Troubleshooting GCP SDN Connector
You can check if API calls are made successfully by running the following commands in the CLI:
diagnose debug enable
diagnose debug application gcpd -1
Wait a few minutes for the output. If the SDN connector was configured successfully, the API status shows
200 in communicating with the Google Cloud API server as shown below. The host looks different depending on where you run the FortiGate instance (on or outside of GCP).
If the CLI shows a failure, check the following and see if any required configuration is missing or incorrect:
- If using metadata IAM, can the FortiGate-VM access the API on Google Cloud Compute Engine?
- If the service account is specified:
- Is the project name correct?
- Is the service account email address correct?
- Is the service account key correct?
- Does the service account have the appropriate role/permissions?