Deploy and prevent threats with Google Cloud NGFW Enterprise, a native Google Cloud service powered by Palo Alto Networks Threat Prevention technologies. This solution combines the scalability and flexibility of Google Cloud with the advanced security capabilities of Palo Alto Networks, providing:
- Deep traffic inspection
- Real-time threat detection
- Automated protection against evolving cyber threats, all within your cloud environment.
Cloud NGFW Enterprise is a fully distributed firewall solution offering advanced protection to safeguard your Google Cloud workloads from both internal and external threats, such as:
- Intrusions
- Malware
- Spyware
- Command-and-control attacks
The service operates by creating Google-managed zonal firewall endpoints that utilize packet interception technology to seamlessly capture and inspect workload traffic for deep packet analysis.
- Access to Google Cloud Shell, or a local machine with a Terraform or gcloud installation.
- A Google Cloud project to host the deployment.
- A Google Cloud billing project.
Ability | Level | Roles |
---|---|---|
Create/modify/view firewall endpoints, endpoint associations, security profiles, and security profile groups. | Organization | compute.networkAdmin, compute.networkUser, compute.networkViewer |
Create/modify/view global network firewall policies and view effective rules for VPC networks and virtual machines. | Project | compute.securityAdmin, compute.networkAdmin, compute.networkViewer, compute.viewer, compute.instanceAdmin |
For more information, please see:
- IAM Roles - Firewall Endpoints
- IAM Roles - Firewall Endpoint Associations
- IAM Roles - Security Profiles
- IAM Roles - Global Network Firewall Policies
gcloud services enable compute.googleapis.com
gcloud services enable networksecurity.googleapis.com
gcloud services enable firewallinsights.googleapis.com
### 🌱 Step 2: Set Environment Variables for Your Deployment
Set up the environment variables for your **deployment project** and **billing project**:
```bash
export PROJECT_ID=YOUR_PROJECT_ID
export BILLING_ID=YOUR_BILLING_PROJECT_ID