want to monitor.
Enter the zone information as a string of up to 63 characters in length. For example:
Specify the interval (in seconds) at which the firewall retrieves information from the source (range is 60 to 1,200; default is 60).
The interval (in hours) after which the connection to the monitored source is closed if the host does not respond (default is 2).
Enable timeout when the source is disconnected. When the specified limit is reached, if the source is inaccessible or does not respond, the firewall will close the connection to the source. When the source is disconnected, all the IP addresses and tags that were registered from this project are removed from the dynamic address group.