Fortinet Document Library

Version:


Table of Contents

About FortiGate for OCI

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on OCI

Deploying FortiGate-VM using Terraform

Security Fabric Connector Integration with OCI

Resources

Upgrade Path Tool
6.0.0
Copy Link

Deploying the FortiGate

  1. Prepare your OCI environment as detailed in Creating a virtual cloud network (VCN) and public-facing subnets if you do not have one yet.

    Once you have set up the OCI environment, you are ready to deploy the FortiGate-VM. The deployment image location and instructions can be found in Obtaining the Deployment Image File and Placing It in Your Bucket. Change the IP addresses as desired.

  2. In the instructions for deploying a single VM above, there are two network interfaces (VNIC) configured on each FortiGate, but in order to take advantage of A-P HA, you need four network interfaces (vNICs, port1 to port4) on each FortiGate that constitutes an A-P HA cluster. Configure all required network interfaces (OCI vNICs and FortiGate network interface configuration) that support A-P HA by referring to Configuring the OCI HA interface. You must choose an OCI instance type that supports at least four vNICs.
  3. Ensure you configure the security list on each subnet for egress and ingress interfaces appropriately. It is particularly important that the management interfaces have egress Internet access for API calls to the OCI metadata server.

Resources

Deploying the FortiGate

  1. Prepare your OCI environment as detailed in Creating a virtual cloud network (VCN) and public-facing subnets if you do not have one yet.

    Once you have set up the OCI environment, you are ready to deploy the FortiGate-VM. The deployment image location and instructions can be found in Obtaining the Deployment Image File and Placing It in Your Bucket. Change the IP addresses as desired.

  2. In the instructions for deploying a single VM above, there are two network interfaces (VNIC) configured on each FortiGate, but in order to take advantage of A-P HA, you need four network interfaces (vNICs, port1 to port4) on each FortiGate that constitutes an A-P HA cluster. Configure all required network interfaces (OCI vNICs and FortiGate network interface configuration) that support A-P HA by referring to Configuring the OCI HA interface. You must choose an OCI instance type that supports at least four vNICs.
  3. Ensure you configure the security list on each subnet for egress and ingress interfaces appropriately. It is particularly important that the management interfaces have egress Internet access for API calls to the OCI metadata server.