I started with the following rule for allowing traffic from the front machines to the back-end machines and it doesn’t work. Pings from the front machines to the back-end machines are unsuccessful.
Thank you
allow-icmp-from-front
Logs
Off
view in Logs Explorer
Networkmi-vpc
Priority1000
DirectionIngress
Action on matchAllow
Targets
Service account
mi-service-[email protected]
Source filters
Service account
mi-service-a[email protected]
Protocols and ports
icmp
EnforcementEnabled
Insights
None
Hit count monitoring
2 Answers
Assuming your service accounts are correctly linked to the instances, this rule looks correct to me. Make sure you are pinging the internal IP address for the BE instance once you have SSH’d onto the FE instance as you are within the VPC at that point!
I have the same setup. However, I do not understand why only the internal IP address is pingable , and not the external IP address ? Shouldn’t the ping goes thru external IP address, rather than Internal IP?
I have the same question!
Ah yeah, you are right Robin.. We should actually ping the internal IP addresses. I was also facing the same issue posted by Jorge