Status Update
Comments
ch...@google.com <ch...@google.com>
ch...@google.com <ch...@google.com> #2
To solve this problem, create the two routes with different priorities, like this:
Route1: Destination:0.0.0.0/0<-------> Next hop: ILB(IN us-east1) <------> Priority:950
Route2: Destination:0.0.0.0/0<-------> Next Hop: ILB(IN us-west1) <------> Priority:951
As long as the forwarding rules aren't configured to be
From the perspective of us-west1, this route is available:
Route2: Destination:0.0.0.0/0<-------> Next Hop: ILB(IN us-west1) <------> Priority:951
From the perspective of us-east1, this one is available:
Route1: Destination:0.0.0.0/0<-------> Next hop: ILB(IN us-east1) <------> Priority:950
It doesn't matter that these have different priorities in the route table because only one is "active" in each region (as long as global access isn't configured).
Description
This will create a feature request which anybody can view and comment on.
Please describe your requested enhancement. Good feature requests will solve common problems or enable new use cases.
What you would like to accomplish:
Enabling Cloud Firewall Plus functionality without an organization resource. Alternatively, enable Cloud Firewall Plus to be used without granting strong permissions on organizational resources. By doing so, we would like to increase users who can use Cloud Firewall Plus.
How this might work:
IPS resources of Cloud Firewall Plus can also be created at the project level. The IPS resources mentioned here are Security Profile, Security Profile Group, and Firewall endpoint.
If applicable, reasons why alternative solutions are not sufficient:
Currently, these resources can only be created at the organization level.
Other information (workarounds you have tried, documentation consulted, etc):
Documentation for Cloud Firewall Plus is below: