Cloud Firewall’s fully
distributed, stateful inspection firewall engine is built
natively into our software defined networking fabric and
enforced at each workload.
To use Cloud Firewall, you’ll first create a firewall
policy. You’ll then be able to configure rules to help
protect cloud infrastructure and workloads against
internal and external attacks and fulfill compliance
requirements.
Block traffic based on curated
lists of threat intelligence data, such as known
malicious IPs and domains. Allow public IPs that
your service uses. These lists are managed by
Google Cloud and aggregate data from various
Google, third-party, and open-source feeds.
Tags provide built-in IAM
governance for firewall policies. Each tag has
granular controls to determine which users can create,
modify, and bind individual tags. Combined with
network firewall policies, these features help
increase policy precision and simplify rule creation
to deliver micro-segmentation.
Network firewall policies let
you group multiple firewall rules, apply batch
updates, and control access to these rules with
Identity and Access Management (IAM) roles.
Hierarchical Firewall Policies can be applied at
the organization and folder level, and Global and
Regional Network Firewall Policies can be applied
at the VPC level.