I'm trying to catch and log the ICMP packets between 2 GCE instances. To do this I enabled logging for the default-allow-icmp rule:
Even though the ping works, I can't see any logs in the Hit count section. I've also created a Connectivity Test and it says that the mentioned default-allow-icmp rule is applied.
Any thoughts why there are no logs for this FW rule?
As per the official GCP document on Firewall Rules Logging Specifications:
Ping works for ICMP protocol but the logs cannot be obtained or recorded as Firewall Rules Logging only records TCP and UDP connections. Although you can create a firewall rule applicable to other protocols, you cannot log their connections. You can use Packet Mirroring to log other protocols.
Also, please note that Log entries are written from the perspective of VMs. Log entries are only created if a firewall rule has logging enabled and if the rule applies to traffic sent to or from the VM. Entries are created according to the connection logging limits on a best effort basis.