GCP防火墙规则似乎不适用于Google网络外部

Question

当我在端口8000（或任何其他“非默认”端口）上创建新的入站防火墙规则时，我可以从云外壳或其他GCP VM（在不同GCP帐户中运行）访问它（外部IP） /项目），但我无法从Google联网外部访问它。

我也尝试打开所有入站端口，但结果仍然相同

vm描述如下：

{
    "canIpForward": false,
    "cpuPlatform": "Intel Broadwell",
    "creationTimestamp": "2019-06-24T04:16:32.565-07:00",
    "deletionProtection": false,
    "id": "6964106614441578464",
    "kind": "compute#instance",
    "labelFingerprint": "42WmSpB8rSM=",
    "machineType": "https://www.googleapis.com/compute/v1/projects/spl-987/zones/asia-southeast1-a/machineTypes/n1-standard-1",
    "metadata": {
        "fingerprint": "soQGNew9LaQ=",
        "kind": "compute#metadata"
    },
    "name": "spl-001",
    "networkInterfaces": [
        {
            "accessConfigs": [
                {
                    "kind": "compute#accessConfig",
                    "name": "external-nat",
                    "natIP": "35.198.214.79",
                    "networkTier": "PREMIUM",
                    "type": "ONE_TO_ONE_NAT"
                }
            ],
            "fingerprint": "lgjIezyxW4o=",
            "kind": "compute#networkInterface",
            "name": "nic0",
            "network": "https://www.googleapis.com/compute/v1/projects/spl-987/global/networks/default",
            "networkIP": "10.148.0.3",
            "subnetwork": "https://www.googleapis.com/compute/v1/projects/spl-987/regions/asia-southeast1/subnetworks/default"
        }
    ],
    "selfLink": "https://www.googleapis.com/compute/v1/projects/spl-987/zones/asia-southeast1-a/instances/spl-001",
    "serviceAccounts": [
        {
            "email": "11111111111-compute@developer.gserviceaccount.com",
            "scopes": [
                "https://www.googleapis.com/auth/devstorage.read_only",
                "https://www.googleapis.com/auth/logging.write",
                "https://www.googleapis.com/auth/monitoring.write",
                "https://www.googleapis.com/auth/pubsub",
                "https://www.googleapis.com/auth/service.management.readonly",
                "https://www.googleapis.com/auth/servicecontrol",
                "https://www.googleapis.com/auth/trace.append"
            ]
        }
    ],
    "startRestricted": false,
    "status": "RUNNING",
    "tags": {
        "fingerprint": "5PuyOqG8VDY=",
        "items": [
            "http-server",
            "https-server",
            "splunk"
        ]
    },
    "zone": "https://www.googleapis.com/compute/v1/projects/spl-987/zones/asia-southeast1-a"
}

防火墙规则描述以下信息：

{
  "allowed": [
    {
      "IPProtocol": "tcp",
      "ports": [
        "8000"
      ]
    }
  ],
  "creationTimestamp": "2019-06-24T04:49:59.685-07:00",
  "description": "",
  "direction": "INGRESS",
  "disabled": false,
  "id": "6274426826248750600",
  "kind": "compute#firewall",
  "logConfig": {
    "enable": true
  },
  "name": "allow-splunk",
  "network": "https://www.googleapis.com/compute/v1/projects/spl-987/global/networks/default",
  "priority": 100,
  "selfLink": "https://www.googleapis.com/compute/v1/projects/spl-987/global/firewalls/allow-splunk",
  "sourceRanges": [
    "0.0.0.0/0"
  ]
}