Ensure that IP Forwarding feature is not enabled at the Google Compute Engine instance level for security and compliance reasons, as instances with IP Forwarding enabled act as routers/packet forwarders.
When the IP Forwarding feature is enabled on a virtual machine's network interface (NIC), it allows the VM to act as a router and receive traffic addressed to other destinations. Because IP forwarding is rarely required, except when the virtual machine (VM) is used as a network virtual appliance, each Google Cloud VM instance should be reviewed in order to decide whether the IP forwarding is really needed for the verified instance.
Note: IP Forwarding is enabled at the VM instance level and applies to all network interfaces (NICs) attached to the instance.
To determine if IP Forwarding is enabled for your Google Cloud VM instances, perform the following operations:
Remediation / Resolution
Disabling IP Forwarding for your existing Google Cloud virtual machine (VM) instances is not supported. To turn off the feature, you have to re-create your VM instances with the appropriate networking configuration, by performing the following operations:
- CIS Security Documentation
- Securing Google Cloud Computing Platform
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Disable IP Forwarding for Virtual Machine Instances
Risk level: Medium