Configuring GCP Firewall Rules and SSH Access – Secure Your VM

Gcp Kajal November 29, 2025 3 mins read

A complete guide to setting up firewall rules and secure SSH access for your GCP virtual machines to ensure reliable and protected connectivity.

Back to Blog Posts

🔐 1. Introduction

Security plays a crucial role in cloud infrastructure. In Google Cloud Platform (GCP), firewall rules and SSH access define how your VM communicates with users, services, and networks.
This guide covers how to create firewall rules, set up SSH access, and secure your VM following cloud security best practices.

🌐 2. What Are Firewall Rules in GCP?

GCP firewall rules control network traffic by defining allow or deny actions for incoming or outgoing connections. These rules:

  • Are applied at the VPC network level, not per individual VM

  • Include key parameters such as:

    • Direction: ingress or egress

    • Protocol & Ports: e.g., TCP/22

    • Priority

    • Target resources (tags, service accounts, networks)

Firewall rules act as your VM’s first layer of defense.

🔧 3. Default Firewall Behavior in GCP

By default:

✔ Outbound Traffic

Allowed automatically — VMs can access the internet or APIs unless restricted.

✖ Inbound Traffic

Blocked unless explicitly allowed through a firewall rule.

Common inbound rules you may enable:

  • SSH (TCP 22) – for remote login

  • HTTP (TCP 80) – for web traffic

  • HTTPS (TCP 443) – for secure web traffic

🛠 4. Creating a Firewall Rule (Step-by-Step Guide)

From the Google Cloud Console

  1. Go to VPC Network → Firewall Rules

  2. Click Create Firewall Rule

  3. Enter a name, e.g., allow-ssh

  4. Direction: Ingress

  5. Targets: Apply to all VMs or specific tags

  6. Source IP Ranges:

    • 0.0.0.0/0 (not recommended for production)

    • or restrict to your office/home IP for better security

  7. Protocols & Ports:

    • Select TCP

    • Enter 22

  8. Click Create

Your VM will now accept SSH connections through this rule.

🔑 5. SSH Access to Your VM

Once firewall rules are set, you can SSH into your VM in three ways.

🔹 Option 1: Browser-Based SSH (Fastest Method)

  1. Go to Compute Engine → VM Instances

  2. Click SSH next to your VM

  3. A browser terminal opens instantly

No keys or configuration needed — perfect for quick access.

🔹 Option 2: SSH Using gcloud CLI

 
gcloud compute ssh my-vm-name --zone=us-central1-a

Requirements:

  • gcloud CLI installed

  • Logged in using gcloud auth login

🔹 Option 3: SSH Using an External Client (Terminal/PuTTY)

  1. Add your public SSH key to GCP:

    • Go to Metadata → SSH Keys

  2. Then connect:

 
ssh -i ~/.ssh/my-key user@EXTERNAL-IP

This method is ideal for developers who use local terminals or automation scripts.

6. Best Practices for Security

Follow these recommendations to secure your VMs effectively:

✔ Restrict SSH access

Allow connections only from trusted IPs (not 0.0.0.0/0).

✔ Use SSH keys instead of passwords

Keys are safer and required by GCP.

✔ Rotate keys regularly

Helps minimize security risks.

✔ Monitor SSH and firewall logs

Use Cloud Logging → VPC Firewall Logs for visibility.

✔ Disable SSH temporarily

If your VM is not in use or is part of automated services.

🖼 7. Visual Guide (Image Suggestions)

Enhance this blog with:

  • Screenshot of GCP firewall rule creation page

  • Diagram: User → Firewall Rule → VM Instance

  • Infographic of secure access flow:
    Firewall → SSH Key → Authentication → Monitoring

🏁 8. Conclusion

Configuring firewall rules and secure SSH access is essential for protecting your GCP VM instances. By following best practices such as restricting access, using SSH keys, and monitoring logs, you ensure a strong security foundation.

In the next article, we’ll cover:
Snapshots & Backup Strategies in GCP – Protecting Your VM Data

Advertisement

K
Kajal

7 posts published

Sign in to subscribe to blog updates