Controlled access to the internet, made simple
Just because an application is running in the cloud, doesn’t mean you want it to be accessible to the outside world. Cloud NAT, Google Cloud’s managed Network Address Translation service, enables you to provision your application instances without public IP addresses while also allowing them to access the internet — for updates, patching, config management, and more — in a controlled and efficient manner. Outside resources cannot directly access any of the private instances behind the Cloud NAT gateway, helping to keep your Google Cloud VPCs isolated and secure.
High performance NAT
As a software-defined solution with no managed middle proxy, Cloud NAT's chokepoint-free design delivers high reliability, performance, and scalability.
Works with all your workloads
At Google Cloud, we are committed to being the cloud of choice for all workloads, so we designed the Cloud NAT service to work with both Compute Engine and Google Kubernetes Engine (GKE).
Scalable by design
Designed specifically for highly scalable application deployments, a single Cloud NAT gateway can be configured to handle multiple NAT IP addresses and can scale based on the size of your network, without the need for multiple NAT gateways.
Regional high availability
We understand the importance of keeping your applications up and running at all times. That’s why we designed Cloud NAT with reliability in mind: even if a zone goes down, Cloud NAT stays available across the region.
Flexible IP address allocation
Choose your NAT IP allocation based on your specific requirements. Manual mode gives you full control when specifying IPs, while auto mode enables the NAT IPs to be allocated and scaled automatically, based on the number of instances.
Managed NAT service
Delivers a GCP-managed Network Address Translation service. Cloud NAT allows you to get the benefits of Network Address Translation without having to deploy and maintain your own NAT Gateways.
Supports both Compute Engine virtual machines (VMs) and Google Kubernetes Engine (containers).
Multiple NAT IPs per gateway
Support for configuring multiple NAT IP addresses per NAT gateway.
Configurable NAT timeout timers. Timers for managing Network Address Translation entries are customizable and can be configured using both Console and through APIs.
NAT for all
Can provide NAT for all subnets in a VPC region with a single NAT gateway, irrespective of the number of instances in those subnets.
Regional high availability; if a zone is unavailable, the NAT gateway itself continues to be available.
For pricing, see this page.
I configured Cloud NAT to see how it would handle our existing Google Cloud deployment, and everything worked out of the box, and exactly as specified.Wietse Muizelaar, Lead System Engineer, bol.com
Try tutorials, launch quickstarts, and more.
Cloud NAT documentation
Cloud NAT resources
Using Cloud NAT
Cloud NAT overview
Cloud NAT Deep Dive
Learn and build
New to GCP? Get started with any GCP product for free with a $300 credit.
Need more help?
Our experts will help you build the right solution or find the right partner for your needs.