Install the Google Cloud Firewall App and View the Dashboards
The page provides instructions for installing the Google Cloud Firewall App, and examples for each of the App dashboards.
Install the Sumo Logic App
Now that you have set up log collection, you can install the Google Cloud Firewall App to access the pre-configured Searches and Dashboards that provide visibility into your environment for real-time analysis of overall usage.
To install the app:
Dashboards
This section provides examples of the Google Cloud Firewall App accompanied with descriptions.
Google Cloud Firewall - Overview
Presents an overview of request activity, including the geolocation of allowed and denied requests; percentage of requests denied; allowed and denied traffic over time; and the top remote request locations, requested networks, requested subnets, requested VMs, and rules used.
Ingress Source Locations. A geolocation map that shows the count of connection requests received by each location over the last 24 hours.
Egress Destination Locations. A geolocation map that shows the count of connection requests initiated from each location over the last 24 hours.
Traffic Over Time. A stacked column chart that shows the count of ingress and egress requests per timeslice over the last 24 hours.
Allowed Request Remote Locations. A geolocation map that shows the count of requests that were allowed at each location over the last 24 hours.
Denied Request Remote Locations. A geolocation map that shows the count of requests that were denied at each location over the last 24 hours.
Traffic Disposition Over Time. A stacked column chart that shows the count of accepted and denied requests per timeslice over the last 24 hours.
Allowed Traffic by Network Over Time. A line chart that shows the count of allowed requests per timeslice over the last 24 hours.
Denied Traffic by Network Over Time. A line chart that shows the count of denied requests per timeslice over the last 24 hours.
Requests Denied (%). The percentage of requests that were denied over the last 24 hours.
Top Remote Request Locations. A table that lists the top external sources that have issued the most requests caught by the firewall over the last 24 hours.
Top Requested Networks. A table that lists the networks that have received the most requests over the last 24 hours.
Top Rules Used. A table that lists the firewall rules that have been invoked most over the last 24 hours.
Top Requested Subnetworks. A table that lists the subnetworks that have received the most requests over the last 24 hours.
Top Requested VMs. A table that lists the VMs that have received the most requests over the last 24 hours.
Google Cloud Firewall - Ingress
Presents information about ingress traffic; including allowed and denied traffic over time; allowed and denied traffic outliers; allowed and denied source locations; top networks, subnetworks, and VMs by ingress requests, and the top allowed and denied ingress rules.
Allowed Ingress Traffic by Network Over Time. A line chart that shows the count of allowed ingress requests per timeslice for each network over the last 24 hours.
Denied Ingress Traffic by Network Over Time. A line chart that shows the count of denied ingress requests per timeslice for each network over the last 24 hours.
Top Networks by Ingress Requests. A table that lists the networks that had the most ingress requests over the last 24 hours.
Allowed Ingress Traffic - Outlier. A line chart that shows the count of allowed ingress requests per timeslice over the last 24 hours. The query uses the outlier
operator to identify timeslices in which the count of allowed ingress requests was statistically significant, indicated by a pink triangle.
Denied Ingress Traffic - Outlier. A line chart that shows the count of denied ingress requests per timeslice over the last 24 hours. The query uses the outlier
operator to identify timeslices in which the count of denied ingress requests was statistically significant, indicated by a pink triangle.
Top Subnetworks by Ingress Requests. A table that lists the subnetworks that had the most ingress requests over the last 24 hours.
Top VMs by Ingress Requests. A table that lists the VMs that had the most ingress requests over the last 24 hours.
Allowed Destination Locations. A geolocation map that shows the count of allowed ingress requests in each location over the last 24 hours.
Denied Destination Locations. A geolocation map that shows the count of denied ingress requests in each location over the last 24 hours.
Top Destination Locations. A table that lists the destinations with the most ingress requests over the last 24 hours.
Top Allowed Ingress Rules. A table that lists the ingress rules that were invoked the most, resulting in allowed requests over the last 24 hours.
Top Denied Ingress Rules. A table that lists the ingress rules that were invoked the most, resulting in denied requests over the last 24 hours.
Top Denied Source IPs. A table that lists the IP addresses from which the most requests were denied access.
Google Cloud Firewall - Egress
Presents information about egress traffic; including allowed and denied traffic over time; allowed and denied traffic outliers; allowed and denied source locations; top networks, subnetworks, and VMs by egress requests, and the top allowed and denied egress rules.
Allowed Egress Traffic by Network Over Time. A line chart that shows the count of allowed egress requests per timeslice for each network over the last 24 hours.
Denied Egress Traffic by Network Over Time. A line chart that shows the count of denied egress requests per timeslice for each network over the last 24 hours.
Top Networks by Egress Requests. A table that lists the networks that had the most egress requests over the last 24 hours.
Allowed Egress Traffic - Outlier. A line chart that shows the count of allowed egress requests per timeslice over the last 24 hours. The query uses the outlier
operator to identify timeslices in which the count of allowed egress requests was statistically significant, indicated by a pink triangle.
Denied Egress Traffic - Outlier. A line chart that shows the count of denied egress requests per timeslice over the last 24 hours. The query uses the outlier
operator to identify timeslices in which the count of denied egress requests was statistically significant, indicated by a pink triangle.
Top Subnetworks by Egress Requests. A table that lists the subnetworks that had the most egress requests over the last 24 hours.
Top VMs by Egress Requests. A table that lists the VMs that had the most egress requests over the last 24 hours.
Allowed Destination Locations. A geolocation map that shows the count of allowed egress requests in each location over the last 24 hours.
Denied Destination Locations. A geolocation map that shows the count of denied egress requests in each location over the last 24 hours.
Top Destination Locations. A table that lists the destinations with the most egress requests over the last 24 hours.
Top Allowed Egress Rules. A table that lists the egress rules that were invoked the most, resulting in allowed requests over the last 24 hours.
Top Denied Egress Rules. A table that lists the egress rules that were invoked the most, resulting in denied requests over the last 24 hours.
Top Denied Destination IPs. A table that lists the IP addresses to which the most requests were denied.