Fortinet black logo

GCP Administration Guide

Home FortiGate Public Cloud 7.0.0 GCP Administration Guide

Deploying resources in spoke VPC

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 2a566884-8679-11eb-9995-00505692583a:994359
Download PDF

Deploying resources in spoke VPC

To deploy resources in the internal VPC of a spoke:
  1. To allow for traffic to flow out of the ncc_vpc_int private subnet, you must add routes to the VPC route table. This step allows the FortiGate to control traffic coming in and out of the internal VPC. Do the following:
    1. On the GCP management console, go to VPC Networks > ncc_vpc_int > ROUTES.
    2. Click ADD ROUTE.
    3. In the Destination IP range field, enter 0.0.0.0/0.
    4. In the Priority field, enter 1000.
    5. In the Next hop IP address field, enter the internal port 2 IP address of the spoke FortiGate. In the example, this is 192.168.215.2.
    6. Click CREATE.
  2. Go to VPC Networks > ncc_vpc_int > Firewall Rules and add firewall rules to allow and block the required traffic based on the type of service delpoyed.
Previous
Next

Deploying resources in spoke VPC

To deploy resources in the internal VPC of a spoke:
  1. To allow for traffic to flow out of the ncc_vpc_int private subnet, you must add routes to the VPC route table. This step allows the FortiGate to control traffic coming in and out of the internal VPC. Do the following:
    1. On the GCP management console, go to VPC Networks > ncc_vpc_int > ROUTES.
    2. Click ADD ROUTE.
    3. In the Destination IP range field, enter 0.0.0.0/0.
    4. In the Priority field, enter 1000.
    5. In the Next hop IP address field, enter the internal port 2 IP address of the spoke FortiGate. In the example, this is 192.168.215.2.
    6. Click CREATE.
  2. Go to VPC Networks > ncc_vpc_int > Firewall Rules and add firewall rules to allow and block the required traffic based on the type of service delpoyed.
Previous
Next