Failing HealthChecks on Regional Google Cloud TCP Load Balancer

Often Google are right, but sometimes not.

Recently I was looking at why GCP TCP Load Balancer healthchecks were failing, despite I have configured strictly my local OS firewall to allow the documented health check IP ranges :

( – Section Firewall rules and Network load balancing  –, and at the time of writing).

Network Services–>Load Balancing–>Load Balancers tab was stating my instances were unhealthy:

Instance <instance name> is unhealthy for <LBIP>

It turned out Google is sending healthcheck from their metadata IP address instead  – (

Allowing this in the OS firewall made the HCs succeed!