Public IP connectivity is most appropriate when the source database is external to Google Cloud
and has an externally accessible IPv4 address and TCP port. If the source
database is hosted in another VPC in Google Cloud, then the easiest way to
connect the source database with the Cloud SQL instance is by using VPC Peering.
If your source database is external to Google Cloud, then add the destination database's outgoing
IP address (and port 3306) as an inbound firewall rule on the source network. In
generic terms (your specific network settings may differ), do the following:
Open the source database machine's network firewall rules.
Create an inbound rule.
Set the Rule type to MySQL.
Set the Protocol to TCP.
Set the Port range to 3306.
Set the Source IP address to the destination database's outgoing IP address. For example:
12.20.36.126/32. (The /32 designation in CIDR notation limits the
address range to one address only, the one provided. It's setting the subnet
mask to 255.255.255.255). If the Cloud SQL instance you created
is a high availability instance, include the outgoing IP addresses for both
the primary and the secondary instance.
It's also highly recommended to use SSL/TLS during the definition of the source
connection profile so that the data sent to and received by the source is
secure.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-05 UTC."],[[["Public IP connectivity is suitable when the source database is outside Google Cloud and has an externally accessible IPv4 address and TCP port."],["For source databases external to Google Cloud, add the destination database's outgoing IP address and port 3306 as an inbound firewall rule on the source network."],["The source IP address in the inbound rule should be set to the destination database's outgoing IP address, using CIDR notation such as `12.20.36.126/32`."],["If the Cloud SQL instance is high availability, include the outgoing IP addresses for both the primary and secondary instances in the firewall rule."],["Using SSL/TLS during source connection profile definition is highly recommended to secure data transmission."]]],[]]