I am following instructions given in a Lab Challenge - Creating an Internal Load Balancer
The test comes with a my-internal-app network pre-configured (along with the usual default network).
It then asks the student to create everything(instances, firewall rules, load balancer, etc.) in the my-internal-app network and its subnets but strangely the instruction to create the fire-wall rule - app-allow-health-check, for the health checker, does not mention the my-internal-app and thus need to be created in the default network instead of the my-internal-app network???
A caveat, however, is that the target tag mentioned while creating this rule - app-allow-health-check, is specified as lb-backend which is also used as the network tag for the managed instance group template(and thus indirectly for the VM instances being created as part of it).
So, my question is whether the target tag overrides the network which is specified for the firewall rule and is thus applied to instances using the same tag as their network tag even though they are created in a different network.
