Hello Parth,
GAE flex environment is built on the Google compute engine and supports VPC networking environment. GCE
Firewall rules can be used to determine the target or source component to allow or restrict traffic based on instance
network tags. For more information, can refer to this
documentation. Application access control can be managed through the
flex instance network tags in conjunction with the GCE firewall rules.
On other hand,
GAE firewall rules applies to all resources of the App Engine application including application serving on GAE flex instances. Here is the more detailed information on allowing requests from your services using
GAE firewall rules. In brief, both GCE firewall rules based on network tags for the GAE flex instances and GAE firewall rules would needs to pass for traffic flow to serve the application hosted on GAE platform.
In addition, defining the
VPC network for an GAE flex instance provides flexibility to communicate with the GCE instances within the same VPC network using the internal network, enables for the VPN scenarios and also port forwarding. Also, provide more granularity for access control using network instance tags in conjunction with the firewall rules applicable to the defined target tags. For more information, check this
documentation.
I hope it helps.