Google Cloud has released a new tool to help customers migrate from legacy VPC firewall rules to Cloud Next-Generation Firewall (NGFW) policies. Cloud NGFW offers advanced security capabilities, including Intrusion Detection and Prevention System (IDPS), TLS inspection, FQDN and geo-location filtering, and integrates with Google’s threat intelligence for firewall policy rules. This tool aims to automate most of the migration process, making it easier for customers to benefit from the enhanced security controls in Cloud NGFW. The tool also includes an option to generate a Terraform script for the migrated policy, enabling infrastructure-as-code management for security. The article outlines two migration scenarios: a simple case without network tags or service accounts, and a complex case involving these dependencies. In the complex case, the tool requires some pre-work, such as creating secure tags and mapping network tags and service accounts to the corresponding secure tags. The article also addresses advanced migrations for GKE VPC firewall rules, which require manually updating the node pool configuration to use the corresponding secure tag. Overall, this tool aims to simplify the migration process to Cloud NGFW, allowing customers to take full advantage of its advanced security features.