diff --git a/docs/resources/google_compute_forwarding_rule.md b/docs/resources/google_compute_forwarding_rule.md
new file mode 100644
index 000000000..afaa2480c
--- /dev/null
+++ b/docs/resources/google_compute_forwarding_rule.md
@@ -0,0 +1,75 @@
+---
+title: About the google_compute_forwarding_rule Resource
+platform: gcp
+---
+
+# google\_compute\_forwarding_rule
+
+Use the `google_compute_forwarding_rule` InSpec audit resource to test properties of a single GCP compute forwarding_rule.
+
+
+
+## Syntax
+
+A `google_compute_forwarding_rule` resource block declares the tests for a single GCP forwarding_rule by project, region and name.
+
+ describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do
+ it { should exist }
+ its('name') { should eq 'gcp-inspec-forwarding_rule' }
+ its('region') { should match 'europe-west2' }
+ end
+
+
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that a GCP compute forwarding_rule exists
+
+ describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do
+ it { should exist }
+ end
+
+### Test when a GCP compute forwarding_rule was created
+
+ describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do
+ its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
+ end
+
+### Test for an expected forwarding_rule identifier
+
+ describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do
+ its('id') { should eq 12345567789 }
+ end
+
+### Test that a forwarding_rule load_balancing_scheme is as expected
+
+ describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do
+ its('load_balancing_scheme') { should eq "INTERNAL" }
+ end
+
+### Test that a forwarding_rule IP address is as expected
+
+ describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do
+ its('ip_address') { should eq "10.0.0.1" }
+ end
+
+### Test that a forwarding_rule is associated with the expected network
+
+ describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding_rule') do
+ its('network') { should match "gcp_network_name" }
+ end
+
+
+
+## Properties
+
+* `backend_service`, `creation_timestamp`, `description`, `id`, `ip_address`, `ip_protocol`, `ip_version`, `kind`, `load_balancing_scheme`, `name`, `network`, `port_range`, `ports`, `region`, `self_link`, `subnetwork`, `target`
+
+
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
diff --git a/docs/resources/google_compute_forwarding_rules.md b/docs/resources/google_compute_forwarding_rules.md
new file mode 100644
index 000000000..dc07d551d
--- /dev/null
+++ b/docs/resources/google_compute_forwarding_rules.md
@@ -0,0 +1,80 @@
+---
+title: About the google_compute_forwarding_rules Resource
+platform: gcp
+---
+
+# google\_compute\_forwarding_rules
+
+Use the `google_compute_forwarding_rules` InSpec audit resource to test properties of all, or a filtered group of, GCP compute forwarding_rules for a project and region.
+
+
+
+## Syntax
+
+A `google_compute_forwarding_rules` resource block collects GCP forwarding_rules by project and region, then tests that group.
+
+ describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do
+ it { should exist }
+ end
+
+Use this InSpec resource to enumerate IDs then test in-depth using `google_compute_forwarding_rule`.
+
+ google_compute_forwarding_rules(project: 'chef-inspec-gcp', region:'europe-west2').forwarding_rule_names.each do |forwarding_rule_name|
+ describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: forwarding_rule_name) do
+ its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
+ its('network') { should match "gcp_network_name" }
+ its('load_balancing_scheme') { should match "INTERNAL" }
+ end
+ end
+
+
+
+## Examples
+
+The following examples show how to use this InSpec audit resource.
+
+### Test that there are no more than a specified number of forwarding_rules available for the project and region
+
+ describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do
+ its('count') { should be <= 100}
+ end
+
+### Test that an expected forwarding_rule identifier is present in the project and region
+
+ describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do
+ its('forwarding_rule_ids') { should include 12345678975432 }
+ end
+
+
+### Test that an expected forwarding_rule name is available for the project and region
+
+ describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do
+ its('forwarding_rule_names') { should include "forwarding_rule-name" }
+ end
+
+### Test that an expected forwarding_rule network name is not present for the project and region
+
+ describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west2') do
+ its('forwarding_rule_networks') { should not include "network-name" }
+ end
+
+
+
+
+## Filter Criteria
+
+This resource supports the following filter criteria: `forwarding_rule_id`; `forwarding_rule_name`; `forwarding_rule_load_balancing_scheme` and `forwarding_rule_network`. Any of these may be used with `where`, as a block or as a method.
