Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • HA on Google Cloud Deployment Guide

    Home FortiMail 7.6.0 HA on Google Cloud Deployment Guide
    7.6.0
    7.6.0

    Introduction

    Introduction

    FortiMail units can operate in either active-passive or active-active high availability (HA) mode. For details, see the FortiMail Administration Guide.

    In Google Cloud Platform (GCP), you can use either a:

    to monitor the health of VMs, distribute traffic among HA members, and to avoid a FortiMail-VM that is on standby or that has become unresponsive. In this document, we show FortiMail HA cluster only.

    In FortiMail HA, you can use either:

    • active-active
    • active-passive

    In this document, we show active-passive HA. However active-active HA is deployed and configured similarly.

    Note

    All FortiMail units that belong to an HA group require valid licenses. New VM instances may be deployed to auto-scale if there is more network load, or instances may be re-sized to meet billing changes. If that happens, verify again that all instances have valid licenses.

    Prerequisites

    Before you can configure a FortiMail HA cluster on GCP, you must have:

    • A Google Cloud Platform account with an Identity and Access Management (IAM) user that has permission to create compute engine (VM) instances and configure networking

    • A virtual private cloud (VPC) network

    • VPC firewall rules that allow email traffic flow from the Internet to all FortiMail-VMs in the VPC network, and HTTPS traffic from your computer to access the administrative GUI

    • Two FortiMail-VM instances deployed in the same VPC network subnet so that the HA heartbeat between them can occur over the internal network

    For details, see the Google Cloud Platform Deployment Guide.

    Note

    Deploy all components of the HA group in the same region and zone, and in the same VPC network. Health checks, HA heartbeats, and failover may not function correctly if the VMs are far apart, such as in different time zones or countries. Physical distance can cause HA communications to have too much latency.

    If you want to deploy in multiple regions to provide redundancy in case of a regional cloud outage, then deploy a separate FortiMail HA cluster in each region.
    Previous
    Next

    Introduction

    Introduction

    FortiMail units can operate in either active-passive or active-active high availability (HA) mode. For details, see the FortiMail Administration Guide.

    In Google Cloud Platform (GCP), you can use either a:

    to monitor the health of VMs, distribute traffic among HA members, and to avoid a FortiMail-VM that is on standby or that has become unresponsive. In this document, we show FortiMail HA cluster only.

    In FortiMail HA, you can use either:

    • active-active
    • active-passive

    In this document, we show active-passive HA. However active-active HA is deployed and configured similarly.

    Note

    All FortiMail units that belong to an HA group require valid licenses. New VM instances may be deployed to auto-scale if there is more network load, or instances may be re-sized to meet billing changes. If that happens, verify again that all instances have valid licenses.

    Prerequisites

    Before you can configure a FortiMail HA cluster on GCP, you must have:

    • A Google Cloud Platform account with an Identity and Access Management (IAM) user that has permission to create compute engine (VM) instances and configure networking

    • A virtual private cloud (VPC) network

    • VPC firewall rules that allow email traffic flow from the Internet to all FortiMail-VMs in the VPC network, and HTTPS traffic from your computer to access the administrative GUI

    • Two FortiMail-VM instances deployed in the same VPC network subnet so that the HA heartbeat between them can occur over the internal network

    For details, see the Google Cloud Platform Deployment Guide.

    Note

    Deploy all components of the HA group in the same region and zone, and in the same VPC network. Health checks, HA heartbeats, and failover may not function correctly if the VMs are far apart, such as in different time zones or countries. Physical distance can cause HA communications to have too much latency.

    If you want to deploy in multiple regions to provide redundancy in case of a regional cloud outage, then deploy a separate FortiMail HA cluster in each region.
    Previous
    Next