Fortinet black logo

GCP Administration Guide

Home FortiGate Public Cloud 7.4.0 GCP Administration Guide
7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Terraform variables

Terraform variables

The following table lists variables in the vars.tf file. You can change the values to suit your cluster needs.

Resource

Default

Description

project

Requires input

Project under which you will deploy the instance group. See Creating and managing projects.

auth_key

Requires input

File name of the authentication key you use to connect to GCP. See Adding credentials.

service_account

Requires input

Service account that you will use to call Cloud Functions. This allows Cloud Functions to be restricted to authorized calls.

region

us-central1

GCP region

zone

us-central1-c

GCP zone

nodejs_version

nodejs10

Node.js version to use in Cloud Functions

max_replicas

3

Maximum number of FortiGate-VM instances in the instance group. See Instance groups.

min_replicas

2

Minimum number of FortiGate-VM instances in the instance group.

cpu_utilization

0.5

Target CPU usage for the cluster to achieve. Instances scale out or in to meet this target.

Note

Autoscaling is based on CPU utilization. This deployment does not support autoscaling using custom metrics.

cluster_name

FortigateAutoScale

Cluster name to use across objects (buckets, VPC, and so on)

bucket_name

fortigateautoscale

Blob storage bucket name

fortigate_image

projects/fortigcp-project-001/global/images/fortinet-fgtondemand-623-20191223-001-w-license

Source image for the instance group to use. The default image is FortiOS 6.2.3.

instance

n1-standard-1

Instance family type for the scaling configuration to use.

vpc_cidr

172.16.0.0/16

Classless inter-domain routing (CIDR) block for the FortiGate autoscale VPC divided into two /21 subnets.

public_subnet

172.16.0.0/21

Public subnet that the FortiGate cluster uses.

protected_subnet

172.16.8.0/21

Private subnet for VMs behind the FortiGate cluster.

firewall_allowed_range

0.0.0.0/0

GCP firewall range to allow.

Note
  • The default is to allow all.
  • If you use the GCP firewall policy to block incoming traffic, you must allow the load balancer to perform health checks and send data. For details on the IP addresses that will need access, see Probe IP ranges and firewall rules.

target_size

2

Autoscale cluster target size. See Autoscaling groups of instances.

SCRIPT_TIMEOUT

500

Timeout (in seconds) of a Cloud Functions invocation.

MASTER_ELECTION_TIMEOUT

400

Maximum time in seconds to wait for a primary election to complete. This variable should be less than the total script timeout (SCRIPT_TIMEOUT).

FORTIGATE_ADMIN_PORT

8443

Port number for FortiGate-VM administration. Do not use the FortiGate reserved ports 443, 541, 514, or 703. This value must be between 1 and 65535.

This variable was previously used for the FortiGate Autoscale Cluster admin port.

HEARTBEAT_INTERVAL

25

Length of time in seconds that a FortiGate-VM waits between sending heartbeat requests to the function.

HEART_BEAT_DELAY_ALLOWANCE

10

Allowed variance in seconds before a heartbeat is considered out-of-sync and heartbeat loss is increased.

HEART_BEAT_LOSS_COUNT

10

Number of consecutively lost heartbeats. When the heartbeat loss count has been reached, the FortiGate-VM is deemed unhealthy and failover activities commence.

You can reference variables from the command line using the following:

terraform plan -var "<var name>=<value>"
Previous
Next

Terraform variables

The following table lists variables in the vars.tf file. You can change the values to suit your cluster needs.

Resource

Default

Description

project

Requires input

Project under which you will deploy the instance group. See Creating and managing projects.

auth_key

Requires input

File name of the authentication key you use to connect to GCP. See Adding credentials.

service_account

Requires input

Service account that you will use to call Cloud Functions. This allows Cloud Functions to be restricted to authorized calls.

region

us-central1

GCP region

zone

us-central1-c

GCP zone

nodejs_version

nodejs10

Node.js version to use in Cloud Functions

max_replicas

3

Maximum number of FortiGate-VM instances in the instance group. See Instance groups.

min_replicas

2

Minimum number of FortiGate-VM instances in the instance group.

cpu_utilization

0.5

Target CPU usage for the cluster to achieve. Instances scale out or in to meet this target.

Note

Autoscaling is based on CPU utilization. This deployment does not support autoscaling using custom metrics.

cluster_name

FortigateAutoScale

Cluster name to use across objects (buckets, VPC, and so on)

bucket_name

fortigateautoscale

Blob storage bucket name

fortigate_image

projects/fortigcp-project-001/global/images/fortinet-fgtondemand-623-20191223-001-w-license

Source image for the instance group to use. The default image is FortiOS 6.2.3.

instance

n1-standard-1

Instance family type for the scaling configuration to use.

vpc_cidr

172.16.0.0/16

Classless inter-domain routing (CIDR) block for the FortiGate autoscale VPC divided into two /21 subnets.

public_subnet

172.16.0.0/21

Public subnet that the FortiGate cluster uses.

protected_subnet

172.16.8.0/21

Private subnet for VMs behind the FortiGate cluster.

firewall_allowed_range

0.0.0.0/0

GCP firewall range to allow.

Note
  • The default is to allow all.
  • If you use the GCP firewall policy to block incoming traffic, you must allow the load balancer to perform health checks and send data. For details on the IP addresses that will need access, see Probe IP ranges and firewall rules.

target_size

2

Autoscale cluster target size. See Autoscaling groups of instances.

SCRIPT_TIMEOUT

500

Timeout (in seconds) of a Cloud Functions invocation.

MASTER_ELECTION_TIMEOUT

400

Maximum time in seconds to wait for a primary election to complete. This variable should be less than the total script timeout (SCRIPT_TIMEOUT).

FORTIGATE_ADMIN_PORT

8443

Port number for FortiGate-VM administration. Do not use the FortiGate reserved ports 443, 541, 514, or 703. This value must be between 1 and 65535.

This variable was previously used for the FortiGate Autoscale Cluster admin port.

HEARTBEAT_INTERVAL

25

Length of time in seconds that a FortiGate-VM waits between sending heartbeat requests to the function.

HEART_BEAT_DELAY_ALLOWANCE

10

Allowed variance in seconds before a heartbeat is considered out-of-sync and heartbeat loss is increased.

HEART_BEAT_LOSS_COUNT

10

Number of consecutively lost heartbeats. When the heartbeat loss count has been reached, the FortiGate-VM is deemed unhealthy and failover activities commence.

You can reference variables from the command line using the following:

terraform plan -var "<var name>=<value>"
Previous
Next