Egress Through Firewall
By default, FireNet inspects traffic between North South (on-prem and VPC/VNet) and East West (VPC/VNet to VPC/VNet). To enable Egress traffic (Internet bound) inspection, scroll down to Egress through Firewall and click Enable.
|
Any GCP instance (including Controller-created gateways) that needs to participate in egress control (FQDN, SNAT, and FW egress) have to be tagged as "avx-snat-noip". The GCP network tag "avx-snat-noip" can be associated during GCE creation or by editing an existing instance. |