Google Cloud Platform - Shared VPC


Northwestern IT maintains a Google Cloud Platform (GCP) Project in our organization that contains a Virtual Private Cloud (VPC) network with attached VPN connections to campus networks.

This VPC has a private address space of [] and is an extension of the Northwestern network by way of the VPN attachments. This VPC can be shared to other GCP Projects to facilitate private connectivity from a GCP Project to the campus network.

In addition to maintaining the VPC itself, the Cloud Operations team has also implemented a set of default VPC firewall rules using network tags.


More information on VPC firewall rules:

More information on managing network tags:

VPC Firewall Rules

The default firewall rulesets contain a `deny-all` to block all traffic to cloud resources except for those with specific network tags. Each ruleset can be configured for multiple ports and protocols.

Default Rules:
  • allow-https:
    • Port(s): 443
    • Protocol(s): TCP
    • Source: (All)
    • Network Tag: https
  • allow-http:
    • Port(s): tcp:80
    • Source: (All)
    • Network Tag: http
  • allow-rdp:
    • Port(s): tcp:3389, udp:3389
    • Source: (Northwestern Global Protect)
    • Network Tag: rdp
  • allow-ssh:
    • Port(s): tcp:22
    • Source: (Northwestern Global Protect)
    • Network Tag: rdp


Requesting Access and Rules

The Northwestern Shared VPC network is not shared to GCP Projects by default. To request that the VPC be shared to your Project, or if you need a new firewall ruleset, please email your request to with #cloudops in the email subject line to assign the ticket to the Cloud Operations team.

Was this helpful?
0 reviews
Print Article


Article ID: 2544
Thu 1/25/24 4:31 PM
Mon 2/5/24 8:20 AM