Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • GCP Administration Guide

    Home FortiGate Public Cloud 7.0.0 GCP Administration Guide
    7.0.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Terraform variables

    Terraform variables

    Following are variables that the vars.tf file lists. You can change them to suit the needs of your cluster.

    Resource

    Default

    Description

    auth_key

    Requires input

    File name of authentication key you use to connect to GCP. See Adding credentials.

    bucket_name

    fortigateautoscale

    Name of the Blob Storage bucket.

    cluster_name

    FortigateAutoScale

    Name of the cluster to use across objects (buckets, virtual private cloud (VPC), and so on).

    cpu_utilization

    0.5

    Target CPU usage for the cluster to achieve.

    Instances scale out or in to meet this target.

    Note

    Autoscaling is based on CPU utilization. FortiOS on GCP does not support autoscaling using custom metrics.

    firewall_allowed_range

    0.0.0.0/0

    GCP firewall range to allow.

    Note
    • The default is to allow all.
    • If you use the GCP firewall policy to block incoming traffic, you must allow the load balancer to perform health checks and send data. For details on the IP addresses that need access, see Probe IP ranges and firewall rules.

    FORTIGATE_ADMIN_PORT

    8443

    A port number for FortiGate-VM administration.

    Do not use the FortiGate reserved ports 443, 541, 514, or 703.

    Minimum is 1. Maximum is 65535.

    was: The admin port for the FortiGate Autoscale Cluster

    fortigate_image

    projects/fortigcp-project-001/global/images/fortinet-fgtondemand-623-20191223-001-w-license

    The source image for the Instance Group to use. The default image is FortiOS 6.2.3.

    HEART_BEAT_DELAY_ALLOWANCE

    10

    Allowed variance (in seconds) before a heartbeat is considered out-of-sync and heartbeat loss is increased.

    HEART_BEAT_LOSS_COUNT

    10

    Number of consecutively lost heartbeats. When the Heartbeat loss count has been reached, the FortiGate-VM is deemed unhealthy and failover activities will commence.

    HEARTBEAT_INTERVAL

    25

    The length of time (in seconds) that a FortiGate-VM waits between sending heartbeat requests to the function.

    instance

    n1-standard-1

    The instance Family type to be used by the scaling configuration.

    MASTER_ELECTION_TIMEOUT

    400

    The maximum time (in seconds) to wait for a primary election to complete.

    This variable should be less than the total script timeout (SCRIPT_TIMEOUT).

    max_replicas

    3

    Maximum number of FortiGate-VM instances in the instance group.

    For details on scaling configurations, refer to the Google Cloud article Instance groups.

    min_replicas

    2

    Minimum number of FortiGate-VM instances in the instance group.

    nodejs_version

    nodejs10

    Version of Node.js to use in Cloud Functions.

    project

    Requires input

    The project under which you will deploy the instance group. For details on managing projects, refer to the Google Cloud article Creating and Managing Projects.

    protected_subnet

    172.16.8.0/21

    Private subnet for VMs behind the FortiGate cluster.

    public_subnet

    172.16.0.0/21

    Public subnet used by the FortiGate cluster.

    region

    us-central1

    GCP region

    SCRIPT_TIMEOUT

    500

    Timeout (in seconds) of a Cloud Functions invocation.

    service_account

    Requires input

    The service account that will be used to call Cloud Functions. This allows Cloud Functions to be restricted to authorized calls.

    target_size

    2

    Target size of the Autoscale cluster. For details, refer to the Google Cloud article Autoscaling groups of instances.

    vpc_cidr

    172.16.0.0/16

    The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC, divided into two /21 subnets.

    zone

    us-central1-c

    GCP zone

    Variables can be referenced from the command line using:

    terraform plan -var "<var name>=<value>"
    Previous
    Next

    Terraform variables

    Terraform variables

    Following are variables that the vars.tf file lists. You can change them to suit the needs of your cluster.

    Resource

    Default

    Description

    auth_key

    Requires input

    File name of authentication key you use to connect to GCP. See Adding credentials.

    bucket_name

    fortigateautoscale

    Name of the Blob Storage bucket.

    cluster_name

    FortigateAutoScale

    Name of the cluster to use across objects (buckets, virtual private cloud (VPC), and so on).

    cpu_utilization

    0.5

    Target CPU usage for the cluster to achieve.

    Instances scale out or in to meet this target.

    Note

    Autoscaling is based on CPU utilization. FortiOS on GCP does not support autoscaling using custom metrics.

    firewall_allowed_range

    0.0.0.0/0

    GCP firewall range to allow.

    Note
    • The default is to allow all.
    • If you use the GCP firewall policy to block incoming traffic, you must allow the load balancer to perform health checks and send data. For details on the IP addresses that need access, see Probe IP ranges and firewall rules.

    FORTIGATE_ADMIN_PORT

    8443

    A port number for FortiGate-VM administration.

    Do not use the FortiGate reserved ports 443, 541, 514, or 703.

    Minimum is 1. Maximum is 65535.

    was: The admin port for the FortiGate Autoscale Cluster

    fortigate_image

    projects/fortigcp-project-001/global/images/fortinet-fgtondemand-623-20191223-001-w-license

    The source image for the Instance Group to use. The default image is FortiOS 6.2.3.

    HEART_BEAT_DELAY_ALLOWANCE

    10

    Allowed variance (in seconds) before a heartbeat is considered out-of-sync and heartbeat loss is increased.

    HEART_BEAT_LOSS_COUNT

    10

    Number of consecutively lost heartbeats. When the Heartbeat loss count has been reached, the FortiGate-VM is deemed unhealthy and failover activities will commence.

    HEARTBEAT_INTERVAL

    25

    The length of time (in seconds) that a FortiGate-VM waits between sending heartbeat requests to the function.

    instance

    n1-standard-1

    The instance Family type to be used by the scaling configuration.

    MASTER_ELECTION_TIMEOUT

    400

    The maximum time (in seconds) to wait for a primary election to complete.

    This variable should be less than the total script timeout (SCRIPT_TIMEOUT).

    max_replicas

    3

    Maximum number of FortiGate-VM instances in the instance group.

    For details on scaling configurations, refer to the Google Cloud article Instance groups.

    min_replicas

    2

    Minimum number of FortiGate-VM instances in the instance group.

    nodejs_version

    nodejs10

    Version of Node.js to use in Cloud Functions.

    project

    Requires input

    The project under which you will deploy the instance group. For details on managing projects, refer to the Google Cloud article Creating and Managing Projects.

    protected_subnet

    172.16.8.0/21

    Private subnet for VMs behind the FortiGate cluster.

    public_subnet

    172.16.0.0/21

    Public subnet used by the FortiGate cluster.

    region

    us-central1

    GCP region

    SCRIPT_TIMEOUT

    500

    Timeout (in seconds) of a Cloud Functions invocation.

    service_account

    Requires input

    The service account that will be used to call Cloud Functions. This allows Cloud Functions to be restricted to authorized calls.

    target_size

    2

    Target size of the Autoscale cluster. For details, refer to the Google Cloud article Autoscaling groups of instances.

    vpc_cidr

    172.16.0.0/16

    The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC, divided into two /21 subnets.

    zone

    us-central1-c

    GCP zone

    Variables can be referenced from the command line using:

    terraform plan -var "<var name>=<value>"
    Previous
    Next