do we need to use the traditional route of onboarding google geminic agentic api calls into apigeex via whitelisting the IPs in the cloud armor (if the gclb is protected by cloud armor) or is there any other better way to allow this traffic from google gemini into apigeex?
Raghu
Can you give us a diagram showing where the API calls are coming from , and where they are going? When you say “Gemini API calls” , what does that mean exactly?
There are different points of connection, I want to clarify which one you are referring to.
Where in this diagram, or … maybe is it some other pattern connection not illustrated here?
thanks for the diagram @dchiesa1 ; Its the entry point of the Agentic experience api calls entering apigeex via Frontend LB (we use External Global LB). Is there a way to identify agentic experience specific calls in the cloud armor by domain or IP whitelisting for gemini provided agentic experience api calls? We generally use akamai for edge protection for internet traffic but we are exploring options to allow our vendor api traffic without akamai but having additional security on cloud armor or other google cloud components.
by domain or by URL would work if you are in control of the Agentic experience - eg it’s an ADK app that you are building. In that case it’s easy to determine within Cloud Armor , which calls are coming from that agentic app.