Fortinet black logo

OCI Administration Guide

Home FortiGate Public Cloud 7.0.0 OCI Administration Guide

Checking the prerequisites

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 72c23609-8675-11eb-9995-00505692583a:867126
Download PDF

Checking the prerequisites

To deploy and configure the FortiGate-VM as an A-P HA solution, you need the following items:

  • OCI account to operate in OCI compute portal
  • Availability to accommodate required OCI resources
    • See Service Limits.
    • VCN with five subnets
    • Three public IP addresses
      • One for traffic to/through the active (primary) FortiGate-VM
      • Two for management access to each FortiGate-VM
    • All IP addresses must be static, not DHCP.
    • Two FortiGate-VM instances
      • You must deploy the two nodes in the same AD and under the same VCN.
      • Each FortiGate-VM must have at least four network interfaces. See Compute Shapes.
  • Two valid FortiGate-VM BYOL licenses. See Licensing.
  • The following summarizes minimum sufficient IAM roles for this deployment:
    • Allow dynamic-group <group_name> to read compartments in tenancy
    • Allow dynamic-group <group_name> to read instances in tenancy
    • Allow dynamic-group <group_name> to read vnic-attachments in tenancy
    • Allow dynamic-group <group_name> to read subnets in tenancy
    • Allow dynamic-group <group_name> to manage private-ips in tenancy
    • Allow dynamic-group <group_name> to manage public-ips in tenancy
    • Allow dynamic-group <group_name> to manage route-tables in tenancy
    • To define simpler roles, use the following:
      • Allow dynamic-group <group_name> to read compartments in tenancy
      • Allow dynamic-group <group_name> to read instances in tenancy
      • Allow dynamic-group <group_name> to manage virtual-network-family in tenancy
    • Note

    Actual role configurations may differ depending on your environments. Check with your company's public cloud administrators for more details.
Previous
Next

Checking the prerequisites

To deploy and configure the FortiGate-VM as an A-P HA solution, you need the following items:

  • OCI account to operate in OCI compute portal
  • Availability to accommodate required OCI resources
    • See Service Limits.
    • VCN with five subnets
    • Three public IP addresses
      • One for traffic to/through the active (primary) FortiGate-VM
      • Two for management access to each FortiGate-VM
    • All IP addresses must be static, not DHCP.
    • Two FortiGate-VM instances
      • You must deploy the two nodes in the same AD and under the same VCN.
      • Each FortiGate-VM must have at least four network interfaces. See Compute Shapes.
  • Two valid FortiGate-VM BYOL licenses. See Licensing.
  • The following summarizes minimum sufficient IAM roles for this deployment:
    • Allow dynamic-group <group_name> to read compartments in tenancy
    • Allow dynamic-group <group_name> to read instances in tenancy
    • Allow dynamic-group <group_name> to read vnic-attachments in tenancy
    • Allow dynamic-group <group_name> to read subnets in tenancy
    • Allow dynamic-group <group_name> to manage private-ips in tenancy
    • Allow dynamic-group <group_name> to manage public-ips in tenancy
    • Allow dynamic-group <group_name> to manage route-tables in tenancy
    • To define simpler roles, use the following:
      • Allow dynamic-group <group_name> to read compartments in tenancy
      • Allow dynamic-group <group_name> to read instances in tenancy
      • Allow dynamic-group <group_name> to manage virtual-network-family in tenancy
    • Note

    Actual role configurations may differ depending on your environments. Check with your company's public cloud administrators for more details.
Previous
Next