+
+## Properties
+
+* `forwarding_rule_ids` - an array of google_compute_forwarding_rule identifier integers
+* `forwarding_rule_names` - an array of google_compute_forwarding_rule name strings
+* `forwarding_rule_networks` - an array of google_compute_network name strings
+* `forwarding_rule_load_balancing_schemes` - an array of load_balancing_scheme strings
+
+
+
+
+## GCP Permissions
+
+Ensure the [Compute Engine API](https://console.cloud.google.com/apis/library/compute.googleapis.com/) is enabled for the project where the resource is located.
diff --git a/libraries/google_compute_forwarding_rule.rb b/libraries/google_compute_forwarding_rule.rb
new file mode 100644
index 000000000..08d432f81
--- /dev/null
+++ b/libraries/google_compute_forwarding_rule.rb
@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'gcp_backend'
+
+module Inspec::Resources
+ class GoogleComputeForwardingRule < GcpResourceBase
+ name 'google_compute_forwarding_rule'
+ desc 'Verifies settings for a compute forwarding_rule'
+
+ example "
+ describe google_compute_forwarding_rule(project: 'chef-inspec-gcp', region: 'europe-west2', name: 'gcp-inspec-forwarding-rule') do
+ it { should exist }
+ end
+ "
+
+ def initialize(opts = {})
+ # Call the parent class constructor
+ super(opts)
+ @display_name = opts[:name]
+ catch_gcp_errors do
+ @forwarding_rule = @gcp.gcp_compute_client.get_forwarding_rule(opts[:project], opts[:region], opts[:name])
+ create_resource_methods(@forwarding_rule)
+ end
+ end
+
+ def creation_timestamp_date
+ return false if !defined?(creation_timestamp) || creation_timestamp.nil?
+ Time.parse(creation_timestamp.to_s)
+ end
+
+ def exists?
+ !@forwarding_rule.nil?
+ end
+
+ def to_s
+ "ForwardingRule #{@display_name}"
+ end
+ end
+end
diff --git a/libraries/google_compute_forwarding_rules.rb b/libraries/google_compute_forwarding_rules.rb
new file mode 100644
index 000000000..b12b2beed
--- /dev/null
+++ b/libraries/google_compute_forwarding_rules.rb
@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'gcp_backend'
+
+module Inspec::Resources
+ class GoogleComputeForwardingRules < GcpResourceBase
+ name 'google_compute_forwarding_rules'
+ desc 'Verifies settings for GCP compute forwarding_rules in bulk'
+
+ example "
+ describe google_compute_forwarding_rules(project: 'chef-inspec-gcp', region: 'europe-west1') do
+ it { should exist }
+ ...
