Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • GCP Administration Guide

    Home FortiGate Public Cloud 7.6.0 GCP Administration Guide
    7.6.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Deploying a FortiGate-VM on a T2A instance

    Deploying a FortiGate-VM on a T2A instance

    FortiOS supports the GCP T2A instance family. A publicly available image has been created. You can use it to create a FortiGate-VM instance via the GCloud CLI, leveraging the ARM-based CPU instance family T2A. See Expanding the Tau VM family with Arm-based processors.

    To deploy a FortiGate-VM on GCP with the T2A family instance:

    The example uses GCloud shell or Linux variables. Edit the variables to match your project ID, zone, and service account:

    project=<GCP project ID>

    zone=us-central1-a

    serviceaccount=<your designated services account>

    image=projects/fortigcp-project-001/global/images/fortinet-fgt-arm64-740-20230512-001-w-license

    Note

    Do not edit the image variable as this specifies the ARM specific image.

    The following commands deploy a FortiGate-VM on a T2A instance type with two network adapters. The networks and subnets referenced in the GCloud SDK command must be in place and/or created prior to running the command. Edit the following command to fit your environment:

    gcloud compute instances create fortigate-arm-t2a \ 
  --project=$project \ 
  --zone=$zone \ 
  --machine-type=t2a-standard-2 \ 
  --network-interface=private-network-ip=10.0.1.11,nic-type=GVNIC,subnet=unprotected-public-subnet \ 
  --network-interface=private-network-ip=10.0.2.11,nic-type=GVNIC,subnet=protected-private-subnet,no-address \ 
  --can-ip-forward \ 
  --service-account=$serviceaccount \ 
  --scopes=https://www.googleapis.com/auth/cloud-platform \ 
  --create-disk=auto-delete=yes,boot=yes,device-name=fortigate-arm-t2a,image=$image,mode=rw,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced \ 
  --create-disk=auto-delete=yes,device-name=fortigate-arm-t2a-log,mode=rw,name=fortigate-arm-t2a-log,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced

    The following shows the GCloud CLI output when the deployment succeeds:

    Created [https://www.googleapis.com/compute/v1/projects/...../zones/us-central1-a/instances/fortigate-arm-t2a].

    NAME: fortigate-arm-t2a

    ZONE: us-central1-a

    MACHINE TYPE: t2a-standard-2

    PREEMPTIBLE:

    INTERNAL_IP: 10.0.1.11, 10.0.2.11

    EXTERNAL_IP: 34.134.160.178

    STATUS: RUNNING

    The following shows the FortiGate-VM bring your own license instance details on the GCP portal:

    Previous
    Next

    Deploying a FortiGate-VM on a T2A instance

    Deploying a FortiGate-VM on a T2A instance

    FortiOS supports the GCP T2A instance family. A publicly available image has been created. You can use it to create a FortiGate-VM instance via the GCloud CLI, leveraging the ARM-based CPU instance family T2A. See Expanding the Tau VM family with Arm-based processors.

    To deploy a FortiGate-VM on GCP with the T2A family instance:

    The example uses GCloud shell or Linux variables. Edit the variables to match your project ID, zone, and service account:

    project=<GCP project ID>

    zone=us-central1-a

    serviceaccount=<your designated services account>

    image=projects/fortigcp-project-001/global/images/fortinet-fgt-arm64-740-20230512-001-w-license

    Note

    Do not edit the image variable as this specifies the ARM specific image.

    The following commands deploy a FortiGate-VM on a T2A instance type with two network adapters. The networks and subnets referenced in the GCloud SDK command must be in place and/or created prior to running the command. Edit the following command to fit your environment:

    gcloud compute instances create fortigate-arm-t2a \ 
  --project=$project \ 
  --zone=$zone \ 
  --machine-type=t2a-standard-2 \ 
  --network-interface=private-network-ip=10.0.1.11,nic-type=GVNIC,subnet=unprotected-public-subnet \ 
  --network-interface=private-network-ip=10.0.2.11,nic-type=GVNIC,subnet=protected-private-subnet,no-address \ 
  --can-ip-forward \ 
  --service-account=$serviceaccount \ 
  --scopes=https://www.googleapis.com/auth/cloud-platform \ 
  --create-disk=auto-delete=yes,boot=yes,device-name=fortigate-arm-t2a,image=$image,mode=rw,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced \ 
  --create-disk=auto-delete=yes,device-name=fortigate-arm-t2a-log,mode=rw,name=fortigate-arm-t2a-log,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced

    The following shows the GCloud CLI output when the deployment succeeds:

    Created [https://www.googleapis.com/compute/v1/projects/...../zones/us-central1-a/instances/fortigate-arm-t2a].

    NAME: fortigate-arm-t2a

    ZONE: us-central1-a

    MACHINE TYPE: t2a-standard-2

    PREEMPTIBLE:

    INTERNAL_IP: 10.0.1.11, 10.0.2.11

    EXTERNAL_IP: 34.134.160.178

    STATUS: RUNNING

    The following shows the FortiGate-VM bring your own license instance details on the GCP portal:

    Previous
    Next