Hi @Likhitha1,

Welcome to Google Cloud Community!

When utilizing Private Service Connect, multiple PaaS services may share the same private endpoint, which can complicate the identification of specific services based solely on destination IP addresses in firewall logs. Use VPC flow logs and correlate it with service logs to enhance visibility:

Enable VPC Flow Logs

• These logs capture detailed information about traffic flows within your Virtual Private Cloud (VPC), including source and destination IP addresses, ports, and protocols. By analyzing VPC Flow Logs, you can gain insights into the traffic patterns and identify specific PaaS services.

Correlate with Service Logs

• Integrate VPC Flow Logs with logs from individual PaaS services to correlate network traffic with specific service activities. This combined analysis can help pinpoint which service is handling particular requests.

For more information on configuring security and logging for Private Service Connect, refer to this link.

For publicly accessible PaaS services, Google Cloud assigns IP addresses from a broad range of public IPs. To obtain the net list of default domain IP ranges for Google APIs and services, see Obtain Google IP address ranges. 

For more detailed insights you may reach out to Google Cloud Support for assistance.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.