Cloud NGFW: Project-level resources and Envoy proxy protection
Cloud NGFW now supports project-level resources for application layer inspection, simplifying management for firewalls, security profiles, and endpoint configurations. Additionally, network firewall policies can now restrict traffic to managed Envoy proxies within proxy-only subnets, enhancing security for internal load balancers. These features are now generally available and benefit security engineers and architects managing cloud network security.
Features (2) ›
- Cloud NGFW
You can now create and configure project-level resources for application layer inspection in Cloud NGFW, including project-level firewall endpoints, security profile groups, and security profiles. For more information, see Organization-level and project-level resources , Firewall endpoints overview , Security profile groups overview , and Security profiles overview . This feature is available in General Availability .
- Cloud NGFW
To restrict traffic to the managed Envoy proxies in a proxy-only subnet , you can configure global network firewall policies and regional network firewall policies to protect internal Application Load Balancers and internal proxy Network Load Balancers. For more information, see Use global network firewall policies to protect Envoy-based load balancers and Use regional network firewall policies to protect internal Application Load Balancers and internal proxy Network Load Balancers . This feature is available in General Availability .
https://docs.cloud.google.com/release-notes#June_30_2026