Deploying FortiGate-VM HA on GCP in one zone
FortiGate-VM for Google Cloud Marketplace supports using the FortiGate Clustering Protocol (FGCP) in unicast form to provide an active-passive (A-P) HA clustering solution for deployments in GCP. This feature shares a majority of the functionality, including configuration and session synchronization, that FGCP on FortiGate hardware provides with key changes to support GCP software-defined networking (SDN).
This solution works with two FortiGate instances configured as a primary and secondary pair, and requires that you deploy each instance with four network interfaces, within the same availability zone. These FortiGate instances act as a single logical instance and share interface IP addressing.
When deploying a FortiGate-VM HA cluster, choose a VM type that supports four or more network interfaces for each FortiGate-VM instance, as GCP does not allow adding network interfaces after you deploy the VMs. You can attach multiple network interfaces only when creating the VM instance on GCP. Two FortiGate-VM instances must be the same machine type. |
The main benefits of this solution are:
- Fast and stateful failover of FortiGate without external automation/services
- Automatic updates to route targets and IP addresses
- Native FortiOS session synchronization of firewall, IPsec/SSL VPN, and voice over IP sessions
- Native FortiOS configuration synchronization
- Ease of use as the cluster is treated as a single logical FortiGate
You can deploy FortiGate-VM instances on GCP using one of the following methods and configure A-P HA:
- Using Marketplace deployments. See Deploying FortiGate-VM on Google Cloud Marketplace.
- Using Terraform deployments.