Fortinet Document Library

Version:


Table of Contents

GCP Cookbook

Resources

Upgrade Path Tool

GCP Cookbook

6.2.0
Download PDF
Copy Link

Adding instances to the protected subnet

When the deployment has completed, an Instance group can be created and VMs can be added to the protected subnet, behind the internal load balancer.

In GCP, NICs must reside in separate VPCs. In this deployment, the FortiGate will have two NICs: one in the exposed public subnet / VPC; the other in the protected subnet / VPC. By default, the protected subnet will be called fortigateautoscale-protected-subnet-CLUSTER-SUFFIX.

The default FortiGate configuration located under /assets/configset/baseconfig specifies a VIP on port 80 and a VIP on port 443 with a policy that points to an internal load balancer.

Note

In FortiOS 6.2.3 any VIPs created on the master will not sync to the slave units. Any VIP you wish to add must be added as part of the baseconfig.

The following illustrates adding a basic unmanaged Instance group into the protected subnet and internal load balancer.

  1. Create the VM, ensuring that it resides within the proper region, VPC and subnet:

    Add VM instance

    Add VM instance

  2. Create an Instance group:

    Add Instance group

  3. Under Network services > Load balancing choose the Internal load balancer, select Backend configuration and add the new Instance group.

    Add new Instance group to the internal load balancer

Resources

Adding instances to the protected subnet

When the deployment has completed, an Instance group can be created and VMs can be added to the protected subnet, behind the internal load balancer.

In GCP, NICs must reside in separate VPCs. In this deployment, the FortiGate will have two NICs: one in the exposed public subnet / VPC; the other in the protected subnet / VPC. By default, the protected subnet will be called fortigateautoscale-protected-subnet-CLUSTER-SUFFIX.

The default FortiGate configuration located under /assets/configset/baseconfig specifies a VIP on port 80 and a VIP on port 443 with a policy that points to an internal load balancer.

Note

In FortiOS 6.2.3 any VIPs created on the master will not sync to the slave units. Any VIP you wish to add must be added as part of the baseconfig.

The following illustrates adding a basic unmanaged Instance group into the protected subnet and internal load balancer.

  1. Create the VM, ensuring that it resides within the proper region, VPC and subnet:

    Add VM instance

    Add VM instance

  2. Create an Instance group:

    Add Instance group

  3. Under Network services > Load balancing choose the Internal load balancer, select Backend configuration and add the new Instance group.

    Add new Instance group to the internal load balancer