I have an VM Instance running in a projet A. That instance is connected to a shared VPC hosted in another project. In this shared VPC we have a Cloud VPN connected to our internal network and firewall rules to allow egress and ingress traffic on a given TCP port.
When I look at the VM metrics, I see values for “Firewall incoming packets denied” as shown here
In order to try to understand what this denied packets are, I put a new firewall rule in place that is open for all IP ranges with a lower priority. I activated the log, expecting to capture the allowed packet.
Here are my rules
There are no hits showed. However if I look back to the VM metrics I have no longer denied packets shown
Thanks for the feedback. I have activated the VPC flow on the subnetwork but it only shows me traffic originated from my VMs to a lot of Google owned IPs ( 64.233.184.95, 64.233.166.95 …). That’s a lot of traffic I don’t have requested myself.
On the other side, I tried to enable Firewall rules logging. I have created an allow rule that made disappear all denied packets but curiously nothing was logged.
Ok well I guess you should turn off the VPC flow logs if you aren’t using them.
For the insights have you tried just using the rule that denies stuff and see if you get any details form the firewall logging for those hits.
From what I recall you only won’t see successful traffic flows.
Sorry for my late feedback. It seemed that after a point in time, I was able to see logging of my firewall rules. Perhaps I did it wrong or there is a delay between the activation of logging on a rule and the actual start of the logging process.
The blocked incoming calls were effectively coming from several IPs belonging to Google and from several locations (IS, Asia …).
