Fortinet black logo

GCP Administration Guide

Checking the prerequisites

Copy Link
Copy Doc ID 2a566884-8679-11eb-9995-00505692583a:478251
Download PDF

Checking the prerequisites

To deploy and configure the FortiGate-VM as an active-passive high availability solution, you need the following items for this example walkthrough:

  • Google Cloud command interface. This example deploys two FortiGate-VMs using Google Cloud. For more information about how to deploy FortiGate-VM using Google Cloud, see Deploying FortiGate-VM using Google Cloud SDK.
  • Availability to accommodate the required GCP resources:
    • Four networks/subnets
      • Ensure that the two FortiGates have connectivity to each other on each network.
      • Appropriate ingress/egress firewall rules for relevant networks (same as a single FortiGate-VM deployment). For detail on open ports that the FortiGate requires, see FortiGate Open Ports.
    • Three public (external) IP addresses:
      • One for traffic to/through the active (primary) FortiGate. At the event of failover, this IP address will move from the primary FortiGate to the secondary. This must be a static external IP. It should be reserved/created before creating FortiGate instance. See Reserving a Static External IP Address.
      • Two for management access to each FortiGate. They can be ephemeral IP address, but static ones are highly recommended. See IP Addresses.
    • All internal IP addresses must be static, not DHCP. See Reserving a Static Internal IP Address.
      • Two FortiGate-VM instances in multiple zones:
        • The two nodes must be deployed in the same region.
        • Each FortiGate-VM must have at least four network interfaces.
        • Each FortiGate-VM should have a log disk attached. This is the same requirement as when deploying a single FortiGate-VM.
        • Machine types that support at least four network interfaces. See Creating Instances with Multiple Network Interfaces.
        • Two valid FortiGate-VM BYOL licenses. See Licensing.
  • You must configure an SDN connector for making GCP API calls on the primary FortiGate:

Checking the prerequisites

To deploy and configure the FortiGate-VM as an active-passive high availability solution, you need the following items for this example walkthrough:

  • Google Cloud command interface. This example deploys two FortiGate-VMs using Google Cloud. For more information about how to deploy FortiGate-VM using Google Cloud, see Deploying FortiGate-VM using Google Cloud SDK.
  • Availability to accommodate the required GCP resources:
    • Four networks/subnets
      • Ensure that the two FortiGates have connectivity to each other on each network.
      • Appropriate ingress/egress firewall rules for relevant networks (same as a single FortiGate-VM deployment). For detail on open ports that the FortiGate requires, see FortiGate Open Ports.
    • Three public (external) IP addresses:
      • One for traffic to/through the active (primary) FortiGate. At the event of failover, this IP address will move from the primary FortiGate to the secondary. This must be a static external IP. It should be reserved/created before creating FortiGate instance. See Reserving a Static External IP Address.
      • Two for management access to each FortiGate. They can be ephemeral IP address, but static ones are highly recommended. See IP Addresses.
    • All internal IP addresses must be static, not DHCP. See Reserving a Static Internal IP Address.
      • Two FortiGate-VM instances in multiple zones:
        • The two nodes must be deployed in the same region.
        • Each FortiGate-VM must have at least four network interfaces.
        • Each FortiGate-VM should have a log disk attached. This is the same requirement as when deploying a single FortiGate-VM.
        • Machine types that support at least four network interfaces. See Creating Instances with Multiple Network Interfaces.
        • Two valid FortiGate-VM BYOL licenses. See Licensing.
  • You must configure an SDN connector for making GCP API calls on the primary FortiGate: