User Agent contains "Googlebot"
However, it’s my personal opinion that bots — good or bad — should not be allowed based on their identity. Good bots can also be made to perform bad requests, and if you allow them, no other Firewall Rule will stop the request.
Instead you should add he Known-Bots operator, together with the UA restriction for Googlebot, but only in your Firewall Rule that you think it’s ok for Googlebot to bypass.
Here’s an example of a recent visit by Googlebot to a website, where it was (rightfully) blocked. I don’t know for sure how Googlebot got that URL, but I suspect it was a hacker creating links to several websites to probe for vulnerabilities.
Well behaved bots can always be asked to leave you alone using robots.txt. The Verified Bots Policy requires such bots to respect your policy. Just make sure you are not blocking bots from reading your robots.txt.