---
names: 
  full: "Google GCE Instance IP Forwarding is not disabled."
  contextual: "Instance IP Forwarding is not disabled."
description: "Compute Engine instance cannot forward a packet unless the source IP address of the \ 
 packet matches the IP address of the instance. Similarly, GCP won't deliver a packet whose \ 
 destination IP address is different than the IP address of the instance receiving the packet. \ 
 However, both capabilities are required if you want to use instances to help route packets. \
 Forwarding of data packets should be disabled to prevent data loss or information disclosure."
type: COMPLIANCE_POLICY
categories:
  - "SECURITY"
frameworkMappings:
  - /frameworks/cis-gcp-v3.0.0/04/06
  - /frameworks/cloudaware/resource-security/network-exposure
  - /frameworks/nist-sp-800-53-r4/ca/09
  - /frameworks/nist-sp-800-53-r5/sc/07
  - /frameworks/pci-dss-v4.0/01/02/01
  - /frameworks/pci-dss-v4.0/01/04/01
  - /frameworks/soc-2/cc6/06/01
  - /frameworks/soc-2/cc6/06/04
similarPolicies:
  cloudConformity:
    - url: "https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/gcp/ComputeEngine/disable-ip-forwarding.html"
      name: "Disable IP Forwarding for Virtual Machine Instances"