Ensure That the Default Network Does Not Exist in a Project

The default network has automatically created firewall rules and has default configurations. It is recommended to create your network and delete the default network.

Risk Level: Medium
Cloud Entity: GCP VPC Network
CloudGuard Rule ID: D9.GCP.NET.20
Covered by Spectral: Yes
Category: Networking & Content Delivery


Network should not have name='default'


From Portal

  1. Go to VPC networks https://console.cloud.google.com/networking/networks
  2. Click the network named 'default'

From TF
Set the auto_create_network to be equal to false:

resource 'google_project' 'my_project' {
	auto_create_network   = false

From Command Line

gcloud compute networks delete default


  1. https://cloud.google.com/compute/docs/networking#firewall_rules
  2. https://cloud.google.com/compute/docs/reference/latest/networks/insert
  3. https://cloud.google.com/compute/docs/reference/latest/networks/delete

GCP VPC Network

A VPC network, sometimes just called a ���network,��� is a virtual version of a physical network, like a data center network. It provides connectivity for your Compute Engine virtual machine (VM) instances, Kubernetes Engine clusters, App Engine Flex instances, and other resources in your project.

Projects can contain multiple VPC networks. New projects start with a default network that has one subnet in each region (an auto mo

Compliance Frameworks

  • CloudGuard GCP All Rules Ruleset
  • GCP CIS Controls V 8
  • GCP CIS Foundations v. 1.0.0
  • GCP CIS Foundations v. 1.1.0
  • GCP CIS Foundations v. 1.2.0
  • GCP CIS Foundations v. 1.3.0
  • GCP CIS Foundations v. 2.0
  • GCP CloudGuard Best Practices
  • GCP CloudGuard CheckUp
  • GCP CloudGuard Network Security
  • GCP GDPR Readiness
  • GCP ISO 27001:2013
  • GCP LGPD regulation
  • GCP MITRE ATT&CK Framework v12.1
  • GCP NIST 800-53 Rev 4
  • GCP NIST 800-53 Rev 5
  • GCP NIST CSF v1.1
  • GCP PCI-DSS 3.2