Fortinet black logo

GCP Administration Guide

Home FortiGate Public Cloud 7.2.0 GCP Administration Guide
7.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Deploying a shielded VM FortiGate-VM

Deploying a shielded VM FortiGate-VM

This is an example FortiGate-VM deployment leveraging shielded VM features in GCP Compute Engine. The networks that this example uses were created prior to running the command. Edit the commands to fit your environment prior to running the commands. This document assumes that the GCloud SDK CLI is installed and ready to use for your environment. This method applies the bring your own license licensing method. For information on GCP shielded VM, see Shielded VMs.

Caution

Downgrading to a previous GA version when using a UEFI-enabled FortiGate instance is not possible.
Note

GCP marketplace deployments do not support enabling shielded VM features.
To deploy FortiGate-VM leveraging shielded VM in GCP Compute Engine:
  1. Define environment variables: 
    project=<your project ID>
zone=us-central1-a
serviceaccount=<your service account>
image=projects/fortigcp-project-001/global/images/fortinet-fgt-724-20230310-001-w-license
  2. Edit and run the following commands in GCP: 
    gcloud compute instances create shielded-vm-fortigate \
--project=$project \
--zone=$zone \
--machine-type=n2d-standard-2 \
--network-interface=network-tier=PREMIUM,private-network-ip=10.0.1.10,subnet=unprotected-public-subnet \
--network-interface=private-network-ip=10.0.2.10,subnet=protected-private-subnet,no-address \
--shielded-secure-boot \
--can-ip-forward \
--service-account=$serviceaccount \
--scopes=https://www.googleapis.com/auth/cloud-platform \
--create-disk=auto-delete=yes,boot=yes,device-name=shielded-vm-fortigate,image=$image,mode=rw,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced \
--create-disk=auto-delete=yes,device-name=shielded-vm-fortigate-log,mode=rw,name=shielded-vm-fortigate-log,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced
    Note

    The --shielded-secure-boot flag explicitly enables the shielded VM features for the instance that the aforementioned command creates.

  3. View instance details and verify shielded VM features are enabled:

Note

To check TPM status in the FortiOS CLI, see TPM support for FortiGate-VM.
Previous
Next

Deploying a shielded VM FortiGate-VM

This is an example FortiGate-VM deployment leveraging shielded VM features in GCP Compute Engine. The networks that this example uses were created prior to running the command. Edit the commands to fit your environment prior to running the commands. This document assumes that the GCloud SDK CLI is installed and ready to use for your environment. This method applies the bring your own license licensing method. For information on GCP shielded VM, see Shielded VMs.

Caution

Downgrading to a previous GA version when using a UEFI-enabled FortiGate instance is not possible.
Note

GCP marketplace deployments do not support enabling shielded VM features.
To deploy FortiGate-VM leveraging shielded VM in GCP Compute Engine:
  1. Define environment variables: 
    project=<your project ID>
zone=us-central1-a
serviceaccount=<your service account>
image=projects/fortigcp-project-001/global/images/fortinet-fgt-724-20230310-001-w-license
  2. Edit and run the following commands in GCP: 
    gcloud compute instances create shielded-vm-fortigate \
--project=$project \
--zone=$zone \
--machine-type=n2d-standard-2 \
--network-interface=network-tier=PREMIUM,private-network-ip=10.0.1.10,subnet=unprotected-public-subnet \
--network-interface=private-network-ip=10.0.2.10,subnet=protected-private-subnet,no-address \
--shielded-secure-boot \
--can-ip-forward \
--service-account=$serviceaccount \
--scopes=https://www.googleapis.com/auth/cloud-platform \
--create-disk=auto-delete=yes,boot=yes,device-name=shielded-vm-fortigate,image=$image,mode=rw,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced \
--create-disk=auto-delete=yes,device-name=shielded-vm-fortigate-log,mode=rw,name=shielded-vm-fortigate-log,size=10,type=projects/$project/zones/$zone/diskTypes/pd-balanced
    Note

    The --shielded-secure-boot flag explicitly enables the shielded VM features for the instance that the aforementioned command creates.

  3. View instance details and verify shielded VM features are enabled:

Note

To check TPM status in the FortiOS CLI, see TPM support for FortiGate-VM.
Previous
Next