I have 2 Google Compute Engine instances and I want to open port 9090 in both the instances. I think we need to add some firewall rules.

Can you tell me how can I do that?

You need to:

1. Go to cloud.google.com

2. Go to my Console

3. Choose your Project

4. Choose Networking > VPC network

5. Choose \"Firewalls rules\"

6. Choose \"Create Firewall Rule\"

7. To apply the rule to select VM instances, select Targets > \"Specified target tags\", and enter into \"Target tags\" the name of the tag. This tag will be used to apply the new firewall rule onto whichever instance you\'d like. Then, make sure the instances have the network tag applied.

8. To allow incoming TCP connections to port 9090, in \"Protocols and Ports\" enter tcp:9090

9. Click Create

I hope this helps you.

Update Please refer to docs to customize your rules.

Here is the command-line approach to answer this question:

gcloud compute firewall-rules create <rule-name> --allow tcp:9090 --source-tags=<list-of-your-instances-names> --source-ranges=0.0.0.0/0 --description=\"<your-description-here>\"

This will open the port 9090 for the instances that you name. Omitting --source-tags and --source-ranges will apply the rule to all instances. More details are in the Gcloud documentation and the firewall-rule create command manual

The previous answers are great, but Google recommends using the newer gcloud commands instead of the gcutil commands.

PS: To get an idea of Google\'s firewall rules, run gcloud compute firewall-rules list and view all your firewall rules

You\'ll need to add a firewall rule to open inbound access to tcp:9090 to your instances. If you have more than the two instances, and you only want to open 9090 to those two, you\'ll want to make sure that there is a tag that those two instances share. You can add or update tags via the console or the command-line; I\'d recommend using the GUI for that if needed because it handles the read-modify-write cycle with setinstancetags.

If you want to open port 9090 to all instances, you can create a firewall rule like:

gcutil addfirewall allow-9090 --allowed=tcp:9090

which will apply to all of your instances.

If you only want to open port 9090 to the two instances that are serving your application, make sure that they have a tag like my-app, and then add a firewall like so:

gcutil addfirewall my-app-9090 --allowed=tcp:9090 --target_tags=my-app

You can read more about creating and managing firewalls in GCE here.

I had the same problem as you do and I could solve it by following @CarlosRojas instructions with a little difference. Instead of create a new firewall rule I edited the default-allow-internal one to accept traffic from anywhere since creating new rules didn\'t make any difference.

This question is old and Carlos Rojas\'s answer is good, but I think I should post few things which should be kept in mind while trying to open the ports.

The first thing to remember is that Networking section is renamed to VPC Networking. So if you\'re trying to find out where Firewall Rules option is available, go look at VPC Networking.

The second thing is, if you\'re trying to open ports on a Linux VM, make sure under no circumstances should you try to open port using ufw command. I tried using that and lost ssh access to the VM. So don\'t repeat my mistake.

The third thing is, if you\'re trying to open ports on a Windows VM, you\'ll need to create Firewall rules inside the VM also in Windows Firewall along with VPC Networking -> Firewall Rules. The port needs to be opened in both firewall rules, unlike Linux VM. So if you\'re not getting access to the port from outside the VM, check if you\'ve opened the port in both GCP console and Windows Firewall.

The last (obvious) thing is, do not open ports unnecessarily. Close the ports, as soon as you no longer need it.

I hope this answer is useful.