REST Resource: globalForwardingRules

Resource: ForwardingRule

Represents a Forwarding Rule resource.

Forwarding rule resources in Google Cloud can be either regional or global in scope:

A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud Platform load balancer. Forwarding rules can also reference target instances and Cloud VPN Classic gateways (targetVpnGateway).

For more information, read Forwarding rule concepts and Using protocol forwarding.

JSON representation
  "id": string,
  "creationTimestamp": string,
  "name": string,
  "description": string,
  "region": string,
  "IPAddress": string,
  "IPProtocol": enum,
  "portRange": string,
  "ports": [
  "target": string,
  "selfLink": string,
  "loadBalancingScheme": enum,
  "subnetwork": string,
  "network": string,
  "backendService": string,
  "serviceDirectoryRegistrations": [
      "namespace": string,
      "service": string,
      "serviceDirectoryRegion": string
  "serviceLabel": string,
  "serviceName": string,
  "networkTier": enum,
  "labels": {
    string: string,
  "labelFingerprint": string,
  "ipVersion": enum,
  "fingerprint": string,
  "allPorts": boolean,
  "allowGlobalAccess": boolean,
  "metadataFilters": [
      "filterMatchCriteria": enum,
      "filterLabels": [
          "name": string,
          "value": string
  "isMirroringCollector": boolean,
  "pscConnectionId": string,
  "pscConnectionStatus": enum,
  "kind": string

string (uint64 format)

[Output Only] The unique identifier for the resource. This identifier is defined by the server.



[Output Only] Creation timestamp in RFC3339 text format.



Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.



An optional description of this resource. Provide this property when you create the resource.



[Output Only] URL of the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.



IP address that this forwarding rule serves. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the target that you specify in the forwarding rule.

If you don't specify a reserved IP address, an ephemeral IP address is assigned. Methods for specifying an IP address:

  • IPv4 dotted decimal, as in
  • Full URL, as in
  • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

The loadBalancingScheme and the forwarding rule's target determine the type of IP address that you can use. For detailed information, see IP address specifications.

Must be set to when the target is targetGrpcProxy that has validateForProxyless field set to true.

For Private Service Connect forwarding rules that forward traffic to Google APIs, IP address must be provided.



The IP protocol to which this rule applies.

For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT.

The valid IP protocols are different for different load balancing products as described in Load balancing features.



This field can be used only if:

  • Load balancing scheme is one of EXTERNAL, INTERNAL_SELF_MANAGED or INTERNAL_MANAGED
  • IPProtocol is one of TCP, UDP, or SCTP.

Packets addressed to ports in the specified range will be forwarded to target or backendService.

You can only use one of ports, portRange, or allPorts. The three are mutually exclusive.

Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint ports.

Some types of forwarding target have constraints on the acceptable ports. For more information, see Port specifications.

@pattern: \d+(?:-\d+)?



The ports field is only supported when the forwarding rule references a backendService directly. Only packets addressed to the specified list of ports are forwarded to backends.

You can only use one of ports and portRange, or allPorts. The three are mutually exclusive.

You can specify a list of up to five ports, which can be non-contiguous.

Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint ports.

@pattern: \d+(?:-\d+)?





Specifies the forwarding rule type.

For more information about forwarding rules, refer to Forwarding rule concepts.



This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6.

If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.