Configure Advanced Network Security with Cloud Armor and NGFW

ADVANCED
200 minutes
5 tasks

In this lab, you will build a secure network architecture using Google Cloud Armor and Next Generation Firewall (NGFW). You'll create and configure policies to protect your applications against web threats, such as SQL injection and cross-site scripting (XSS). This involves setting up WAF rules, enabling adaptive protections, and applying firewall policies to control access and egress at the VPC level. You'll also implement rate limiting and bot control strategies. The lab is structured to simulate a real-world scenario where you're tasked with enhancing the existing network security of a company, ensuring robust application protection and network traffic control.

Scenario

A financial services company is expanding its digital services and requires enhanced network security to protect sensitive customer data. The company must deploy robust network protection that can mitigate web-based attacks and control traffic to its cloud-based applications. The goal is to implement Layer 7 protection with Google Cloud Armor and integrate it with Cloud NGFW for comprehensive security management, ensuring compliance with industry standards while achieving performance efficiency.

Learning Objectives

  • Understand and configure Google Cloud Armor policies
  • Configure WAF rules for web threat protection
  • Implement VPC-level NGFW policies
  • Enable rate limiting and bot control

tasks (5)

task 1: Create a VPC network and subnets

30 min

task 2: Configure Google Cloud Armor security policies

45 min

task 3: Set up NGFW policies for advanced traffic control

40 min

task 4: Implement Cloud NAT and Secure Web Proxy for controlled egress

35 min

task 5: Set up Cloud IDS and Packet Mirroring for traffic inspection

50 min

Prerequisites

  • Basic understanding of VPC and network security concepts
  • Familiarity with GCP console and service navigation

Skills Tested

Configure and manage Google Cloud Armor policiesSet up Next Generation Firewall policies and resource taggingImplement Cloud NAT and Secure Web Proxy for secure egressDeploy Cloud IDS and configure Packet Mirroring for traffic inspection