Fortinet Document Library

Version:


Table of Contents

About FortiGate for GCP

Deploying FortiGate-VM on Google Cloud Marketplace

Deploying FortiGate-VM on Google Cloud Compute Engine

Deploying FortiGate-VM Using Google Cloud SDK

Use Case: High Availability for FortiGate on GCP

Security Fabric Connector Integration with GCP

Resources

Upgrade Path Tool
6.0.0
Copy Link

Creating VPC firewall rules

GCP firewall rules are stateful, meaning that you only need to create one rule for the originating traffic. However, you may have traffic originate from both the Internet and your GCP resources. This requires you to create both an egress and ingress rule for each VPC network.

To create ingress rules:
  1. In the GCP console, go to VPC networks > Firewall Rules. Click Create Firewall Rule.
  2. In the Name field, enter the desired name.
  3. From the Network dropdown list, select the desired network to associate with this firewall rule.
  4. For Direction of Traffic, select Ingress.
  5. For Action on match, select Allow.
  6. From the Targets dropdown list, select All instances in the network.
  7. In the Source IP ranges field, enter 0.0.0.0/0.
  8. For Protocols and ports, click Allow all, then click Create.
  9. Repeat steps 1-8 for the remaining three networks in your VPC.
To create egress rules:
  1. In the GCP console, go to VPC networks > Firewall Rules. Click Create Firewall Rule.
  2. In the Name field, enter the desired name.
  3. From the Network dropdown list, select the desired network to associate with this firewall rule.
  4. For Direction of Traffic, select Egress.
  5. For Action on match, select Allow.
  6. From the Targets dropdown list, select All instances in the network.
  7. In the Source IP ranges field, enter 0.0.0.0/0.
  8. For Protocols and ports, click Allow all, then click Create.
  9. Repeat steps 1-8 for the remaining three networks in your VPC.

Now you have a total of eight GCP firewall rules.

Resources

Creating VPC firewall rules

GCP firewall rules are stateful, meaning that you only need to create one rule for the originating traffic. However, you may have traffic originate from both the Internet and your GCP resources. This requires you to create both an egress and ingress rule for each VPC network.

To create ingress rules:
  1. In the GCP console, go to VPC networks > Firewall Rules. Click Create Firewall Rule.
  2. In the Name field, enter the desired name.
  3. From the Network dropdown list, select the desired network to associate with this firewall rule.
  4. For Direction of Traffic, select Ingress.
  5. For Action on match, select Allow.
  6. From the Targets dropdown list, select All instances in the network.
  7. In the Source IP ranges field, enter 0.0.0.0/0.
  8. For Protocols and ports, click Allow all, then click Create.
  9. Repeat steps 1-8 for the remaining three networks in your VPC.
To create egress rules:
  1. In the GCP console, go to VPC networks > Firewall Rules. Click Create Firewall Rule.
  2. In the Name field, enter the desired name.
  3. From the Network dropdown list, select the desired network to associate with this firewall rule.
  4. For Direction of Traffic, select Egress.
  5. For Action on match, select Allow.
  6. From the Targets dropdown list, select All instances in the network.
  7. In the Source IP ranges field, enter 0.0.0.0/0.
  8. For Protocols and ports, click Allow all, then click Create.
  9. Repeat steps 1-8 for the remaining three networks in your VPC.

Now you have a total of eight GCP firewall rules.