diff --git a/tests/Makefile b/tests/Makefile
index 4072702f4b..379e3b88b5 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -166,6 +166,10 @@ delete-gke-cluster: ## Delete the GKE cluster
 add-local-ip-to-cluster: ## Add local IP to the GKE cluster master-authorized-networks
 	./scripts/add-local-ip-auth-networks.sh
 
+.PHONY: update-firewall-with-local-ip
+update-firewall-with-local-ip: ## Update the firewall rule with local IP address
+	./scripts/update-firewall-with-local-ip.sh
+
 HELM_PARAMETERS += --set nginxGateway.name=nginx-gateway --set nginx.service.type=ClusterIP --skip-schema-validation
 
 # this target is used to install the gateway-api CRDs from the main branch (only used in the nightly CI job)
diff --git a/tests/README.md b/tests/README.md
index 16df0bc36a..883bc595bd 100644
--- a/tests/README.md
+++ b/tests/README.md
@@ -91,6 +91,13 @@ make create-gke-cluster
 make add-local-ip-to-cluster
 ```
 
+> Note: If you already have a GKE cluster and your public IP has changed, update the firewall rule to include your new client IP.
+> This restores connectivity when you’re unable to reach the VM.
+
+```makefile
+make update-firewall-with-local-ip
+```
+
 ### Step 2 - Build and Load Images
 
 Loading the images only applies to a `kind` cluster. If using a cloud provider, you will need to tag and push
diff --git a/tests/scripts/update-firewall-with-local-ip.sh b/tests/scripts/update-firewall-with-local-ip.sh
new file mode 100755
index 0000000000..3703d5dafe
--- /dev/null
+++ b/tests/scripts/update-firewall-with-local-ip.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -eo pipefail
+
+source scripts/vars.env
+
+gcloud compute firewall-rules update ${NETWORK_TAGS} --source-ranges ${SOURCE_IP_RANGE}