Fortinet black logo

OCI Administration Guide

Deploying the FortiGate-VM

Copy Link
Copy Doc ID 72c23609-8675-11eb-9995-00505692583a:484317
Download PDF

Deploying the FortiGate-VM

  1. Set up the OCI VCN environment. See Creating a VCN for multiple-AD HA topology.
  2. Deploy FortiGate-VMs in the environment for an active-passive configuration. See Creating a FortiGate-VM instance. To deploy FortiGate-VM from the marketplace, see Deploying FortiGate-VM via the marketplace. You must select different ADs when creating the Compute instances:

  3. Configure extra VNICs for the FortiGate-VM. You must ensure there are at least four network interfaces configured for each instance. See Checking the prerequisites. To create an extra VNIC, see Creating the second virtual network interface (VNIC). To configure the extra VNIC, see Configuring the second VNIC on the FortiGate-VM.
  4. Update route rules to point to the internal/trust private IP address on the active FortiGate. It is recommended to create a separate route table for the internal/trust subnet:
    1. Go to Networking > Virtual Cloud Networks > <VCN used> > Route Tables, then click Create Route Table.
    2. Specify the route table to point to the internal/trust private IP address on the active FortiGate:

    3. Go to Networking > Virtual Cloud Networks > <VCN used>. Edit the desired subnet.
    4. Under Route Table, update the configuration to the newly created route table.

Deploying the FortiGate-VM

  1. Set up the OCI VCN environment. See Creating a VCN for multiple-AD HA topology.
  2. Deploy FortiGate-VMs in the environment for an active-passive configuration. See Creating a FortiGate-VM instance. To deploy FortiGate-VM from the marketplace, see Deploying FortiGate-VM via the marketplace. You must select different ADs when creating the Compute instances:

  3. Configure extra VNICs for the FortiGate-VM. You must ensure there are at least four network interfaces configured for each instance. See Checking the prerequisites. To create an extra VNIC, see Creating the second virtual network interface (VNIC). To configure the extra VNIC, see Configuring the second VNIC on the FortiGate-VM.
  4. Update route rules to point to the internal/trust private IP address on the active FortiGate. It is recommended to create a separate route table for the internal/trust subnet:
    1. Go to Networking > Virtual Cloud Networks > <VCN used> > Route Tables, then click Create Route Table.
    2. Specify the route table to point to the internal/trust private IP address on the active FortiGate:

    3. Go to Networking > Virtual Cloud Networks > <VCN used>. Edit the desired subnet.
    4. Under Route Table, update the configuration to the newly created route table.