Why is my rule for all endpoint types from VPC not working as expected?
If you create a context-based restrictions rule for VPC that allows all endpoint types, the network zone for your rule must be configured correctly.
When you create a context-based restrictions rule for VPC that allows all endpoint types, access from the VPC to the public endpoint is denied while the private endpoint returns the expected results. You might need to reconfigure your network zone.
The public gateway's associated IP addresses are not included in the zone definition along with the VPC.
To include the public gateway's associated IP addresses in the zone definition, complete the following steps. To update a network zone, you must be the account owner or be assigned the administrator or editor role on the Context-based restrictions account management service.
- Go to Manage > Context-based restrictions in the IBM Cloud console, and click Network zones.
- Select the Actions icon
for the network zone that you want to update, and select Edit.
- Update the list of allowed IP addresses to include the public gateway's associated IP addresses. For more information, see Retrieve a public gateway.
- Click Next to review your new configuration.
- Click Update to apply the changes.