Fortinet Document Library

Version:


Table of Contents

About FortiGate for OCI

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on OCI

Deploying FortiGate-VM using Terraform

Security Fabric Connector Integration with OCI

Resources

Upgrade Path Tool
6.0.0
Copy Link

Deploying the FortiGate

  1. Set up the OCI VCN environment. See Creating a VCN for same-AD HA topology.
  2. Deploy FortiGate-VMs in the environment for an active-passive configuration. See Creating a FortiGate-VM instance. To deploy FortiGate-VM from the marketplace, see Deploying FortiGate-VM via the marketplace.
  3. Configure extra VNICs for the FortiGate-VM. You must ensure there are at least four network interfaces configured for each instance. See Checking the prerequisites. To create an extra VNIC, see Creating the second virtual network interface (VNIC). To configure the extra VNIC, see Configuring the second vNIC on the FortiGate.
  4. Update route rules to point to the internal/trust private IP address on the active FortiGate. It is recommended to create a separate route table for the internal/trust subnet:
    1. Go to Networking > Virtual Cloud Networks > <VCN used> > Route Tables, then click Create Route Table.
    2. Specify the route table to point to the internal/trust private IP address on the active FortiGate:

    3. Go to Networking > Virtual Cloud Networks > <VCN used>. Edit the desired subnet.
    4. Under Route Table, update the configuration to the newly created route table.

Resources

Deploying the FortiGate

  1. Set up the OCI VCN environment. See Creating a VCN for same-AD HA topology.
  2. Deploy FortiGate-VMs in the environment for an active-passive configuration. See Creating a FortiGate-VM instance. To deploy FortiGate-VM from the marketplace, see Deploying FortiGate-VM via the marketplace.
  3. Configure extra VNICs for the FortiGate-VM. You must ensure there are at least four network interfaces configured for each instance. See Checking the prerequisites. To create an extra VNIC, see Creating the second virtual network interface (VNIC). To configure the extra VNIC, see Configuring the second vNIC on the FortiGate.
  4. Update route rules to point to the internal/trust private IP address on the active FortiGate. It is recommended to create a separate route table for the internal/trust subnet:
    1. Go to Networking > Virtual Cloud Networks > <VCN used> > Route Tables, then click Create Route Table.
    2. Specify the route table to point to the internal/trust private IP address on the active FortiGate:

    3. Go to Networking > Virtual Cloud Networks > <VCN used>. Edit the desired subnet.
    4. Under Route Table, update the configuration to the newly created route table.