GCP VPC Peering

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

GCP VPC Peering

L2 Linker



We are deploying PA VM in GCP (Common Firewall Deployment Architecture). Deployment Architecture is attached.


In Trust VPC we have configured Internal Load Balance (TCP), Created VPC Peering between Trust VPC & Web VPC.

From Trust VPC Instance (VM) we are able to ping Web VPC Instance (VM) & Vice Versa.


Web VPC Default route is pointed towards Internal Load Balance.


Now the challenge is Web VPC Instances (VMs) unable to browse the internet.

Please note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or company information is not recommended.

L3 Networker

When the web instance goes to the internet, do you see the request within the VM-Series traffic logs? 


If you do not see the traffic logs:

  1. The trust VPC's firewall rules are not allowing the internet request.  Verify the trust VPC has an ingress VPC rule to allow the internet traffic. 
  2. The VM-Series VR does not have the correct default route. Check the following:
    1. On the VM-Series, if the interfaces are configured for DHCP:
      1. Verify the trust interface has "Automatically create default route" unchecked. 
      2. Verify the untrust interface has "Automatically create default route" checked on.
        • (You can also leave "Automatically create default route" checked off on both interfaces and create a static default route in the VR that uses the untrust interface as the next hop.)


If you do see the traffic logs:

  1. On the VM-Series, verify there is an source NAT policy to translate the internet request to the untrust interface.
  2. In GCP, verify the untrust NIC has an external IP attached the untrust NIC or has a Cloud NAT is deployed in the untrust network.



  • 1 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!