I started with the following rule for allowing traffic from the front machines to the back-end machines and it doesn’t work. Pings from the front machines to the back-end machines are unsuccessful.
view in Logs Explorer
Action on matchAllow
Protocols and ports
Hit count monitoring
Assuming your service accounts are correctly linked to the instances, this rule looks correct to me. Make sure you are pinging the internal IP address for the BE instance once you have SSH’d onto the FE instance as you are within the VPC at that point!
I have the same setup. However, I do not understand why only the internal IP address is pingable , and not the external IP address ? Shouldn’t the ping goes thru external IP address, rather than Internal IP?