Fortinet Document Library

Version:


Table of Contents

About FortiGate for OCI

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on OCI

Deploying FortiGate-VM using Terraform

Security Fabric Connector Integration with OCI

Resources

Upgrade Path Tool
6.0.0
Copy Link

Creating an instance by importing an image file

Obtaining the deployment image file and placing it in your bucket

To obtain the deployment image file and place it in your bucket:
  1. Obtain the deployment image file:
    1. Go to Customer Service & Support. Navigate to Download > VM Images in the top menu.
    2. In the Select Product dropdown list, select FortiGate.
    3. In the Select Platform dropdown list, select Oracle.
    4. Obtain the FGT_VM64_OPC-vX-buildXXXX-FORTINET.out.OpenXen.zip file. XXXX is the build number. Ensure the file name includes OpenXen.
    5. After downloading, unzip the file. You will find the forties.qcow2 file, which is needed to deploy the FortiGate on OCI.
  2. In OCI, go to Object Storage, then click Create Bucket to create a standard storage bucket.

  3. Configure the standard storage bucket as shown below.

  4. Select the bucket, then click Upload Object to upload the deployment image file forties.qcow2. The dialog shows the upload progress.

  5. Once uploaded, the following screen appears. Click Create Pre-Authenticated Requests.

  6. Note down this URL. It is needed in further steps.

Importing the image

To import the image:
  1. Go to Compute > Custom Images. Click Import Image.
  2. In the Import Image dialog, complete the fields. In the OBJECT STORAGE URL field, enter the URL link obtained in Obtaining the deployment image file and placing it in your bucket and place it in your bucket.
  3. Under IMAGE TYPE, select QCOW2.
  4. Under LAUNCH MODE, select PARAVIRTUALIZED MODE or EMULATED MODE. Native mode is not supported. Paravirtualized mode (PV) became available on OCI in November 2018.

  5. You have now imported the image. Wait until the IMPORTING... status changes to AVAILABLE.

Creating the FortiGate instance

To create the FortiGate instance:
  1. From the newly imported image, click Create Instance.

  2. Configure the parameters:
    1. In the Name your instance field, enter the desired name to identify the instance by.
    2. Under Select an availability domain for your instance, select the desired domain.
    3. Under Choose instance type, select Virtual Machine.
    4. Under Choose instance shape, select one of the supported instance shapes. FortiGate-VM supports the Standard1 and Standard2 instance families.

    5. In the Virtual cloud network field, select a network to launch the instance.
    6. In the Subnet field, select a subnet on the Internet-facing side of the network.
    7. Click Show Advanced Options.

    8. On the Management tab, if you want to add bootstrapping of FortiGate CLI commands and a BYOL license, follow the instructions in (Optional) Bootstrapping FortiGate on the OCI GUI at initial bootup, then copy and paste all of the text content (CLI commands and license) under User Data. Modify the text as needed.

    9. On the Networking tab, in the Private IP address field, specify a static IP address within the selected subnet.
    10. Ensure Assign public IP address is selected so you can access the FortiGate over the Internet. This can be disabled once everything has been configured as desired.
    11. In the Hostname field, enter the desired name.
  3. Click Create. Wait until the PROVISIONING… status changes to RUNNING. You can also check the FortiGate’s public IP address in this screen once it becomes available.

    At this stage, FortiGate deployment is not complete. You also need to add a storage volume as a system log disk and attach it to the FortiGate instance. If you want FortiGate to run inline across two or multiple subnets, you will also need to add one or more virtual network interfaces and attach them to the FortiGate instance.

Resources

Creating an instance by importing an image file

Obtaining the deployment image file and placing it in your bucket

To obtain the deployment image file and place it in your bucket:
  1. Obtain the deployment image file:
    1. Go to Customer Service & Support. Navigate to Download > VM Images in the top menu.
    2. In the Select Product dropdown list, select FortiGate.
    3. In the Select Platform dropdown list, select Oracle.
    4. Obtain the FGT_VM64_OPC-vX-buildXXXX-FORTINET.out.OpenXen.zip file. XXXX is the build number. Ensure the file name includes OpenXen.
    5. After downloading, unzip the file. You will find the forties.qcow2 file, which is needed to deploy the FortiGate on OCI.
  2. In OCI, go to Object Storage, then click Create Bucket to create a standard storage bucket.

  3. Configure the standard storage bucket as shown below.

  4. Select the bucket, then click Upload Object to upload the deployment image file forties.qcow2. The dialog shows the upload progress.

  5. Once uploaded, the following screen appears. Click Create Pre-Authenticated Requests.

  6. Note down this URL. It is needed in further steps.

Importing the image

To import the image:
  1. Go to Compute > Custom Images. Click Import Image.
  2. In the Import Image dialog, complete the fields. In the OBJECT STORAGE URL field, enter the URL link obtained in Obtaining the deployment image file and placing it in your bucket and place it in your bucket.
  3. Under IMAGE TYPE, select QCOW2.
  4. Under LAUNCH MODE, select PARAVIRTUALIZED MODE or EMULATED MODE. Native mode is not supported. Paravirtualized mode (PV) became available on OCI in November 2018.

  5. You have now imported the image. Wait until the IMPORTING... status changes to AVAILABLE.

Creating the FortiGate instance

To create the FortiGate instance:
  1. From the newly imported image, click Create Instance.

  2. Configure the parameters:
    1. In the Name your instance field, enter the desired name to identify the instance by.
    2. Under Select an availability domain for your instance, select the desired domain.
    3. Under Choose instance type, select Virtual Machine.
    4. Under Choose instance shape, select one of the supported instance shapes. FortiGate-VM supports the Standard1 and Standard2 instance families.

    5. In the Virtual cloud network field, select a network to launch the instance.
    6. In the Subnet field, select a subnet on the Internet-facing side of the network.
    7. Click Show Advanced Options.

    8. On the Management tab, if you want to add bootstrapping of FortiGate CLI commands and a BYOL license, follow the instructions in (Optional) Bootstrapping FortiGate on the OCI GUI at initial bootup, then copy and paste all of the text content (CLI commands and license) under User Data. Modify the text as needed.

    9. On the Networking tab, in the Private IP address field, specify a static IP address within the selected subnet.
    10. Ensure Assign public IP address is selected so you can access the FortiGate over the Internet. This can be disabled once everything has been configured as desired.
    11. In the Hostname field, enter the desired name.
  3. Click Create. Wait until the PROVISIONING… status changes to RUNNING. You can also check the FortiGate’s public IP address in this screen once it becomes available.

    At this stage, FortiGate deployment is not complete. You also need to add a storage volume as a system log disk and attach it to the FortiGate instance. If you want FortiGate to run inline across two or multiple subnets, you will also need to add one or more virtual network interfaces and attach them to the FortiGate instance.