You do not need UPNP as well you don’t need any incoming session. Just allow that port outgoing. As i suggested disable any firewall (outgoing) between your GCE and the internet. With that setup you will not be able to run any vulnerability scanning as well.