What’s new with Cloud Firewall Standard

Google Cloud Firewall is a fully distributed, stateful inspection next-generation firewall that is built into our software-defined networking fabric and enforced for each workload. With Cloud Firewall, you can enable advanced network threat protection with operational simplicity at cloud scale.

Today, Google are excited to announce the general availability of the fully qualified domain name (FQDN) feature for Cloud Firewall. FQDN is generally available to customers as part of the Cloud Firewall Standard tier, which also includes Google Cloud Threat Intelligence integration and geolocation filtering. Google have also extended Google Cloud Threat Intelligence support with new IP reputation lists and released IPV6 and GKE node pool support for IAM-governed tags in Public Preview.

Cloud Firewall features are available in three tiers shown in the graphic below: Essentials, the foundational set of capabilities; Standard, which expands rule capabilities; and Plus, which includes advanced threat protection capabilities. You can check out our Cloud Firewall Plus blog to learn more about the capabilities in Plus tier.

FQDN-based objects to help easily filter traffic using domain names

With fully qualified domain name (FQDN) based objects, Google Cloud takes care of knowing the exact IP addresses for the FQDN in firewall rules. These objects can be used in rules to allow or block traffic based on FQDN instead of IP addresses, which can help provide the following benefits:

Expanded Threat Intelligence lists for Cloud Firewall

Threat Intelligence for Cloud Firewall leverages a combination of Google, third-party, and open source data to provide curated IP reputation lists to help you block known malicious traffic and allow known good traffic. These lists are maintained and continuously updated by Google Cloud Threat Intelligence researchers.

Threat Intelligence for Cloud Firewall is part of the Cloud Firewall Standard tier, and today we are expanding our coverage with the following new IP lists for Cloud Firewall to help tighten your security posture and help block malicious traffic:

Enhanced support for tags in firewall policies

We are also pleased to announce IPv6 support, and Google Kubernetes Engine (GKE) node pool support for IAM-governed tags, both available in public preview. Tag support is part of the Cloud Firewall Essentials tier.

Previously, tags only worked with IPv4 based rules. With IPv6 support for tags, you can now use tags as source and destination filters for IPv6 based rules.

With GKE node pool support for resource manager tags, you can selectively enforce Cloud Firewall network firewall policies in GKE clusters and node pools, to help control traffic flow between your VM instances and GKE clusters and node pools. This helps to strengthen your security posture by enabling micro-segmentation down to the GKE node pool level.

Take the next step

Cloud Firewall is a scalable, cloud-first, stateful firewall service with advanced protection capabilities. The latest updates to Cloud Firewall Standard, now available in GA, provide additional capabilities to simplify firewall management to help protect your cloud workloads.

Related posts

Unlock real-time insights from your Oracle data in BigQuery

by Cloud Ace Indonesia
2 years ago

Why you should migrate to network firewall policies from VPC Firewall rules

by Cloud Ace Indonesia
2 years ago

How Google Cloud blocked the largest Layer 7 DDoS attack at 46 million rps

by Kartika Triyanti
2 years ago