Configure NGFW firewall endpoints #18
Description
- 2024 FR: Add Cloud NGFW Essential capability with optional Standard or Enterprise based IPS in the TEF 3-networks-hub-and-spoke folder and associated terraform-google-modules GoogleCloudPlatform/pbmm-on-gcp-onboarding#396
- 2023 Architecture Update: prepare for Google Firewall Plus / NGFW GoogleCloudPlatform/pubsec-declarative-toolkit#616
2024
hashicorp/terraform-provider-google#15779
hashicorp/terraform-provider-google#18139
2023
See plus differentiator in
https://cloud.google.com/firewall
shadow
GoogleCloudPlatform/pbmm-on-gcp-onboarding#396
TL;DR
A request by a large federal client for IDS or NGFW (formerly Firewall+)capabilities in the TEF that includes GPS(Standard) IPS(Enterprise) and micro segmentation
Add GCP Cloud NGFW (Firewall plus)
NGFW https://cloud.google.com/security/products/firewall?hl=en#cloud-ngfw-tiers
NGFW https://cloud.google.com/firewall/docs/about-firewalls
NGFW enterprise with IPS https://cloud.google.com/firewall/docs/about-intrusion-prevention
https://www.paloaltonetworks.com/blog/network-security/netsec-google-cloud-firewall-plus/
likely location next to https://github.com/terraform-google-modules/terraform-example-foundation/tree/master/3-networks-hub-and-spoke/modules/hierarchical_firewall_policy
Links
GCP Firewall plus - https://cloud.google.com/blog/products/identity-security/introducing-google-cloud-firewall-plus-with-intrusion-prevention
config connector IDS version https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/tree/main/solutions/ids
Palo Alto VM Series NGFW https://cloud.google.com/architecture/partners/palo-alto-networks-ngfw
PA VM Series NGFW example https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/standalone_vmseries_with_metadata_bootstrap
IDS https://cloud.google.com/security/products/intrusion-detection-system?hl=en
https://github.com/GoogleCloudPlatform/terraform-google-network-forensics
standard firewall https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall
Fortinet based Fortigate NGFW https://github.com/fortinet/fortigate-tutorial-gcp
see https://github.com/terraform-google-modules/terraform-google-network/tree/master/modules/network-firewall-policy
see hashicorp/terraform-provider-google#17030