Fortinet Document Library

Version:


Table of Contents

About FortiGate for GCP

Deploying FortiGate-VM on Google Cloud Marketplace

Deploying FortiGate-VM on Google Cloud Compute Engine

Deploying FortiGate-VM Using Google Cloud SDK

Use Case: High Availability for FortiGate on GCP

Security Fabric Connector Integration with GCP

Resources

Upgrade Path Tool
6.0.0
Copy Link

Deploying the primary FortiGate-VM instance

  1. Go to Compute Engine > VM Instances. Click CREATE INSTANCE.
  2. Configure the instance settings:
    1. In the Name field, enter the desired name.
    2. From the Region dropdown list, select the region where you created your VPC networks in Creating VPC networks.
    3. From the Zone dropdown list, select a zone within the chosen region. You must deploy both FortiGates in the same region and zone.
    4. From the Machine type dropdown list, select the number of vCPUs for this instance. This should match the FortiGate license and be a minimum of four vcPUs so that the instance supports four vNICs.
    5. Under Boot disk, click Change.
    6. On the Custom images tab, select the newly created image. Click Select.
    7. Click to expand Management, security, disks, networking, sole tenancy, then click Networking.
    8. Configure the unprotected network:
      1. Click the edit icon for the interface already created for the instance.
      2. From the Network dropdown list, select the unprotected network. Your subnet is automatically populated.
      3. From the External IP dropdown list, select Create IP address.
      4. In the Name field, enter a name for the IP address, then click RESERVE.
      5. From the IP Forwarding dropdown list, select On.
      6. Click Done.
    9. Configure the protected network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the protected network.
      3. From the External IP dropdown list, select None.
      4. Click Done.
    10. Configure the HA network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the HA network.
      3. From the External IP dropdown list, select None.
      4. Click Done.
    11. Configure the management network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the management network.
      3. From the External IP dropdown list, select Ephemeral.
      4. Click Done.
    caution icon

    You cannot add interfaces to an instance after creating it. If you create the instance with an improper interface configuration, you must destroy the instance and recreate it with the proper interface configuration.

  3. After configuring all elements, click Create.

Resources

Deploying the primary FortiGate-VM instance

  1. Go to Compute Engine > VM Instances. Click CREATE INSTANCE.
  2. Configure the instance settings:
    1. In the Name field, enter the desired name.
    2. From the Region dropdown list, select the region where you created your VPC networks in Creating VPC networks.
    3. From the Zone dropdown list, select a zone within the chosen region. You must deploy both FortiGates in the same region and zone.
    4. From the Machine type dropdown list, select the number of vCPUs for this instance. This should match the FortiGate license and be a minimum of four vcPUs so that the instance supports four vNICs.
    5. Under Boot disk, click Change.
    6. On the Custom images tab, select the newly created image. Click Select.
    7. Click to expand Management, security, disks, networking, sole tenancy, then click Networking.
    8. Configure the unprotected network:
      1. Click the edit icon for the interface already created for the instance.
      2. From the Network dropdown list, select the unprotected network. Your subnet is automatically populated.
      3. From the External IP dropdown list, select Create IP address.
      4. In the Name field, enter a name for the IP address, then click RESERVE.
      5. From the IP Forwarding dropdown list, select On.
      6. Click Done.
    9. Configure the protected network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the protected network.
      3. From the External IP dropdown list, select None.
      4. Click Done.
    10. Configure the HA network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the HA network.
      3. From the External IP dropdown list, select None.
      4. Click Done.
    11. Configure the management network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the management network.
      3. From the External IP dropdown list, select Ephemeral.
      4. Click Done.
    caution icon

    You cannot add interfaces to an instance after creating it. If you create the instance with an improper interface configuration, you must destroy the instance and recreate it with the proper interface configuration.

  3. After configuring all elements, click Create.