This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Shared VPC block traffic beteween projects Apigee

Posted on 03-24-2023 03:11 AM
marcelocastro
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Good morning,

I was configured Apigee with a Shared VPC. And, this Shared VPC has another 3 projects that communicate with Apigee through GKE services.

My problem is: project 1, 2 and 3 can communicate each other and I do not want this.

I try tro create some firewall rules, but the traffic through between networks by rule proxy, necessary for Apigee operation.

Is it possible to block this traffic between this project? I want: project 1, 2 and 3 can communicate with Apigee, but not each other.

Thanks,

0 2 100
Topic Labels
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
apickelsimer
Staff
Reply posted on --/--/---- --:-- AM

You can configure firewall rules for traffic within the VPC. Depending on how selective you want to be, you could deny all traffic, then only allow Apigee. When traffic egresses Apigee gateways internally, the source IP will be the instance IP. You can use this IP as part of your allow rule. Be sure to set the priority of the allow rule to a lower number than the deny rules. More information on VPC firewalls can be found at https://cloud.google.com/vpc/docs/using-firewalls

Not applicable here, but relevant - when traffic egresses to the internet, it will use an Apigee NAT, which you can preconfigure. 

0 Likes

Posted on --/--/---- --:-- AM
marcelocastro
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hi @apickelsimer I try this, but does not work. Because the traffic come on in firewall by proxy.

So, I solved my problem with a creation of Network Police on GKE.

Thanks,

0 Likes