openshift-docs/cloud_experts_osd_tutorials/cloud-experts-osd-create-new-limit-egress.adoc

:_mod-docs-content-type: ASSEMBLY
[id="cloud-experts-osd-limit-egress-ngfw"]
= Tutorial: Limit egress with Google Cloud Next Generation Firewall

include::_attributes/attributes-openshift-dedicated.adoc[]
:context: cloud-experts-osd-limit-egress-ngfw

toc::[]

[role="_abstract"]
Use this guide to implement egress restrictions for {product-title} on {GCP} by using {GCP}'s Next Generation Firewall (NGFW). NGFW is a fully distributed firewall service that allows fully qualified domain name (FQDN) objects in firewall policy rules. This is necessary for many of the external endpoints that {product-title} relies on.

[IMPORTANT]
====
The ability to restrict egress traffic using a firewall or other network device is only supported with {product-title} clusters deployed using Private Service Connect (PSC). Clusters that do not use PSC require a support exception to use this functionality. For additional assistance, please open a link:https://access.redhat.com/support/cases/?extIdCarryOver=true&sc_cid=701f2000001Css5AAC#/case/new/get-support?caseCreate=true[support case].
====

include::modules/cloud-experts-osd-limit-egress-ngfw-prereqs.adoc[leveloffset=+1]

include::modules/cloud-experts-osd-limit-egress-ngfw-setup-environ.adoc[leveloffset=+1]

include::modules/cloud-experts-osd-limit-egress-ngfw-create-subnets.adoc[leveloffset=+1]

include::modules/cloud-experts-osd-limit-egress-ngfw-deploy-policy.adoc[leveloffset=+1]

include::modules/cloud-experts-osd-limit-egress-ngfw-create-a-cloud-router.adoc[leveloffset=+1]

include::modules/cloud-experts-osd-limit-egress-ngfw-create-private-dns.adoc[leveloffset=+1]

include::modules/cloud-experts-osd-limit-egress-ngfw-create-firewall-rules.adoc[leveloffset=+1]

include::modules/cloud-experts-osd-limit-egress-ngfw-create-osd-gcp-cluster.adoc[leveloffset=+1]

include::modules/cloud-experts-osd-limit-egress-ngfw-delete-osd-gcp-cluster.adoc[leveloffset=+1]

include::modules/cloud-experts-osd-limit-egress-ngfw-clean-resources.adoc[leveloffset=+1]