You created a new VPC network named Dev with a single subnet.
You added a firewall rule for the network Dev to allow HTTP traffic only and enabled logging.
When you try to log in to an instance in the subnet via Remote Desktop Protocol, the login fails.
You look for the Firewall rules logs in Stackdriver Logging, but you do not see any entries for blocked traffic.
You want to see the logs for blocked traffic.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The scenario described in the question involves a VPC network named Dev with a single subnet, and a firewall rule that allows only HTTP traffic and enables logging. The problem is that Remote Desktop Protocol (RDP) login fails, and there are no logs in Stackdriver Logging for the blocked traffic. To see the logs for the blocked traffic, the following options can be considered:
A. Check the VPC flow logs for the instance. VPC flow logs capture information about the IP traffic going to and from network interfaces in a VPC. By reviewing the VPC flow logs, it is possible to see information about the source and destination IP addresses, the source and destination ports, the protocol, the number of packets and bytes, and other details. To check the VPC flow logs for the instance, follow these steps:
In the VPC flow logs viewer, it is possible to filter the logs based on various criteria, such as the source IP address, the destination IP address, the protocol, the action (allowed or denied), and others. By looking at the logs, it should be possible to see if there are any entries for the blocked RDP traffic.
B. Try connecting to the instance via SSH, and check the logs. SSH (Secure Shell) is a network protocol that allows secure remote access to a computer. If RDP login fails, it is possible that there is a problem with the instance itself, rather than with the network or the firewall rule. By trying to connect to the instance via SSH, it is possible to see if there are any errors or messages that can help diagnose the problem. To connect to the instance via SSH, follow these steps:
In the terminal window, it is possible to run various commands to check the status of the instance, the network configuration, and other details. For example, the "sudo systemctl status" command can show the status of system services, the "ip addr" command can show the IP addresses assigned to the network interfaces, and the "netstat -an" command can show the active network connections.
C. Create a new firewall rule to allow traffic from port 22, and enable logs. This option suggests creating a new firewall rule to allow traffic from port 22, which is the default port for SSH. By enabling logging for the new rule, it should be possible to see if there are any entries for the blocked RDP traffic. However, this option is unlikely to solve the problem, as it is not related to the firewall rules for the network Dev.
D. Create a new firewall rule with priority 65500 to deny all traffic, and enable logs. This option suggests creating a new firewall rule with priority 65500 to deny all traffic, which means that any traffic that does not match a higher-priority rule will be blocked. By enabling logging for the new rule, it should be possible to see if there are any entries for the blocked RDP traffic. However, this option is not recommended, as it can potentially block legitimate traffic and cause other problems. Moreover, it does not address the problem with the RDP login.