Fortinet black logo

GCP Administration Guide

Home FortiGate Public Cloud 7.0.0 GCP Administration Guide
7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Protocol forwarding rule with SDN connector

Protocol forwarding rule with SDN connector

Compute Engine supports protocol forwarding, which lets you create forwarding rule objects that can send packets to a non-NATed target instance.

Each target instance contains a single virtual machine instance that receives and handles traffic from the corresponding forwarding rules.

In an active-passive (A-P) high availability (HA) configuration, when the failover occurs, the forwarding rules are updated to use the active/primary instance along with the route associated with the A-P configuration in the SDN connector.

Note

This guide assumes that you have created all networks and FortiGate instances prior to starting the following instructions.

The Google CLI commands in this guide use Linux operating system variables.

This configuration requires the following:

  • Networks and subnetworks created to support FortiGate A-P HA deployment
  • Two FortiGate-VMs deployed, running, and configured as an A-P HA cluster
  • Roles and Identity & Access Management permissions in the respective project to allow for changes to forwarding rule target instances to be updated on failover, such as the Compute load balancer (LB) admin role
Note

Protocol forwarding and LB deployments can and do overlap in GCP resource configuration. However, they are not the same deployment method. For information about these deployment types, see the following:
Previous
Next

Protocol forwarding rule with SDN connector

Compute Engine supports protocol forwarding, which lets you create forwarding rule objects that can send packets to a non-NATed target instance.

Each target instance contains a single virtual machine instance that receives and handles traffic from the corresponding forwarding rules.

In an active-passive (A-P) high availability (HA) configuration, when the failover occurs, the forwarding rules are updated to use the active/primary instance along with the route associated with the A-P configuration in the SDN connector.

Note

This guide assumes that you have created all networks and FortiGate instances prior to starting the following instructions.

The Google CLI commands in this guide use Linux operating system variables.

This configuration requires the following:

  • Networks and subnetworks created to support FortiGate A-P HA deployment
  • Two FortiGate-VMs deployed, running, and configured as an A-P HA cluster
  • Roles and Identity & Access Management permissions in the respective project to allow for changes to forwarding rule target instances to be updated on failover, such as the Compute load balancer (LB) admin role
Note

Protocol forwarding and LB deployments can and do overlap in GCP resource configuration. However, they are not the same deployment method. For information about these deployment types, see the following:
Previous
Next