Google Cloud (GCP) – Set up an Airwall Gateway

Set up an Airwall Gateway on Google Cloud

There are three steps required to deploy an Airwall Gateway to your Google Cloud account:
  1. Set up Google Cloud as a cloud provider
  2. Add one or more Airwall Gateways

Set up Google Cloud as a cloud provider

  1. Download a JSON key from your Google Cloud account. For assistance, see Google Cloud help: https://cloud.google.com/iam/docs/creating-managing-service-account-keys.
    Note: Save the key file somewhere you can access it easily. You will need the information in this file when configuring the Google Cloud provider in the Conductor.
  2. Log in to your Conductor, and click the gear icon in the upper right to open Settings.
  3. On the Cloud providers tab, select Add cloud provider.
  4. Select Google Cloud, and then Next.
  5. Fill in the Google project ID, Client email, and Private key fields with the corresponding information from the key file you downloaded.


  6. The Google Cloud route injection setting determines how new routes are added to the Google Cloud routing table. The routes are for traffic on your protected overlay network between protected devices and the Airwall Gateway. Here are the recommended settings depending on your deployment details:
    • If you are using a Airwall Relay, set to Disabled.
    • If you want to handle traffic for devices individually, set to Individual traffic.
    • If you want one route to send all traffic to the overlay port on the Airwall Gateway, set to All traffic.
      Note: All traffic is effectively ‘full tunnel’ mode. With Individual traffic, you could add routes that send traffic around the Airwall Gateway.
  7. Click Finish.
Note: If you need more information about Google Cloud Service Accounts, see https://cloud.google.com/iam/docs/creating-managing-service-accounts.

Add a Google Cloud Airwall Gateway

You must Set up Google Cloud as a cloud provider before you can add an Airwall Gateway in the Conductor

  1. On the Airwalls page, (or in Conductor Settings Cloud providers tab), click New cloud Airwall, and select Google Cloud Airwall.
    Create cloud Airwall menu
  2. In v2.2.8 and later, select Create stand-alone Airwall gateway, and then Next.
  3. In v2.2.8 and later, if you want to use a template to create the Airwall Gateway, select the template, select Next, and then give the Airwall Gateway a descriptive name. You can then skip to the next step.
    To continue without a template and enter the information manually, just select Next.
    1. If you are filling in information manually, or want to change the template, fill in the Name and Image and network options for this Airwall Gateway. For Machine type, the default typically works. You can select a different size if needed for your purposes.
      Create a Google Cloud Airwall dialog
    2. Under Airwall gateway image ID, pick the Airwall Gateway image you want to use. The list shows the Airwall Gateway images available on your cloud provider.
    3. If you don't have a pre-configured virtual network, you need to create a new network. Click Create new network and fill in the form:
      • Network CIDR – Enter an available network address and subnet mask in CIDR notation.
      • Public subnet CIDR – Must be a subnet of the main network. Traffic flows between the underlay interface of the Airwall Gateway and the Public IP address object in Azure.
      • Protected subnet CIDR – Must be a subnet of the main network. Traffic must pass through theAirwall Gateway or through manually-crafted routes.

      When you’re finished entering the information, select Create network, and when processing is complete, select Back.


      Create cloud airwall network dialog

    4. Back on the Create cloud Airwall page, select the network and public and protected subnets you just created.
  4. Check the summary and if everything is correct, select Create cloud Airwall.
  5. Select Finish. It may take up to 5 minutes for Google Cloud to complete creating the Airwall Gateway.

You’ve completed creating a Google cloud Airwall Gateway, and now need to configure Provision, License, and configure it. For help, see Provision and License Airwall Edge Services and Configure Airwall Edge Service Settings.