Puppet users - Mar 2014 - GCE based puppet agent connection to master fails

I know this is someone fairly obvious that I'm missing but I'm having 
trouble getting a puppet agent running on a google compute instance to talk 
to my puppet master

*Networking*
I have added a firewall rule to GCE to allow 8140 tcp from my puppet master 
to instances connected to the network where my agent resides.
I have disabled firewalls on master and agent for testing.
I can ping the master from agent by IP, FQDN and "puppet"
I can ping the agent from master by IP & FQDN

*On master *
puppet cert list shows no certs outstanding
running wireshark on master shows only icmp traffic from agent at the time 
of cert request

*On agent:*
[root@server]# puppet agent --server MYFQDNMASTER --waitforcert 60 --test
Error: Could not request certificate: Connection timed out - connect(2)


I installed puppet (agent) from puppetlabs RHEL repo and puppet --version 
reports 3.4.3
Puppet master is from foreman 1.4.1 and reports version as 2.7.23 for both 
master and agent
service puppet status reports its running on the agent

I edited /etc/puppet/puppet.conf on the agent to be

[main]
    # The Puppet log directory.
    # The default value is '$vardir/log'.
    logdir = /var/log/puppet

    # Where Puppet PID files are kept.
    # The default value is '$vardir/run'.
    rundir = /var/run/puppet

    # Where SSL certificates are kept.
    # The default value is '$confdir/ssl'.
    ssldir = $vardir/ssl

[agent]
    # The file in which puppetd stores a list of the classes
    # associated with the retrieved configuratiion.  Can be loaded in
    # the separate ``puppet`` executable using the ``--loadclasses``
    # option.
    # The default value is '$confdir/classes.txt'.
    classfile = $vardir/classes.txt

    # Where puppetd caches the local configuration.  An
    # extension indicating the cache format is added automatically.
    # The default value is '$confdir/localconfig'.
    localconfig = $vardir/localconfig
server = FQDN of my puppet master
report = true
pluginsync = true
certname = FQDN of agent



-- 
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/85f85794-eb0e-407f-99ed-c17080ef2d69%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.