Fortinet Document Library

Version:


Table of Contents

GCP Cookbook

Resources

Upgrade Path Tool

GCP Cookbook

6.4.0
Download PDF
Copy Link

Creating VPC networks

This deployment requires four networks which you must create prior to deploying the FortiGates:

Network

Description

unprotected-network

Treated as unsafe and directly attached to the Internet.

protected-network

Commonly referred to as LAN in traditional physical network architectures.

ha-sync-network

All HA functionality, such as session and configuration synchronization, communicates with this network.

mgmt-network

Out of band management network. For A-P HA to properly manage IP addresses and route tables, the HA cluster must have a public IP address assigned to the HA mgmt interface. Without this configuration, failover does not complete successfully and results in failure of the cluster.

Additionally, you must set up the route tables and GCP firewall rules necessary to allow traffic flow through the FortiGates. The route tables and firewall rules are separate from those that you configure on the FortiGates. Name the GCP route tables and firewall rules according to the associated network and functionality.

To create VPC networks:
  1. In the GCP console, go to VPC Networks, then click CREATE VPC NETWORK.
  2. In the Name field, enter the desired name.
  3. From the Region dropdown list, select the region appropriate for your deployment. All four networks must be in the same region.
  4. From the IP address range field, enter the first network's subnet in CIDR format, such as 10.0.1.0/24.
  5. Leave all other settings as-is, then click Create.
  6. Repeat steps 1-5 to create the remaining three networks in your VPC.

Resources

Creating VPC networks

This deployment requires four networks which you must create prior to deploying the FortiGates:

Network

Description

unprotected-network

Treated as unsafe and directly attached to the Internet.

protected-network

Commonly referred to as LAN in traditional physical network architectures.

ha-sync-network

All HA functionality, such as session and configuration synchronization, communicates with this network.

mgmt-network

Out of band management network. For A-P HA to properly manage IP addresses and route tables, the HA cluster must have a public IP address assigned to the HA mgmt interface. Without this configuration, failover does not complete successfully and results in failure of the cluster.

Additionally, you must set up the route tables and GCP firewall rules necessary to allow traffic flow through the FortiGates. The route tables and firewall rules are separate from those that you configure on the FortiGates. Name the GCP route tables and firewall rules according to the associated network and functionality.

To create VPC networks:
  1. In the GCP console, go to VPC Networks, then click CREATE VPC NETWORK.
  2. In the Name field, enter the desired name.
  3. From the Region dropdown list, select the region appropriate for your deployment. All four networks must be in the same region.
  4. From the IP address range field, enter the first network's subnet in CIDR format, such as 10.0.1.0/24.
  5. Leave all other settings as-is, then click Create.
  6. Repeat steps 1-5 to create the remaining three networks in your VPC.