Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • GCP Administration Guide

    Home FortiGate Public Cloud 7.4.0 GCP Administration Guide
    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Deploying FortiGate autoscale for GCP

    Deploying FortiGate autoscale for GCP

    The easiest way to deploy FortiGate autoscale for GCP is with Terraform.

    This deployment was tested with:

    • Terraform 0.12
    • Terraform Google Provider 2.20.1
    • Terraform Google Provider Beta 2.20.1
    To deploy FortiGate Autoscale for GCP:
    1. Log in to your GCP account.
    2. If you have not already done so, create an authentication token. The default Compute service account should have sufficient permissions. See Authenticate for using client libraries.
    3. Install Terraform. See Install Terraform.
    4. Clone the repository.
    5. Change into the new directory and do one of the following:

      The following files and folders should be present:

      .
├── assets
│   └── configset
│   	├── baseconfig
│   	├── httproutingpolicy
│   	├── httpsroutingpolicy
│   	├── internalelbweb
│   	├── port2config
│   	├── setuptgwvpn
│   	└── storelogtofaz
├── cloud-function-package.json
├── dist
│   └── gcp.zip
├── index.ts
├── main.tf
├── package.json
├── package-lock.json
├── README.md
├── tsconfig.json
├── tslint.json
└── vars.tf
    6. Open the vars.tf file and add values to the following variables:

      Variable

      Value

      project

      Google project ID

      service_account

      Service account that you will use to call Cloud Function

      auth_key

      GCP authentication key name and path. The default is account.json. Specify the path if the key is not in the current directory.

      You can also do the aforementioned step from the command line using the following syntax:

      terraform plan -var "<var_name>=<value>"
    7. Customize other variables such as cpu_ulitization and cooldown period as needed. See Terraform variables.
    8. Initialize the providers and modules: 
      terraform init
    9. Verify the plan: 
      terraform plan
    10. Confirm and apply the plan:
      terraform apply

      Output is similar to the following. A randomly generated five-letter suffix is added to all resources. You can use the suffix to help identify your cluster resources.

      InstanceTemplate = fortigateautoscale-instance-template-cehpm
LoadBalance_instances = []
LoadBalancer_Ip_Address = xxx.xxx.xxx.xxx
Notes = The Firestore Database must be deleted separately
Trigger_URL = https://us-central1-*************.cloudfunctions.net/fortigateautoscale-cehpm
google_compute_region_instance_group_manager = fortigateautoscale-fortigate-autoscale-cehpm
    Note

    As part of the deployment, Terraform adjusts the ${fgt_secondary_ip} value within the baseconfig file located in assets/configset/. The value should be the external load balancer IP address. See Backend service-based external passthrough Network Load Balancer overview.
    Previous
    Next

    Deploying FortiGate autoscale for GCP

    Deploying FortiGate autoscale for GCP

    The easiest way to deploy FortiGate autoscale for GCP is with Terraform.

    This deployment was tested with:

    • Terraform 0.12
    • Terraform Google Provider 2.20.1
    • Terraform Google Provider Beta 2.20.1
    To deploy FortiGate Autoscale for GCP:
    1. Log in to your GCP account.
    2. If you have not already done so, create an authentication token. The default Compute service account should have sufficient permissions. See Authenticate for using client libraries.
    3. Install Terraform. See Install Terraform.
    4. Clone the repository.
    5. Change into the new directory and do one of the following:

      The following files and folders should be present:

      .
├── assets
│   └── configset
│   	├── baseconfig
│   	├── httproutingpolicy
│   	├── httpsroutingpolicy
│   	├── internalelbweb
│   	├── port2config
│   	├── setuptgwvpn
│   	└── storelogtofaz
├── cloud-function-package.json
├── dist
│   └── gcp.zip
├── index.ts
├── main.tf
├── package.json
├── package-lock.json
├── README.md
├── tsconfig.json
├── tslint.json
└── vars.tf
    6. Open the vars.tf file and add values to the following variables:

      Variable

      Value

      project

      Google project ID

      service_account

      Service account that you will use to call Cloud Function

      auth_key

      GCP authentication key name and path. The default is account.json. Specify the path if the key is not in the current directory.

      You can also do the aforementioned step from the command line using the following syntax:

      terraform plan -var "<var_name>=<value>"
    7. Customize other variables such as cpu_ulitization and cooldown period as needed. See Terraform variables.
    8. Initialize the providers and modules: 
      terraform init
    9. Verify the plan: 
      terraform plan
    10. Confirm and apply the plan:
      terraform apply

      Output is similar to the following. A randomly generated five-letter suffix is added to all resources. You can use the suffix to help identify your cluster resources.

      InstanceTemplate = fortigateautoscale-instance-template-cehpm
LoadBalance_instances = []
LoadBalancer_Ip_Address = xxx.xxx.xxx.xxx
Notes = The Firestore Database must be deleted separately
Trigger_URL = https://us-central1-*************.cloudfunctions.net/fortigateautoscale-cehpm
google_compute_region_instance_group_manager = fortigateautoscale-fortigate-autoscale-cehpm
    Note

    As part of the deployment, Terraform adjusts the ${fgt_secondary_ip} value within the baseconfig file located in assets/configset/. The value should be the external load balancer IP address. See Backend service-based external passthrough Network Load Balancer overview.
    Previous
    Next