Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

My network firewall for allowing icmp traffic from front to back machines doesn’t work

I started with the following rule for allowing traffic from the front machines to the back-end machines and it doesn’t work. Pings from the front machines to the back-end machines are unsuccessful.

Thank you




view in Logs Explorer




Action on matchAllow


Service account

mi-service-[email protected]

Source filters

Service account

mi-service-a[email protected]

Protocols and ports





Hit count monitoring

2 Answers

Assuming your service accounts are correctly linked to the instances, this rule looks correct to me. Make sure you are pinging the internal IP address for the BE instance once you have SSH’d onto the FE instance as you are within the VPC at that point!

Billy Rotich

Ah yeah, you are right Robin.. We should actually ping the internal IP addresses. I was also facing the same issue posted by Jorge

I have the same setup. However, I do not understand why only the internal IP address is pingable , and not the external IP address ? Shouldn’t the ping goes thru external IP address, rather than Internal IP?

Ian Zdanowsky

I have the same question!

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?