Fortinet Document Library

Version:


Table of Contents

About FortiGate for GCP

Deploying FortiGate-VM on Google Cloud Marketplace

Deploying FortiGate-VM on Google Cloud Compute Engine

Deploying FortiGate-VM Using Google Cloud SDK

Use Case: High Availability for FortiGate on GCP

Security Fabric Connector Integration with GCP

Resources

Upgrade Path Tool
6.0.0
Copy Link

Creating VPC networks

This deployment requires four networks which you must create prior to deploying the FortiGates. The networks are as follows:

Network

Description

unprotected-network

Treated as unsafe and directly attached to the Internet.

protected-network

Commonly referred to as LAN in traditional physical network architectures.

ha-sync-network

All HA functionality, such as session and configuration synchronization, communicate with this network.

mgmt-network

Out of band management network.

Additionally, you must set up the route tables and GCP firewall rules necessary to allow traffic flow through the FortiGates. The route tables and firewall rules are separate separate from those that are configured on the FortiGates. Name the GCP route tables and firewall rules according to associated network and functionality.

  1. In the GCP console, go to VPC Networks, then click CREATE VPC NETWORK.
  2. In the Name field, enter the desired name.
  3. From the Region dropdown list, select the region appropriate for your deployment. All four networks must be in the same region.
  4. From the IP address range field, enter the first network's subnet in CIDR format, such as 10.0.1.0/24.
  5. Leave all other settings as-is, then click Create.
  6. Repeat steps 1-5 to create the remaining three networks in your VPC.

Resources

Creating VPC networks

This deployment requires four networks which you must create prior to deploying the FortiGates. The networks are as follows:

Network

Description

unprotected-network

Treated as unsafe and directly attached to the Internet.

protected-network

Commonly referred to as LAN in traditional physical network architectures.

ha-sync-network

All HA functionality, such as session and configuration synchronization, communicate with this network.

mgmt-network

Out of band management network.

Additionally, you must set up the route tables and GCP firewall rules necessary to allow traffic flow through the FortiGates. The route tables and firewall rules are separate separate from those that are configured on the FortiGates. Name the GCP route tables and firewall rules according to associated network and functionality.

  1. In the GCP console, go to VPC Networks, then click CREATE VPC NETWORK.
  2. In the Name field, enter the desired name.
  3. From the Region dropdown list, select the region appropriate for your deployment. All four networks must be in the same region.
  4. From the IP address range field, enter the first network's subnet in CIDR format, such as 10.0.1.0/24.
  5. Leave all other settings as-is, then click Create.
  6. Repeat steps 1-5 to create the remaining three networks in your VPC.