You are here: Cloud Platforms > Google Cloud Platform > Example Deployment

Example Deployment

This section demonstrates an example of PVSPassive Vulnerability Scanner running on a virtual machine functioning as a NAT gateway instance within a Google Cloud Platform Compute Engine legacy network.

In the examples used in the instructions for setting up a NAT gateway, the Compute Engine legacy network gce-network was created, which has the network range 10.240.0.0/16. Additionally, the virtual machine instance nat-gateway was created to function as the NAT gateway in gce-network. In this example, three other virtual machine instances were created with the --no-address flag and bound to the tag no-ip, so none of the virtual machine instances are assigned an external IP address and all outgoing traffic is routed to nat-gateway. as a result of the no-ip-internet-route rule that was created.

In this example, there are four virtual machine instances within gce-network:

VM Instance Name Internal IP Has External IP?
nat-gateway 10.240.0.2 Yes
example-instance 10.240.0.3 No
centos-instance 10.240.0.4 No
windows-instance 10.240.0.5 No

PVS is running on nat-gateway and has the following configuration:

Configuration Parameter Value
Monitored Network Interfaces eth0
Monitored Network IP Addresses and Ranges 10.240.0.0/16

With this configuration, PVS will monitor traffic

  • from the internal virtual machine instances to the Internet,
  • between nat-gateway and the internal virtual machine instances,
  • and between nat-gateway and the Internet.

Note: The routing of packets destined for the gce-network legacy network cannot be changed. As a result, there is no way to configure forwarding of traffic between two internal virtual machine instances through nat-gateway.

The following screenshot of the Hosts section of the PVS UI shows that PVS has visibility into all four virtual machines on the gce-network.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.