A company is using Cloud NAT for internet access from private subnets. Security team notices that traffic from a specific VM is being blocked by external firewalls because the source IP is not the Cloud NAT IP. What is the most likely cause?
Trap 1: The VM is in a different zone than the Cloud NAT gateway
Cloud NAT is regional and works for all zones within that region.
Trap 2: The VPC firewall rules are blocking outbound traffic from the VM to…
Firewall rules do not affect NAT translation; they control traffic flow.
Trap 3: Cloud Router is misconfigured and not advertising the Cloud NAT IP
Cloud Router is used for BGP, not for NAT translation.
- A
The VM is in a different zone than the Cloud NAT gateway
Why wrong: Cloud NAT is regional and works for all zones within that region.
- B
The VPC firewall rules are blocking outbound traffic from the VM to the Cloud NAT IP
Why wrong: Firewall rules do not affect NAT translation; they control traffic flow.
- C
Cloud Router is misconfigured and not advertising the Cloud NAT IP
Why wrong: Cloud Router is used for BGP, not for NAT translation.
- D
The VM has a custom route that does not use the default route through Cloud NAT
Traffic must match the default route to be source NATed by Cloud NAT.