Control traffic two Ingress Gateways

I’m currently using Istio 1.2.2 on GKE with two Ingress Gateways.

I’m wondering what’s the best way control traffic (RBAC/Whitelist/etc) as my destination is the same GKE Cluster and same namespace:

Public Users (0.0.0.0/0) —> GCP_TPC_LB_01 (external-ip-01) --> GKE Cluster --> Istio_GW_01 --> VirtualService_SVC_01 --> K8S_SVC_01

Private Users (1.2.3.4/28) —> GCP_TPC_LB_02 (external-ip-02) --> GKE Cluster --> Istio_GW_02 --> VirtualService_SVC_02 --> K8S_SVC_02

If I create a firewall rule on GCP_TPC_LB_01 allowing 0.0.0.0/0 Ingress it will allow GCP_TPC_LB_02 too.

I used helm template to install it:

helm template install/kubernetes/helm/istio --name istio
–set grafana.enabled=true
–set prometheus.enabled=true
–set tracing.enabled=true
–set kiali.enabled=true
–set “kiali.dashboard.jaegerURL=https://xyz.com”
–set “kiali.dashboard.grafanaURL=https://xyz.com”
–set gateways.istio-ingressgateway.sds.enabled=true
–set gateways.istio-ingressgateway.loadBalancerIP=“my external ip”
–set gateways.istio-ingressgateway.loadBalancerSourceRanges={“0.0.0.0/0”}
–set global.proxy.accessLogFile="/dev/stdout"
–namespace istio-system
–values …istio-ingressgateway02.yaml > output.yaml