Fortinet black logo

GCP Deployment Guide

Home FortiDeceptor Public Cloud 5.0.0 GCP Deployment Guide
5.0.0
5.3.0
5.2.0
5.0.0
4.2.0
4.1.0

Create a FortiDeceptor instance

Create a FortiDeceptor instance

Use the prepared image as the boot disk to create cloud FortiDeceptor and configure the interfaces.

Creating a VM instance

To create a VM instance in Google Cloud:
  1. In the Google Cloud, go to Virtual Machines > VM Instances.
  2. In the toolbar, click Create Instance. The Create an instance page opens.

  3. Enter a name for the instance.

  4. Change the boot disk.
    1. Scroll down to the Book disk section, and click the Change button. The Book disk pane opens.
    2. Click the Custom Images tab.
    3. Click Select a Project and select the image you prepared in the Google Cloud console. See Create an image with the image file.
    4. Click Select.

  5. Scroll down to Firewall, select All HTTPS traffic.

  6. Click Networking, Disks, Management, Sole-Tenancy and add a new disk and set up the network.
    1. Under Disks, click Add New Disk. The Add New Disk pane opens.
    2. From the Size dropdown, set the size to 50GB or more and click Save.

  7. Add the interfaces.

Adding a deployment network

You must configure a minimum of two ports and maximum of six ports. You will also add some secondary IPs to the ports. Later, when you deploy decoys, you will assign these IPs to the decoys.

The number of virtual network interfaces scales with the number of vCPUs with a minimum of two and a maximum of eight.

Use the following table to determine how many network interfaces can be attached to an instance:

Number of vCPU

Number of vNICs
2 or less 2
2 to 8 2 to 8
8 or more 8

For more information, see Creating instances with multiple network interfaces.

To add a deployment network:
  1. Select a machine type based on how many networks you need to deploy.
    1. Go to the Create an instance page in the Google Cloud console.
    2. Click New VM instance and enter a name for the instance.
    3. In the Machine configuration area, click the Machine type dropdown and select the machine type.

  2. Configure the firewalls with networks.
    1. In the Firewall section, select Allow HTTPS traffic. This allows you to access FortiDeceptor with a web browser.
    2. Click Networking, Disks, Management, Sole-Tenancy
    3. In the Networking section, in the Network tags area, enter the network tags.

      • A firewall in the default network attaches to tag (such as gcp-fdc) opens 8443 on port1.

      • A firewall attached to tag (such as gcp-fdc-ep) opens all ports between port2/3/4/5/6 and the endpoints.

    For more information about firewalls and networks, see Create VPC networks and Create a firewall policy.

    Note

    The firewall fcp-fdc-ep" should be crated in the same VPC of each FortiDeceptor port.

  3. In the Network Interfaces area, click Add Network Interface, make the following configurations:

    NetworkSelect the VPC you created for port2
    SubnetworkSelect the proper subnet within the VPC region.
    Subnet rangeEnter the secondary IPs.
    External IP None
  4. Click Create.
Previous
Next

Create a FortiDeceptor instance

Use the prepared image as the boot disk to create cloud FortiDeceptor and configure the interfaces.

Creating a VM instance

To create a VM instance in Google Cloud:
  1. In the Google Cloud, go to Virtual Machines > VM Instances.
  2. In the toolbar, click Create Instance. The Create an instance page opens.

  3. Enter a name for the instance.

  4. Change the boot disk.
    1. Scroll down to the Book disk section, and click the Change button. The Book disk pane opens.
    2. Click the Custom Images tab.
    3. Click Select a Project and select the image you prepared in the Google Cloud console. See Create an image with the image file.
    4. Click Select.

  5. Scroll down to Firewall, select All HTTPS traffic.

  6. Click Networking, Disks, Management, Sole-Tenancy and add a new disk and set up the network.
    1. Under Disks, click Add New Disk. The Add New Disk pane opens.
    2. From the Size dropdown, set the size to 50GB or more and click Save.

  7. Add the interfaces.

Adding a deployment network

You must configure a minimum of two ports and maximum of six ports. You will also add some secondary IPs to the ports. Later, when you deploy decoys, you will assign these IPs to the decoys.

The number of virtual network interfaces scales with the number of vCPUs with a minimum of two and a maximum of eight.

Use the following table to determine how many network interfaces can be attached to an instance:

Number of vCPU

Number of vNICs
2 or less 2
2 to 8 2 to 8
8 or more 8

For more information, see Creating instances with multiple network interfaces.

To add a deployment network:
  1. Select a machine type based on how many networks you need to deploy.
    1. Go to the Create an instance page in the Google Cloud console.
    2. Click New VM instance and enter a name for the instance.
    3. In the Machine configuration area, click the Machine type dropdown and select the machine type.

  2. Configure the firewalls with networks.
    1. In the Firewall section, select Allow HTTPS traffic. This allows you to access FortiDeceptor with a web browser.
    2. Click Networking, Disks, Management, Sole-Tenancy
    3. In the Networking section, in the Network tags area, enter the network tags.

      • A firewall in the default network attaches to tag (such as gcp-fdc) opens 8443 on port1.

      • A firewall attached to tag (such as gcp-fdc-ep) opens all ports between port2/3/4/5/6 and the endpoints.

    For more information about firewalls and networks, see Create VPC networks and Create a firewall policy.

    Note

    The firewall fcp-fdc-ep" should be crated in the same VPC of each FortiDeceptor port.

  3. In the Network Interfaces area, click Add Network Interface, make the following configurations:

    NetworkSelect the VPC you created for port2
    SubnetworkSelect the proper subnet within the VPC region.
    Subnet rangeEnter the secondary IPs.
    External IP None
  4. Click Create.
Previous
Next