Fortinet Document Library

Version:


Table of Contents

OCI Administration Guide

7.0.0
Download PDF
Copy Link

Checking the prerequisites

To deploy and configure the FortiGate-VM as an A-P HA solution, you need the following items:

  • OCI account to operate in OCI compute portal
  • Availability to accommodate required OCI resources
    • See Service Limits.
    • VCN with eight subnets located in two different ADs for management, external, internal, and heartbeat purposes.
    • Three public IP addresses
    • All IP addresses must be static, not DHCP.
    • Two FortiGate-VM instances
  • Two valid FortiGate-VM BYOL licenses. See Licensing
  • The following summarizes minimum sufficient IAM roles for this deployment:
    • Allow dynamic-group <group_name> to read compartments in tenancy
    • Allow dynamic-group <group_name> to read instances in tenancy
    • Allow dynamic-group <group_name> to read vnic-attachments in tenancy
    • Allow dynamic-group <group_name> to read subnets in tenancy
    • Allow dynamic-group <group_name> to manage private-ips in tenancy
    • Allow dynamic-group <group_name> to manage public-ips in tenancy
    • Allow dynamic-group <group_name> to manage route-tables in tenancy
    • To define simpler roles, use the following:
      • Allow dynamic-group <group_name> to read compartments in tenancy
      • Allow dynamic-group <group_name> to read instances in tenancy
      • Allow dynamic-group <group_name> to manage virtual-network-family in tenancy
  • Note

    Actual role configurations may differ depending on your environments. Check with your company's public cloud administrators for more details.

Checking the prerequisites

To deploy and configure the FortiGate-VM as an A-P HA solution, you need the following items:

  • OCI account to operate in OCI compute portal
  • Availability to accommodate required OCI resources
    • See Service Limits.
    • VCN with eight subnets located in two different ADs for management, external, internal, and heartbeat purposes.
    • Three public IP addresses
    • All IP addresses must be static, not DHCP.
    • Two FortiGate-VM instances
  • Two valid FortiGate-VM BYOL licenses. See Licensing
  • The following summarizes minimum sufficient IAM roles for this deployment:
    • Allow dynamic-group <group_name> to read compartments in tenancy
    • Allow dynamic-group <group_name> to read instances in tenancy
    • Allow dynamic-group <group_name> to read vnic-attachments in tenancy
    • Allow dynamic-group <group_name> to read subnets in tenancy
    • Allow dynamic-group <group_name> to manage private-ips in tenancy
    • Allow dynamic-group <group_name> to manage public-ips in tenancy
    • Allow dynamic-group <group_name> to manage route-tables in tenancy
    • To define simpler roles, use the following:
      • Allow dynamic-group <group_name> to read compartments in tenancy
      • Allow dynamic-group <group_name> to read instances in tenancy
      • Allow dynamic-group <group_name> to manage virtual-network-family in tenancy
  • Note

    Actual role configurations may differ depending on your environments. Check with your company's public cloud administrators for more details.