Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • GCP Administration Guide

    Home FortiGate Public Cloud 7.2.0 GCP Administration Guide
    7.2.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Terraform variables

    Terraform variables

    Following are variables listed in the vars.tf file. They can be changed to suit the needs of your cluster.

    Resource

    Default

    Description

    project

    Requires input

    The project under which you will deploy the instance group. For details on managing projects, refer to the Google Cloud article Creating and Managing Projects.

    auth_key

    Requires input

    The file name of the authentication key you are using to connect to GCP. For details on creating the key, refer to the Adding credentials section of the HashiCorp article "Getting Started with the Google Provider".

    service_account

    Requires input

    The service account that will be used to call Cloud Functions. This allows Cloud Functions to be restricted to authorized calls.

    region

    us-central1

    GCP region

    zone

    us-central1-c

    GCP zone

    nodejs_version

    nodejs10

    Version of Node.js to use in Cloud Functions.

    max_replicas

    3

    Maximum number of FortiGate-VM instances in the instance group.

    For details on scaling configurations, refer to the Google Cloud article Instance groups.

    min_replicas

    2

    Minimum number of FortiGate-VM instances in the instance group.

    cpu_utilization

    0.5

    Target CPU usage for the cluster to achieve.

    Instances will scale out or scale in to meet this target.

    Note

    Autoscaling is based on CPU utilization. Autoscaling using custom metrics is not supported.

    cluster_name

    FortigateAutoScale

    Name of the cluster to be used across objects (buckets, VPC, etc.)

    bucket_name

    fortigateautoscale

    Name of the Blob Storage bucket.

    fortigate_image

    projects/fortigcp-project-001/global/images/fortinet-fgtondemand-623-20191223-001-w-license

    The source image for the Instance Group to use. The default image is FortiOS 6.2.3.

    instance

    n1-standard-1

    The instance Family type to be used by the scaling configuration.

    vpc_cidr

    172.16.0.0/16

    The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC, divided into two /21 subnets.

    public_subnet

    172.16.0.0/21

    Public subnet used by the FortiGate cluster.

    protected_subnet

    172.16.8.0/21

    Private subnet for VMs behind the FortiGate cluster.

    firewall_allowed_range

    0.0.0.0/0

    The GCP firewall range to allow.

    Note
    • The default is to allow all.
    • If you use the GCP firewall policy to block incoming traffic, you will need to allow the load balancer to perform health checks and send data. For details on the IP addresses that will need access, refer to the Probe IP ranges and firewall rules section of the Google Cloud article Health checks.

    target_size

    2

    Target size of the Autoscale cluster. For details, refer to the Google Cloud article Autoscaling groups of instances.

    SCRIPT_TIMEOUT

    500

    Timeout (in seconds) of a Cloud Functions invocation.

    MASTER_ELECTION_TIMEOUT

    400

    The maximum time (in seconds) to wait for a primary election to complete.

    This variable should be less than the total script timeout (SCRIPT_TIMEOUT).

    FORTIGATE_ADMIN_PORT

    8443

    A port number for FortiGate-VM administration.

    Do not use the FortiGate reserved ports 443, 541, 514, or 703.

    Minimum is 1. Maximum is 65535.

    was: The admin port for the FortiGate Autoscale Cluster

    HEARTBEAT_INTERVAL

    25

    The length of time (in seconds) that a FortiGate-VM waits between sending heartbeat requests to the function.

    HEART_BEAT_DELAY_ALLOWANCE

    10

    Allowed variance (in seconds) before a heartbeat is considered out-of-sync and heartbeat loss is increased.

    HEART_BEAT_LOSS_COUNT

    10

    Number of consecutively lost heartbeats. When the Heartbeat loss count has been reached, the FortiGate-VM is deemed unhealthy and failover activities will commence.

    You can reference variables from the command line using the following:

    terraform plan -var "<var name>=<value>"
    Previous
    Next

    Terraform variables

    Terraform variables

    Following are variables listed in the vars.tf file. They can be changed to suit the needs of your cluster.

    Resource

    Default

    Description

    project

    Requires input

    The project under which you will deploy the instance group. For details on managing projects, refer to the Google Cloud article Creating and Managing Projects.

    auth_key

    Requires input

    The file name of the authentication key you are using to connect to GCP. For details on creating the key, refer to the Adding credentials section of the HashiCorp article "Getting Started with the Google Provider".

    service_account

    Requires input

    The service account that will be used to call Cloud Functions. This allows Cloud Functions to be restricted to authorized calls.

    region

    us-central1

    GCP region

    zone

    us-central1-c

    GCP zone

    nodejs_version

    nodejs10

    Version of Node.js to use in Cloud Functions.

    max_replicas

    3

    Maximum number of FortiGate-VM instances in the instance group.

    For details on scaling configurations, refer to the Google Cloud article Instance groups.

    min_replicas

    2

    Minimum number of FortiGate-VM instances in the instance group.

    cpu_utilization

    0.5

    Target CPU usage for the cluster to achieve.

    Instances will scale out or scale in to meet this target.

    Note

    Autoscaling is based on CPU utilization. Autoscaling using custom metrics is not supported.

    cluster_name

    FortigateAutoScale

    Name of the cluster to be used across objects (buckets, VPC, etc.)

    bucket_name

    fortigateautoscale

    Name of the Blob Storage bucket.

    fortigate_image

    projects/fortigcp-project-001/global/images/fortinet-fgtondemand-623-20191223-001-w-license

    The source image for the Instance Group to use. The default image is FortiOS 6.2.3.

    instance

    n1-standard-1

    The instance Family type to be used by the scaling configuration.

    vpc_cidr

    172.16.0.0/16

    The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC, divided into two /21 subnets.

    public_subnet

    172.16.0.0/21

    Public subnet used by the FortiGate cluster.

    protected_subnet

    172.16.8.0/21

    Private subnet for VMs behind the FortiGate cluster.

    firewall_allowed_range

    0.0.0.0/0

    The GCP firewall range to allow.

    Note
    • The default is to allow all.
    • If you use the GCP firewall policy to block incoming traffic, you will need to allow the load balancer to perform health checks and send data. For details on the IP addresses that will need access, refer to the Probe IP ranges and firewall rules section of the Google Cloud article Health checks.

    target_size

    2

    Target size of the Autoscale cluster. For details, refer to the Google Cloud article Autoscaling groups of instances.

    SCRIPT_TIMEOUT

    500

    Timeout (in seconds) of a Cloud Functions invocation.

    MASTER_ELECTION_TIMEOUT

    400

    The maximum time (in seconds) to wait for a primary election to complete.

    This variable should be less than the total script timeout (SCRIPT_TIMEOUT).

    FORTIGATE_ADMIN_PORT

    8443

    A port number for FortiGate-VM administration.

    Do not use the FortiGate reserved ports 443, 541, 514, or 703.

    Minimum is 1. Maximum is 65535.

    was: The admin port for the FortiGate Autoscale Cluster

    HEARTBEAT_INTERVAL

    25

    The length of time (in seconds) that a FortiGate-VM waits between sending heartbeat requests to the function.

    HEART_BEAT_DELAY_ALLOWANCE

    10

    Allowed variance (in seconds) before a heartbeat is considered out-of-sync and heartbeat loss is increased.

    HEART_BEAT_LOSS_COUNT

    10

    Number of consecutively lost heartbeats. When the Heartbeat loss count has been reached, the FortiGate-VM is deemed unhealthy and failover activities will commence.

    You can reference variables from the command line using the following:

    terraform plan -var "<var name>=<value>"
    Previous
    Next