It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Create a Custom Role and Service Account for the CloudGen Firewall in the Google Cloud

  • Last updated on

For the firewall instance running in the Google Cloud to be able to access the API and to use the gcloud tool installed on the firewall, you must create a service account and assign a custom role to the account.

IAM Roles are a beta feature of the Google Cloud Platform.

Step 1. Create a Custom Role

Create a custom role that includes all permissions needed by your API calls / gcloud commands running on the firewall instances. The permissions included in this step are sufficient to run the High Availability route rewriting script.

  1. Log into the Google Cloud Platform: https://console.cloud.google.com/
  2. Click the hamburger menu in the upper-left corner.
  3. Click IAM & admin.
  4. In the left menu, click Roles.
  5. Click Create role.
    gce_service_account_03.png
  6. Configure the role:
    • Name – Enter the name.
    • ID – Enter a unique ID. 
    • Role launch stage – Select General Availability
    gce_service_account_04.png
  7. Click Add Permissions.
  8. Filter for compute and routes, and add the following permissions from the list:
    • compute.routes.create
    • compute.routes.delete
    • compute.routes.get
    • compute.routes.list
    • compute.instances.list
    • compute.networks.updatePolicy
    • compute.globalOperations.get
  9. Click Add Permissions.
  10. Click Create.

The role now lists all assigned permissions.

gce_service_account_05.png

Step 2. Create a Service Account

Create the service account and assign the custom role to it.

  1. Log into the Google Cloud Platform: https://console.cloud.google.com/
  2. Click the hamburger menu in the upper-left corner.
  3. Click IAM & admin.
  4. In the left menu, click Service accounts.
  5. Click Create Service Account.
    gce_service_account_01.png
  6. Configure the Service account
    • Service account name – Enter a unique service account name.
    • Role – Select the custom role created in Step 1 from the drop-down menu. Custom roles are in the Custom category.
    gce_service_account_02.png
  7. Click Create.

You can now use the service account to launch your High Availability cluster in the cloud.