+ end
+ "
+
+ def initialize(opts = {})
+ # Call the parent class constructor
+ super(opts)
+ @display_name = opts[:name]
+ @project = opts[:project]
+ @region = opts[:region]
+ end
+
+ # FilterTable setup
+ filter_table_config = FilterTable.create
+ filter_table_config.add(:forwarding_rule_ids, field: :forwarding_rule_id)
+ filter_table_config.add(:forwarding_rule_names, field: :forwarding_rule_name)
+ filter_table_config.add(:forwarding_rule_networks, field: :forwarding_rule_network)
+ filter_table_config.add(:forwarding_rule_load_balancing_schemes, field: :forwarding_rule_load_balancing_scheme)
+ filter_table_config.connect(self, :fetch_data)
+
+ def fetch_data
+ forwarding_rule_rows = []
+ next_page = nil
+ loop do
+ catch_gcp_errors do
+ @forwarding_rules = @gcp.gcp_compute_client.list_forwarding_rules(@project, @region, page_token: next_page)
+ end
+ return [] if !@forwarding_rules || !@forwarding_rules.items
+ @forwarding_rules.items.map do |forwarding_rule|
+ forwarding_rule_rows+=[{ forwarding_rule_id: forwarding_rule.id,
+ forwarding_rule_name: forwarding_rule.name,
+ forwarding_rule_network: forwarding_rule.network.split('/').last,
+ forwarding_rule_load_balancing_scheme: forwarding_rule.load_balancing_scheme }]
+ end
+ next_page = @forwarding_rules.next_page_token
+ break unless next_page
+ end
+ @table = forwarding_rule_rows
+ end
+ end
+end
diff --git a/test/integration/configuration/gcp_inspec_config.rb b/test/integration/configuration/gcp_inspec_config.rb
index bd622b9a1..5660981e0 100644
--- a/test/integration/configuration/gcp_inspec_config.rb
+++ b/test/integration/configuration/gcp_inspec_config.rb
@@ -55,6 +55,7 @@ def self.add_random_string(length=25)
:gcp_storage_bucket_object => "gcp-inspec-storage-bucket-object-#{add_random_string}",
:gcp_storage_bucket_object_name => "bucket-object-#{add_random_string}",
# Google Load Balanced App example parameters
+ :gcp_lb_network => "default",
:gcp_lb_region => "europe-west2",
:gcp_lb_zone => "europe-west2-a",
:gcp_lb_zone_mig2 => "europe-west2-b",
diff --git a/test/integration/verify/controls/google_compute_forwarding_rule.rb b/test/integration/verify/controls/google_compute_forwarding_rule.rb
new file mode 100644
index 000000000..2832ba9af
--- /dev/null
+++ b/test/integration/verify/controls/google_compute_forwarding_rule.rb
@@ -0,0 +1,23 @@
+title 'Test single GCP compute forwarding_rule'
+
+gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
+gcp_network_name = attribute(:gcp_lb_network, default: '', description: 'The GCP network name.')
+gcp_region = attribute(:gcp_lb_region, default: '', description: 'The GCP region being used.')
+gcp_forwarding_rule_name = attribute(:gcp_lb_fr_name, default: '', description: 'The GCP forwarding_rule name.')
+
+
+control 'gcp-compute-forwarding_rule-1.0' do
+
+ impact 1.0
+ title 'Ensure GCP compute forwarding_rule has the correct properties.'
+
+ describe google_compute_forwarding_rule(project: gcp_project_id, region: gcp_region, name: gcp_forwarding_rule_name) do
+ it { should exist }
+ its('name') { should eq gcp_forwarding_rule_name }
+ its('region') { should match gcp_region }
+ its('creation_timestamp_date') { should be > Time.now - 365*60*60*24*10 }
+ its('load_balancing_scheme') { should match 'EXTERNAL' }
+ its('port_range') { should match "80" }
+ its('ip_protocol') { should match "TCP" }
+ end
+end
diff --git a/test/integration/verify/controls/google_compute_forwarding_rules.rb b/test/integration/verify/controls/google_compute_forwarding_rules.rb
new file mode 100644
index 000000000..cdc9132c8
--- /dev/null
+++ b/test/integration/verify/controls/google_compute_forwarding_rules.rb
@@ -0,0 +1,18 @@
+title 'ForwardingRules Properties'
+
+gcp_project_id = attribute(:gcp_project_id, default: '', description: 'The GCP project identifier.')
+gcp_region = attribute(:gcp_lb_region, default: '', description: 'The GCP region being used.')
+gcp_forwarding_rule_name = attribute(:gcp_lb_fr_name, default: '', description: 'The GCP forwarding_rule name.')
+
+control 'gcp-forwarding_rules-1.0' do
+
+ impact 1.0
+ title 'Ensure forwarding_rules have the correct properties in bulk'
+
+ describe google_compute_forwarding_rules(project: gcp_project_id, region: gcp_region) do
+ it { should exist }
+ its('count') { should be <= 100}
+ its('forwarding_rule_names') { should include gcp_forwarding_rule_name }
+ end
+
+end