diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 346a894e6f4778faa0ec32c6a27dbee246efdc10..9c7d34c27e7031d3c51cf27ced87199d097a674f 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -69,6 +69,17 @@
 - include: azure-credential-check.yml
   when: cloud_provider is defined and cloud_provider == 'azure'
 
+- name: Fix ipv4 forward rule in GCE security policy
+  lineinfile:
+    dest: /etc/sysctl.d/11-gce-network-security.conf
+    regexp: '^net.ipv4.ip_forward='
+    line: 'net.ipv4.ip_forward=1'
+    state: present
+    create: yes
+    backup: yes
+    validate: 'sysctl -f %s'
+  when: cloud_provider is defined and cloud_provider == 'gce'
+
 - name: Create cni directories
   file:
     path: "{{ item }}"