Fortinet Document Library

Version:


Table of Contents

About FortiGate for GCP

Deploying FortiGate-VM on Google Cloud Marketplace

Deploying FortiGate-VM on Google Cloud Compute Engine

Deploying FortiGate-VM Using Google Cloud SDK

Use Case: High Availability for FortiGate on GCP

Security Fabric Connector Integration with GCP

Resources

Upgrade Path Tool
6.0.0
Copy Link

Setting up FortiGate HA

  1. Go to Compute Engine > VM Instances.
  2. Note the external IP addresses assigned to nic0 on each FortiGate.
  3. Connect to the primary FortiGate's external IP address using SSH, then enter the following commands:

    config system ha

    set group-name <choose a group name for the cluster>

    set mode a-p

    set hbdev "port3" 100

    set session-pickup enable

    set session-pickup-connectionless enable

    set ha-mgmt-status enable

    config ha-mgmt-interfaces

    edit 1

    set interface "port4"

    set gateway <ip address of MGMT network intrinsic router>

    next

    end

    set override disable

    set priority 255

    set unicast-hb enable

    set unicast-hb-peerip <ip address of HA interface of secondary FortiGate>

    set unicast-hb-netmask <netmask of HA sync network>

    end

  4. Connect to the secondary FortiGate's external IP address using SSH, then enter the following commands:

    config system ha

    set group-name <enter the same group name you entered in the primary FortiGate>

    set mode a-p

    set hbdev "port3" 100

    set session-pickup enable

    set session-pickup-connectionless enable

    set ha-mgmt-status enable

    config ha-mgmt-interfaces

    edit 1

    set interface "port4"

    set gateway <ip address of MGMT network intrinsic router>

    next

    end

    set override disable

    set priority 255

    set unicast-hb enable

    set unicast-hb-peerip <ip address of HA interface of primary FortiGate>

    set unicast-hb-netmask <netmask of HA sync network>

    end

  5. In the GCP console, go to VPC network > Routes.
  6. Note the name of the default route table created in Creating a GCP route table.
  7. Go to Compute Engine > VM Instances.
  8. Note the primary FortiGate's external IP address.

Resources

Setting up FortiGate HA

  1. Go to Compute Engine > VM Instances.
  2. Note the external IP addresses assigned to nic0 on each FortiGate.
  3. Connect to the primary FortiGate's external IP address using SSH, then enter the following commands:

    config system ha

    set group-name <choose a group name for the cluster>

    set mode a-p

    set hbdev "port3" 100

    set session-pickup enable

    set session-pickup-connectionless enable

    set ha-mgmt-status enable

    config ha-mgmt-interfaces

    edit 1

    set interface "port4"

    set gateway <ip address of MGMT network intrinsic router>

    next

    end

    set override disable

    set priority 255

    set unicast-hb enable

    set unicast-hb-peerip <ip address of HA interface of secondary FortiGate>

    set unicast-hb-netmask <netmask of HA sync network>

    end

  4. Connect to the secondary FortiGate's external IP address using SSH, then enter the following commands:

    config system ha

    set group-name <enter the same group name you entered in the primary FortiGate>

    set mode a-p

    set hbdev "port3" 100

    set session-pickup enable

    set session-pickup-connectionless enable

    set ha-mgmt-status enable

    config ha-mgmt-interfaces

    edit 1

    set interface "port4"

    set gateway <ip address of MGMT network intrinsic router>

    next

    end

    set override disable

    set priority 255

    set unicast-hb enable

    set unicast-hb-peerip <ip address of HA interface of primary FortiGate>

    set unicast-hb-netmask <netmask of HA sync network>

    end

  5. In the GCP console, go to VPC network > Routes.
  6. Note the name of the default route table created in Creating a GCP route table.
  7. Go to Compute Engine > VM Instances.
  8. Note the primary FortiGate's external IP address.