diff --git a/factories/firewall-hierarchical-policies/README.md b/factories/firewall-hierarchical-policies/README.md
index f75be55a..b6f7cb8a 100644
--- a/factories/firewall-hierarchical-policies/README.md
+++ b/factories/firewall-hierarchical-policies/README.md
@@ -65,9 +65,12 @@ allow-icmp:
   action: allow                         
   # Priority (must be unique on a node)
   priority: 1000                        
-  # List of CIDRs this rule applies to
+  # List of CIDRs this rule applies to (for INGRESS rules)
   source_ranges:                        
     - 0.0.0.0/0
+  # List of CIDRs this rule applies to (for EGRESS rules)
+  destination_ranges:                        
+    - 0.0.0.0/0    
   # List of ports this rule applies to (empty array means all ports)
   ports:                                  
     tcp: []
@@ -148,14 +151,14 @@ web_frontends:
 <!-- BEGIN TFDOC -->
 ## Variables
 
-| name | description | type | required | default |
-|---|---|:---: |:---:|:---:|
-| config_folder | Relative path of the folder containing the hierarchical firewall configuration | <code title="">string</code> | ✓ |  |
-| templates_folder | Relative path of the folder containing the cidr/service account templates | <code title="">string</code> | ✓ |  |
+| name             | description                                                                    |             type             | required | default |
+| ---------------- | ------------------------------------------------------------------------------ | :--------------------------: | :------: | :-----: |
+| config_folder    | Relative path of the folder containing the hierarchical firewall configuration | <code title="">string</code> |    ✓     |         |
+| templates_folder | Relative path of the folder containing the cidr/service account templates      | <code title="">string</code> |    ✓     |         |
 
 ## Outputs
 
-| name | description | sensitive |
-|---|---|:---:|
-| hierarchical-firewall-rules | Generated Hierarchical Firewall Rules |  |
+| name                        | description                           | sensitive |
+| --------------------------- | ------------------------------------- | :-------: |
+| hierarchical-firewall-rules | Generated Hierarchical Firewall Rules |           |
 <!-- END TFDOC -->
diff --git a/factories/firewall-hierarchical-policies/main.tf b/factories/firewall-hierarchical-policies/main.tf
index ec3a6431..3b049236 100644
--- a/factories/firewall-hierarchical-policies/main.tf
+++ b/factories/firewall-hierarchical-policies/main.tf
@@ -59,17 +59,16 @@ locals {
   ])
 }
 
-resource "google_compute_organization_security_policy" "default" {
-  provider     = google-beta
-  for_each     = { for rule in local.rules : rule.parent_id => rule.name... }
-  display_name = replace("hierarchical-fw-policy-${each.key}", "/", "-")
-  parent       = each.key
+resource "google_compute_firewall_policy" "default" {
+  for_each    = { for rule in local.rules : rule.parent_id => rule.name... }
+  short_name  = replace("hierarchical-fw-policy-${each.key}", "/", "-")
+  description = replace("hierarchical-fw-policy-${each.key}", "/", "-")
+  parent      = each.key
 }
 
-resource "google_compute_organization_security_policy_rule" "default" {
-  provider                = google-beta
+resource "google_compute_firewall_policy_rule" "default" {
   for_each                = { for rule in local.rules : "${rule.parent_id}-${rule.name}" => rule }
-  policy_id               = google_compute_organization_security_policy.default[each.value.parent_id].id
+  firewall_policy         = google_compute_firewall_policy.default[each.value.parent_id].id
   action                  = each.value.action
   direction               = each.value.direction
   priority                = each.value.priority
@@ -78,24 +77,22 @@ resource "google_compute_organization_security_policy_rule" "default" {
   enable_logging          = try(each.value.enable_logging, false)
   # preview                 = each.value.preview
   match {
-    config {
-      src_ip_ranges = each.value.source_ranges
-      dynamic "layer4_config" {
-        for_each = each.value.ports
-        iterator = port
-        content {
-          ip_protocol = port.key
-          ports       = port.value
-        }
+    src_ip_ranges  = each.value.direction == "INGRESS" ? each.value.source_ranges : null
+    dest_ip_ranges = each.value.direction == "EGRESS" ? each.value.destination_ranges : null
+    dynamic "layer4_configs" {
+      for_each = each.value.ports
+      iterator = port
+      content {
+        ip_protocol = port.key
+        ports       = port.value
       }
     }
   }
 }
 
