discrimiNAT on Google Cloud (GCP)

Table of Contents


If you require complex or custom routing, and have Infrastructure-as-Code for your deployments already, this is where you will find the key information. Terraform junkies pick this option.


For a 5-minute deployment, assuming secure defaults, from within the marketplace console itself. This will totally lock down your VPC from the get-go unless appropriate FQDN-based egress firewall rules exist for outbound connections, and VMs needing to bypass discrimiNAT completely are network-tagged with bypass-discriminat.


Pertaining to the Quick Start only. If you go down the DIY route, the architecture will be as per your design.

A discrimiNAT firewall becomes the NAT solution for your VPC, making the use or presence of other NAT gateways redundant.

It is architected along the Internal TCP/UDP load balancers as next hops guide from Google Cloud. As the guide suggests, these NAT instances are simply a bump-in-the-wire with:

  • no explicit client configuration
  • load balancing
  • proactive health-checks
Contact our DevSecOps at [email protected] for queries at any stage of your journey. Alternatively, just reach out in the live chat.


Launch Free Trial on Google Cloud

The discrimiNAT firewall is listed on the Google Cloud Marketplace. The architecture discussed above is available as a Deployment Manager template to launch on subsequent steps from the marketplace subscription.

DIY for discrimiNAT on GCP

Integrate discrimiNAT firewall on GCP in your bespoke VPC layout

Creating a Bastion for SSH access on GCP

In Google Cloud (GCP), you may want a bastion host present in your VPC for accessing a discrimiNAT instance over SSH or a host without a public IP.

Quick Start for discrimiNAT on GCP

Deploy discrimiNAT firewall on Google Cloud in 5 minutes — Quick Start Guide