Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

Custom-Mode VPCs – Challenge Lesson

After hours and hours testing many combinations of Firewall Rules, I cannot understand why my solution to the challenge does not work.

I created two instances groups, the first one with the service account frontend-sa and the second with the service account backend-sa.

No problem when allowing all the connections to frontend-sa target, I can ping the frontend VMs from everywhere.

However, when creating a firewall rule with service account backend-sa as target and service account frontend-sa as source, no way to ping from frontend instances to backend instances.

I tried to use a connectivity test ( and the result is…reachable !

Moreover, if I put directly a rule allowing inbound traffic to backend-sa VM from the external IP addresses of the frontend machines, the ping is successful.

Has someone the same behavior ? Am I missing something ?

Shriram Kanade

I have a similar issue. I have both frontend and backend in the same subnet. I can ping from frontend to backend using the internal ip but cannot ping if I am using external ip of the backend machine

Shriram Kanade

have you tried with internal ip? do you see similar behaviour as I see?

0 Answers

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?