-resource "google_compute_organization_security_policy_association" "default" {
-  provider      = google-beta
-  for_each      = { for rule in local.rules : rule.parent_id => rule.name... }
-  name          = replace("hierarchical-fw-policy-${each.key}", "/", "-")
-  attachment_id = google_compute_organization_security_policy.default[each.key].parent
-  policy_id     = google_compute_organization_security_policy.default[each.key].id
+resource "google_compute_firewall_policy_association" "default" {
+  for_each          = { for rule in local.rules : rule.parent_id => rule.name... }
+  name              = replace("hierarchical-fw-policy-${each.key}", "/", "-")
+  attachment_target = google_compute_firewall_policy.default[each.key].parent
+  firewall_policy   = google_compute_firewall_policy.default[each.key].id
 }
diff --git a/factories/firewall-hierarchical-policies/outputs.tf b/factories/firewall-hierarchical-policies/outputs.tf
index 25062aaf..42d6738d 100644
--- a/factories/firewall-hierarchical-policies/outputs.tf
+++ b/factories/firewall-hierarchical-policies/outputs.tf
@@ -17,11 +17,10 @@
 output "hierarchical-firewall-rules" {
   description = "Generated Hierarchical Firewall Rules"
   value = {
-    for k, v in google_compute_organization_security_policy_rule.default :
+    for k, v in google_compute_firewall_policy_rule.default :
     k => {
-      parent_id   = split("-", k)[0]
-      id          = v.id
-      description = v.match[0].description
+      parent_id = split("-", k)[0]
+      id        = v.id
     }
   }
 }
diff --git a/tests/factories/firewall_hierarchical_policies/test_plan.py b/tests/factories/firewall_hierarchical_policies/test_plan.py
index da4de986..aef8ec1d 100644
--- a/tests/factories/firewall_hierarchical_policies/test_plan.py
+++ b/tests/factories/firewall_hierarchical_policies/test_plan.py
@@ -25,25 +25,31 @@ def test_firewall(plan_runner):
   _, resources = plan_runner(FIXTURES_DIR)
   assert len(resources) == 6
   assert set(r["type"] for r in resources) == set([
-      "google_compute_organization_security_policy_rule", "google_compute_organization_security_policy_association", "google_compute_organization_security_policy"
+      "google_compute_firewall_policy_rule", "google_compute_firewall_policy_association", "google_compute_firewall_policy"
   ])
   rule_ssh = [r["values"] for r in resources if r["type"] ==
-              "google_compute_organization_security_policy_rule" and r["values"]["priority"] == 1001]
+              "google_compute_firewall_policy_rule"
+              and r["values"]["priority"] == 1001]
   rule_icmp = [r["values"] for r in resources if r["type"] ==
-               "google_compute_organization_security_policy_rule" and r["values"]["priority"] == 1000]
+               "google_compute_firewall_policy_rule"
+               and r["values"]["priority"] == 1000]
   association_org = [r["values"] for r in resources if r["type"] ==
-                     "google_compute_organization_security_policy_association" and r["values"]["attachment_id"] == "organizations/1234567890"]
+                     "google_compute_firewall_policy_association"
+                     and r["values"]["attachment_target"] == "organizations/1234567890"]
   association_folder = [r["values"] for r in resources if r["type"] ==
-                        "google_compute_organization_security_policy_association" and r["values"]["attachment_id"] == "folders/0987654321"]
+                        "google_compute_firewall_policy_association"
+                        and r["values"]["attachment_target"] == "folders/0987654321"]
   policies_org = [r["values"] for r in resources if r["type"] ==
-                  "google_compute_organization_security_policy" and r["values"]["parent"] == "organizations/1234567890"]
+                  "google_compute_firewall_policy"
+                  and r["values"]["parent"] == "organizations/1234567890"]
   policies_folder = [r["values"] for r in resources if r["type"] ==
-                     "google_compute_organization_security_policy" and r["values"]["parent"] == "folders/0987654321"]
+                     "google_compute_firewall_policy"
+                     and r["values"]["parent"] == "folders/0987654321"]
 
-  assert set(rule_ssh[0]["match"][0]["config"][0]["src_ip_ranges"]) == set(
+  assert set(rule_ssh[0]["match"][0]["src_ip_ranges"]) == set(
       ["10.0.0.0/24", "10.0.10.0/24", "192.168.1.1/32"])
-  assert rule_icmp[0]["match"][0]["config"][0]["layer4_config"][0]["ip_protocol"] == "icmp"
+  assert rule_icmp[0]["match"][0]["layer4_configs"][0]["ip_protocol"] == "icmp"
   assert association_org[0]["name"] == "hierarchical-fw-policy-organizations-1234567890"
   assert association_folder[0]["name"] == "hierarchical-fw-policy-folders-0987654321"
-  assert policies_org[0]["display_name"] == "hierarchical-fw-policy-organizations-1234567890"
-  assert policies_folder[0]["display_name"] == "hierarchical-fw-policy-folders-0987654321"
+  assert policies_org[0]["short_name"] == "hierarchical-fw-policy-organizations-1234567890"
+  assert policies_folder[0]["short_name"] == "hierarchical-fw-policy-folders-0987654321"