Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ken1
Participant

Regarding GCP's disabled firewall rules

Hello.

My customer claims that even if he disables the Firewall rules in GCP, they are still detected by CGPM. Indeed, CGPM does not seem to change from the enabled state even if the rule is disabled.
Is this behavior correct?

 

GCP-firewall.png

CGPM Firewall.png

0 Kudos
2 Replies
Guyshteinberg
Employee
Employee

Hello,

 

The Security Group page UI wasn't modified with all GCP properties, it was done to keep the same concept as AWS and Azure.

To see the actual states you can always use the Compliance engine and the entity viewer that always have the updated information.

I will file a UI ticket to handle it or to add the entity viewer to the Security group so it will be easier to see the data.

 

Thanks,
Guy Shteinberg

0 Kudos
Ken1
Participant

Hi,

 

I used the entity viewer to verify that the inbound rules for the nics array have an enabled flag. However, the GCP rules do not seem to check for this flag. I think I need to add the condition "enabled = 'ture'" to the GSL, is this unnecessary?

 

Like this:

VMInstance where nics contain-any [inboundRules contain [ destinationPort<=3389 and destinationPortTo >=3389 and protocol in ('TCP','ALL') and enabled = 'true']] should not have nics contain-any [inboundRules contain [ destinationPort<=3389 and destinationPortTo >=3389 and protocol in ('TCP','ALL')] and inboundRules allowedHostsForPort(3389) > 32]

 

Thanks,

0 Kudos