Fortinet black logo

GCP Administration Guide

Home FortiGate Public Cloud 7.0.0 GCP Administration Guide

Terraform variables

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 2a566884-8679-11eb-9995-00505692583a:582521
Download PDF

Terraform variables

Following are variables listed in the vars.tf file. They can be changed to suit the needs of your cluster.

Resource

Default

Description

project

Requires input

The project under which you will deploy the instance group. For details on managing projects, refer to the Google Cloud article Creating and Managing Projects.

auth_key

Requires input

The file name of the authentication key you are using to connect to GCP. For details on creating the key, refer to the Adding credentials section of the HashiCorp article "Getting Started with the Google Provider".

service_account

Requires input

The service account that will be used to call Cloud Functions. This allows Cloud Functions to be restricted to authorized calls.

region

us-central1

GCP region

zone

us-central1-c

GCP zone

nodejs_version

nodejs10

Version of Node.js to use in Cloud Functions.

max_replicas

3

Maximum number of FortiGate-VM instances in the instance group.

For details on scaling configurations, refer to the Google Cloud article Instance groups.

min_replicas

2

Minimum number of FortiGate-VM instances in the instance group.

cpu_utilization

0.5

Target CPU usage for the cluster to achieve.

Instances will scale out or scale in to meet this target.

Note

Autoscaling is based on CPU utilization. Autoscaling using custom metrics is not supported.

cluster_name

FortigateAutoScale

Name of the cluster to be used across objects (buckets, VPC, etc.)

bucket_name

fortigateautoscale

Name of the Blob Storage bucket.

fortigate_image

projects/fortigcp-project-001/global/images/fortinet-fgtondemand-623-20191223-001-w-license

The source image for the Instance Group to use. The default image is FortiOS 6.2.3.

instance

n1-standard-1

The instance Family type to be used by the scaling configuration.

vpc_cidr

172.16.0.0/16

The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC, divided into two /21 subnets.

public_subnet

172.16.0.0/21

Public subnet used by the FortiGate cluster.

protected_subnet

172.16.8.0/21

Private subnet for VMs behind the FortiGate cluster.

firewall_allowed_range

0.0.0.0/0

The GCP firewall range to allow.

Note
  • The default is to allow all.
  • If you use the GCP firewall policy to block incoming traffic, you will need to allow the load balancer to perform health checks and send data. For details on the IP addresses that will need access, refer to the Probe IP ranges and firewall rules section of the Google Cloud article Health checks.

target_size

2

Target size of the Autoscale cluster. For details, refer to the Google Cloud article Autoscaling groups of instances.

SCRIPT_TIMEOUT

500

Timeout (in seconds) of a Cloud Functions invocation.

MASTER_ELECTION_TIMEOUT

400

The maximum time (in seconds) to wait for a primary election to complete.

This variable should be less than the total script timeout (SCRIPT_TIMEOUT).

FORTIGATE_ADMIN_PORT

8443

A port number for FortiGate-VM administration.

Do not use the FortiGate reserved ports 443, 541, 514, or 703.

Minimum is 1. Maximum is 65535.

was: The admin port for the FortiGate Autoscale Cluster

HEARTBEAT_INTERVAL

25

The length of time (in seconds) that a FortiGate-VM waits between sending heartbeat requests to the function.

HEART_BEAT_DELAY_ALLOWANCE

10

Allowed variance (in seconds) before a heartbeat is considered out-of-sync and heartbeat loss is increased.

HEART_BEAT_LOSS_COUNT

10

Number of consecutively lost heartbeats. When the Heartbeat loss count has been reached, the FortiGate-VM is deemed unhealthy and failover activities will commence.

Variables can be referenced from the command line using:

terraform plan -var "<var name>=<value>"
Previous
Next

Terraform variables

Following are variables listed in the vars.tf file. They can be changed to suit the needs of your cluster.

Resource

Default

Description

project

Requires input

The project under which you will deploy the instance group. For details on managing projects, refer to the Google Cloud article Creating and Managing Projects.

auth_key

Requires input

The file name of the authentication key you are using to connect to GCP. For details on creating the key, refer to the Adding credentials section of the HashiCorp article "Getting Started with the Google Provider".

service_account

Requires input

The service account that will be used to call Cloud Functions. This allows Cloud Functions to be restricted to authorized calls.

region

us-central1

GCP region

zone

us-central1-c

GCP zone

nodejs_version

nodejs10

Version of Node.js to use in Cloud Functions.

max_replicas

3

Maximum number of FortiGate-VM instances in the instance group.

For details on scaling configurations, refer to the Google Cloud article Instance groups.

min_replicas

2

Minimum number of FortiGate-VM instances in the instance group.

cpu_utilization

0.5

Target CPU usage for the cluster to achieve.

Instances will scale out or scale in to meet this target.

Note

Autoscaling is based on CPU utilization. Autoscaling using custom metrics is not supported.

cluster_name

FortigateAutoScale

Name of the cluster to be used across objects (buckets, VPC, etc.)

bucket_name

fortigateautoscale

Name of the Blob Storage bucket.

fortigate_image

projects/fortigcp-project-001/global/images/fortinet-fgtondemand-623-20191223-001-w-license

The source image for the Instance Group to use. The default image is FortiOS 6.2.3.

instance

n1-standard-1

The instance Family type to be used by the scaling configuration.

vpc_cidr

172.16.0.0/16

The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC, divided into two /21 subnets.

public_subnet

172.16.0.0/21

Public subnet used by the FortiGate cluster.

protected_subnet

172.16.8.0/21

Private subnet for VMs behind the FortiGate cluster.

firewall_allowed_range

0.0.0.0/0

The GCP firewall range to allow.

Note
  • The default is to allow all.
  • If you use the GCP firewall policy to block incoming traffic, you will need to allow the load balancer to perform health checks and send data. For details on the IP addresses that will need access, refer to the Probe IP ranges and firewall rules section of the Google Cloud article Health checks.

target_size

2

Target size of the Autoscale cluster. For details, refer to the Google Cloud article Autoscaling groups of instances.

SCRIPT_TIMEOUT

500

Timeout (in seconds) of a Cloud Functions invocation.

MASTER_ELECTION_TIMEOUT

400

The maximum time (in seconds) to wait for a primary election to complete.

This variable should be less than the total script timeout (SCRIPT_TIMEOUT).

FORTIGATE_ADMIN_PORT

8443

A port number for FortiGate-VM administration.

Do not use the FortiGate reserved ports 443, 541, 514, or 703.

Minimum is 1. Maximum is 65535.

was: The admin port for the FortiGate Autoscale Cluster

HEARTBEAT_INTERVAL

25

The length of time (in seconds) that a FortiGate-VM waits between sending heartbeat requests to the function.

HEART_BEAT_DELAY_ALLOWANCE

10

Allowed variance (in seconds) before a heartbeat is considered out-of-sync and heartbeat loss is increased.

HEART_BEAT_LOSS_COUNT

10

Number of consecutively lost heartbeats. When the Heartbeat loss count has been reached, the FortiGate-VM is deemed unhealthy and failover activities will commence.

Variables can be referenced from the command line using:

terraform plan -var "<var name>=<value>"
Previous
Next