Fortinet white logo
Fortinet white logo

GCP Administration Guide

Deploying a FortiGate-VM instance

Deploying a FortiGate-VM instance

Note

The networks in this example are already setup. Use existing networks and subnets or create them prior to running the commands in this document. Edit all GCP environment-specific variables to fit your GCP environment.

This guide assumes familiarity with Linux distributions and the GCP environment and that Google Cloud CLI is already installed and configured for your project. For information about installing the Google Cloud CLI SDK, see Install the gcloud CLI.

Note

This process uses environment variables with the GCloud SDK CLI commands. Creating the FortiGate-VM instance references the custom image creation process is referenced.

To deploy a FortiGate-VM instance:
  1. Define environment variables:
    project=<your project id>
    zone=us-central1-a
    serviceaccount=<your service account>
    image_name=doc-fortigate-vm-image
    image=projects/$project/global/images/$image_name
    

    For information about using publicly available images, see Finding public FortiGate images.

  2. Edit and run the following commands in GCP:
    gcloud compute instances create doc-fortigate-vm \
    --project=$project \
    --zone=$zone \
    --machine-type=n2d-standard-2 \
    --network-interface=network-tier=PREMIUM,private-network-ip=10.0.1.10,subnet=unprotected-public-subnet \
    --network-interface=private-network-ip=10.0.2.10,subnet=protected-private-subnet,no-address \
    --can-ip-forward \
    --service-account=$serviceaccount \
    --scopes=https://www.googleapis.com/auth/cloud-platform \
    --create-disk=auto-delete=yes,boot=yes,device-name=doc-fortigate-vm-boot,image=$image,mode=rw,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced \
    --create-disk=auto-delete=yes,device-name=doc-fortigate-vm-log,mode=rw,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced
    

  3. Add the following lines to bootstrap the new instance with an existing configuration file and BYOL license file:
    --metadata-from-file "license=<license text file>,user-data=<FortiGate CLI text file>".
    --metadata-from-file "license=license.txt,user-data=config.txt".
    

    Note

    This step requires a Linux distribution with the GCloud SDK ClI installed. It leverages the Linux file system to read the license and configuration files and pass them to the FortiGate-VM. See Bootstrapping FortiGate at initial bootup.

  4. Obtain the newly deployed FortiGate-VM instance ID by running the following command: gcloud compute instances describe doc-fortigate-vm –zone=$zone | grep id. For more information, see Get the ID of a VM instance.
  5. Access the newly deployed FortiGate-VM using the public IP address from step 2's output and the instance ID from step 4 as the password. If you did not bootstrap a license file, you can apply a license in the FortiOS GUI.

Deploying a FortiGate-VM instance

Deploying a FortiGate-VM instance

Note

The networks in this example are already setup. Use existing networks and subnets or create them prior to running the commands in this document. Edit all GCP environment-specific variables to fit your GCP environment.

This guide assumes familiarity with Linux distributions and the GCP environment and that Google Cloud CLI is already installed and configured for your project. For information about installing the Google Cloud CLI SDK, see Install the gcloud CLI.

Note

This process uses environment variables with the GCloud SDK CLI commands. Creating the FortiGate-VM instance references the custom image creation process is referenced.

To deploy a FortiGate-VM instance:
  1. Define environment variables:
    project=<your project id>
    zone=us-central1-a
    serviceaccount=<your service account>
    image_name=doc-fortigate-vm-image
    image=projects/$project/global/images/$image_name
    

    For information about using publicly available images, see Finding public FortiGate images.

  2. Edit and run the following commands in GCP:
    gcloud compute instances create doc-fortigate-vm \
    --project=$project \
    --zone=$zone \
    --machine-type=n2d-standard-2 \
    --network-interface=network-tier=PREMIUM,private-network-ip=10.0.1.10,subnet=unprotected-public-subnet \
    --network-interface=private-network-ip=10.0.2.10,subnet=protected-private-subnet,no-address \
    --can-ip-forward \
    --service-account=$serviceaccount \
    --scopes=https://www.googleapis.com/auth/cloud-platform \
    --create-disk=auto-delete=yes,boot=yes,device-name=doc-fortigate-vm-boot,image=$image,mode=rw,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced \
    --create-disk=auto-delete=yes,device-name=doc-fortigate-vm-log,mode=rw,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced
    

  3. Add the following lines to bootstrap the new instance with an existing configuration file and BYOL license file:
    --metadata-from-file "license=<license text file>,user-data=<FortiGate CLI text file>".
    --metadata-from-file "license=license.txt,user-data=config.txt".
    

    Note

    This step requires a Linux distribution with the GCloud SDK ClI installed. It leverages the Linux file system to read the license and configuration files and pass them to the FortiGate-VM. See Bootstrapping FortiGate at initial bootup.

  4. Obtain the newly deployed FortiGate-VM instance ID by running the following command: gcloud compute instances describe doc-fortigate-vm –zone=$zone | grep id. For more information, see Get the ID of a VM instance.
  5. Access the newly deployed FortiGate-VM using the public IP address from step 2's output and the instance ID from step 4 as the password. If you did not bootstrap a license file, you can apply a license in the FortiOS GUI.