Fortinet black logo

GCP Administration Guide

Home FortiGate Public Cloud 6.2.0 GCP Administration Guide

Deploying the primary FortiGate-VM instance

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID b9e63a31-412a-11e9-94bf-00505692583a:986123
Download PDF

Deploying the primary FortiGate-VM instance

  1. Go to Compute Engine > VM Instances. Click CREATE INSTANCE.
  2. Configure the instance settings:
    1. In the Name field, enter the desired name.
    2. From the Region dropdown list, select the region where you created your VPC networks in Creating VPC networks.
    3. From the Zone dropdown list, select a zone within the chosen region. You must deploy both FortiGates in the same region and zone.
    4. From the Machine type dropdown list, select the number of vCPUs for this instance. This should match the FortiGate license and be a minimum of four vcPUs so that the instance supports four vNICs.
    5. Under Boot disk, click Change.
    6. On the Custom images tab, select the newly created image. Click Select.
    7. Click to expand Management, security, disks, networking, sole tenancy, then click Networking.
    8. Configure the unprotected network:
      1. Click the edit icon for the interface already created for the instance.
      2. From the Network dropdown list, select the unprotected network. Your subnet is automatically populated.
      3. From the External IP dropdown list, select Create IP address.
      4. In the Name field, enter a name for the IP address, then click RESERVE.
      5. From the IP Forwarding dropdown list, select On.
      6. Click Done.
    9. Configure the protected network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the protected network.
      3. From the External IP dropdown list, select None.
      4. Click Done.
    10. Configure the HA network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the HA network.
      3. From the External IP dropdown list, select None.
      4. Click Done.
    11. Configure the management network. For A-P HA to properly manage IP addresses and route tables, the HA cluster must have a public IP address assigned to the HA mgmt interface. Without this configuration, failover does not complete successfully and results in failure of the cluster:
      1. Click Add network interface.
      2. From the Network dropdown list, select the management network.
      3. From the External IP dropdown list, select Ephemeral.
      4. Click Done.
    caution icon

    You cannot add interfaces to an instance after creating it. If you create the instance with an improper interface configuration, you must destroy the instance and recreate it with the proper interface configuration.
  3. After configuring all elements, click Create.
Previous
Next

Deploying the primary FortiGate-VM instance

  1. Go to Compute Engine > VM Instances. Click CREATE INSTANCE.
  2. Configure the instance settings:
    1. In the Name field, enter the desired name.
    2. From the Region dropdown list, select the region where you created your VPC networks in Creating VPC networks.
    3. From the Zone dropdown list, select a zone within the chosen region. You must deploy both FortiGates in the same region and zone.
    4. From the Machine type dropdown list, select the number of vCPUs for this instance. This should match the FortiGate license and be a minimum of four vcPUs so that the instance supports four vNICs.
    5. Under Boot disk, click Change.
    6. On the Custom images tab, select the newly created image. Click Select.
    7. Click to expand Management, security, disks, networking, sole tenancy, then click Networking.
    8. Configure the unprotected network:
      1. Click the edit icon for the interface already created for the instance.
      2. From the Network dropdown list, select the unprotected network. Your subnet is automatically populated.
      3. From the External IP dropdown list, select Create IP address.
      4. In the Name field, enter a name for the IP address, then click RESERVE.
      5. From the IP Forwarding dropdown list, select On.
      6. Click Done.
    9. Configure the protected network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the protected network.
      3. From the External IP dropdown list, select None.
      4. Click Done.
    10. Configure the HA network:
      1. Click Add network interface.
      2. From the Network dropdown list, select the HA network.
      3. From the External IP dropdown list, select None.
      4. Click Done.
    11. Configure the management network. For A-P HA to properly manage IP addresses and route tables, the HA cluster must have a public IP address assigned to the HA mgmt interface. Without this configuration, failover does not complete successfully and results in failure of the cluster:
      1. Click Add network interface.
      2. From the Network dropdown list, select the management network.
      3. From the External IP dropdown list, select Ephemeral.
      4. Click Done.
    caution icon

    You cannot add interfaces to an instance after creating it. If you create the instance with an improper interface configuration, you must destroy the instance and recreate it with the proper interface configuration.
  3. After configuring all elements, click Create.
Previous
Next