Network Intelligence Center pricing

This page describes pricing for all Network Intelligence Center modules.

Connectivity Tests pricing details

Charges for Connectivity Tests are based on the number of tests that are run during the month.

Connectivity Tests run per month Price per test
Up to 20 tests Free
Over 20 tests $0.15

Pricing example

The following table shows an example usage pattern where you run 100 Connectivity Tests in a single month.

Resources Usage Estimated cost for this billing period
Connectivity Tests 100 tests - 20 free tests = 80 tests Total bill is 80 tests * $0.15 per test = $12.00

Network Topology pricing details

Charges for Network Topology are based on the number of resource-hours for the resource types in the following table.

Unit Price
Total Compute Engine virtual machine (VM) instance resource-hours per month $0.0011 per resource-hour

The price is the same for all machine types. All running instances that are in enabled projects are charged.

Pricing example

The following table shows an example that assumes that you are running 100 VM instances all day in a single month (730 hours).

Resources Usage Estimated cost for this billing period
100 VMs 730 hours Total bill is $0.0011 * 100 * 730 = $80.30

Performance Dashboard pricing details

Performance Dashboard is offered without charge during General Availability.

Firewall Insights pricing details

Firewall Insights uses three pricing models, one for each of the following:

The following sections describe these pricing models.

Configuration analysis

Firewall Insights uses configuration analysis to identify shadowed firewall rules. A shadowed firewall rule is one that might never be used because its attributes are overlapped by those of an equal-priority (or higher-priority) rule. Charges for configuration analysis are based on the number of firewall rules that you have, as described in the following table.

Feature Pricing
Initial evaluation $1 for each rule that exists in your project when the feature is enabled.
Each subsequent evaluation $0.10 per rule for each rule being evaluated. Subsequent evaluations occur on a per-network basis, only on days that you make a change to your firewall rule configuration (by adding, deleting, or modifying a firewall rule).

Example

Suppose you have a project with two VPC networks, each containing 100 firewall rules, for a total of 200. You turn on shadowed rule detection for the project.

The charge for the initial evaluation is $1 per rule, so you pay a one-time charge of $1 * 200 rules, or $200.

The next day, you add a new firewall rule to one of your networks. Because you have changed your firewall rule configuration, Firewall Insights evaluates that network's configuration again. This time, you are charged $0.10 for each rule in the network. The charge would be $0.10 * 101 rules, or $10.10.

For the next month, you don't make any changes to your firewall rules, so you aren't changed anything during that time.

After that, on a single day, you modify two firewall rules in the same network where you previously added a rule. Because you made these changes on the same day, they trigger only one new evaluation. Because that network still has only 101 rules, the charge is again $10.10.

Analysis of overly permissive rules (overgranting analysis)

Billing for analysis of overly permissive rules is based on the number of firewall log entries that are processed for insight generation.

Overly permissive rules include the following:

  • Allow rules with no hits
  • Allow rules with unused attributes
  • Allow rules with overly permissive IP address and port ranges

You are billed monthly for each million log entries that are processed.

To use log-based rule analysis, you must also have Firewall Rules Logging enabled. For details about Firewall Rules Logging charges, see the Network Telemetry pricing documentation.

Tier Monthly rate per million log entries
1-10,000 million $0.20
10,001-50,000 million $0.10
More than 50,000 million $0.05

The following examples illustrate how this pricing model is applied. These examples do not include charges for Firewall Rules Logging.

Example 1

Suppose that during one month you have 997 million log entries. Because you have between 1 and 10,000 million entries, you would be charged $0.20 per million log entries, as described in the following table.

Million log entries Rate Price
997 $0.20 $199.40

Example 2

Suppose that during one month you have 141,719 million log entries. In this case, you would be charged at all three rates, as described in the following table.

Million log entries Rate Price
First 10,000 $0.20 $2,000
Next 40,000 $0.10 $4,000
All log entries over 50,000 million (in this case, 91,719) $0.05 $4,585.95
Total $10,585.95

Other logs-based analysis

In addition to overly permissive rule insights, the following features use logs-based analysis:

  • All Firewall Insights metrics
  • The deny rules with hits insight

To use these features, you must have Firewall Rules Logging enabled. For details about Firewall Rules Logging charges, see the Network Telemetry pricing documentation.

The following table describes Firewall Insights pricing for these features.

Feature Pricing
firewall_hit_count metric Free
firewall_last_used_timestamp metric Free
Deny rules with hits Free

Anomaly Detection pricing details

Pricing for this service is not available.

What's next

Request a custom quote

With Google Cloud's pay-as-you-go pricing, you only pay for the services you use. Connect with our sales team to get a custom quote for your organization.
Contact sales