Creating the internal LB and custom route
The internal load balancer (LB) is used as the next hop for routing traffic originating from Google Cloud virtual private cloud networks to the active FortiGate instance.
To create the internal LB and custom route:
-
Create the internal backend service and add instance groups to it. You can reference the same health check as for the external LB:
gcloud compute backend-services create fgt-ilb-bes --region=$REGION \ --network=int-vpc \ --load-balancing-scheme=INTERNAL \ --health-checks=fgt-hcheck-tcp8008 \ --health-checks-region=$REGION \ --connection-persistence-on-unhealthy-backends=NEVER_PERSISTS gcloud compute backend-services add-backend fgt-ilb-bes --region=$REGION \ --instance-group=fgt-umig1 \ --instance-group-zone=$ZONE1 gcloud compute backend-services add-backend fgt-ilb-bes --region=$REGION\ --instance-group=fgt-umig2 \ --instance-group-zone=$ZONE2
- Create an internal forwarding rule in the internal subnet:
gcloud compute forwarding-rules create fgt-ilb-fwrule --region=$REGION \ --address=fgtilb-ip-int-$REGION_LABEL \ --ip-protocol=TCP \ --ports=ALL \ --load-balancing-scheme=INTERNAL \ --backend-service=fgtilb-int-bes-$REGION_LABEL \ --subnet=int-sb-$REGION_LABEL
-
Create the custom default route with forwarding rule as the next hop:
gcloud compute routes create rt-default-via-fgt \ --network=int-vpc \ --destination-range=0.0.0.0/0 \ --next-hop-ilb=fgt-ilb-fwrule \ --next-hop-ilb-region=$REGION \ --priority=10