The default network for a project should be deleted

Description

The default network for a project automatically generates the insecure firewall rules default-allow-internal, default-allow-ssh, default-allow-rdp, and default-allow-icmp. These rules can’t be configured to allow firewall rule logging. Instead, it is recommended to create a new network and delete the default one.

Remediation Steps

Google Cloud Console

  • Navigate to VPC networks.

  • Click the network named default.

  • Click DELETE VPC NETWORK.

  • If needed, create a new network to replace the default network.

gcloud CLI

  • To delete the default network:

    • gcloud compute networks delete default

  • If needed, create a new network to replace it:

    • gcloud compute networks create NETWORK_NAME