Fortinet black logo

GCP Administration Guide

Home FortiGate Public Cloud 7.4.0 GCP Administration Guide
7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Deploying FortiGate autoscale for GCP

Deploying FortiGate autoscale for GCP

The easiest way to deploy FortiGate autoscale for GCP is with Terraform.

This deployment was tested with:

  • Terraform 0.12
  • Terraform Google Provider 2.20.1
  • Terraform Google Provider Beta 2.20.1
To deploy FortiGate Autoscale for GCP:
  1. Log in to your GCP account.
  2. If you have not already done so, create an authentication token. The default Compute service account should have sufficient permissions. See Authenticate for using client libraries.
  3. Install Terraform. See Install Terraform.
  4. Clone the repository.
  5. Change into the new directory and do one of the following:

    The following files and folders should be present:

    .
├── assets
│   └── configset
│   	├── baseconfig
│   	├── httproutingpolicy
│   	├── httpsroutingpolicy
│   	├── internalelbweb
│   	├── port2config
│   	├── setuptgwvpn
│   	└── storelogtofaz
├── cloud-function-package.json
├── dist
│   └── gcp.zip
├── index.ts
├── main.tf
├── package.json
├── package-lock.json
├── README.md
├── tsconfig.json
├── tslint.json
└── vars.tf
  6. Open the vars.tf file and add values to the following variables:

    Variable

    Value

    project

    Google project ID

    service_account

    Service account that you will use to call Cloud Function

    auth_key

    GCP authentication key name and path. The default is account.json. Specify the path if the key is not in the current directory.

    You can also do the aforementioned step from the command line using the following syntax:

    terraform plan -var "<var_name>=<value>"
  7. Customize other variables such as cpu_ulitization and cooldown period as needed. See Terraform variables.
  8. Initialize the providers and modules: 
    terraform init
  9. Verify the plan: 
    terraform plan
  10. Confirm and apply the plan:
    terraform apply

    Output is similar to the following. A randomly generated five-letter suffix is added to all resources. You can use the suffix to help identify your cluster resources.

    InstanceTemplate = fortigateautoscale-instance-template-cehpm
LoadBalance_instances = []
LoadBalancer_Ip_Address = xxx.xxx.xxx.xxx
Notes = The Firestore Database must be deleted separately
Trigger_URL = https://us-central1-*************.cloudfunctions.net/fortigateautoscale-cehpm
google_compute_region_instance_group_manager = fortigateautoscale-fortigate-autoscale-cehpm
Note

As part of the deployment, Terraform adjusts the ${fgt_secondary_ip} value within the baseconfig file located in assets/configset/. The value should be the external load balancer IP address. See Backend service-based external passthrough Network Load Balancer overview.
Previous
Next

Deploying FortiGate autoscale for GCP

The easiest way to deploy FortiGate autoscale for GCP is with Terraform.

This deployment was tested with:

  • Terraform 0.12
  • Terraform Google Provider 2.20.1
  • Terraform Google Provider Beta 2.20.1
To deploy FortiGate Autoscale for GCP:
  1. Log in to your GCP account.
  2. If you have not already done so, create an authentication token. The default Compute service account should have sufficient permissions. See Authenticate for using client libraries.
  3. Install Terraform. See Install Terraform.
  4. Clone the repository.
  5. Change into the new directory and do one of the following:

    The following files and folders should be present:

    .
├── assets
│   └── configset
│   	├── baseconfig
│   	├── httproutingpolicy
│   	├── httpsroutingpolicy
│   	├── internalelbweb
│   	├── port2config
│   	├── setuptgwvpn
│   	└── storelogtofaz
├── cloud-function-package.json
├── dist
│   └── gcp.zip
├── index.ts
├── main.tf
├── package.json
├── package-lock.json
├── README.md
├── tsconfig.json
├── tslint.json
└── vars.tf
  6. Open the vars.tf file and add values to the following variables:

    Variable

    Value

    project

    Google project ID

    service_account

    Service account that you will use to call Cloud Function

    auth_key

    GCP authentication key name and path. The default is account.json. Specify the path if the key is not in the current directory.

    You can also do the aforementioned step from the command line using the following syntax:

    terraform plan -var "<var_name>=<value>"
  7. Customize other variables such as cpu_ulitization and cooldown period as needed. See Terraform variables.
  8. Initialize the providers and modules: 
    terraform init
  9. Verify the plan: 
    terraform plan
  10. Confirm and apply the plan:
    terraform apply

    Output is similar to the following. A randomly generated five-letter suffix is added to all resources. You can use the suffix to help identify your cluster resources.

    InstanceTemplate = fortigateautoscale-instance-template-cehpm
LoadBalance_instances = []
LoadBalancer_Ip_Address = xxx.xxx.xxx.xxx
Notes = The Firestore Database must be deleted separately
Trigger_URL = https://us-central1-*************.cloudfunctions.net/fortigateautoscale-cehpm
google_compute_region_instance_group_manager = fortigateautoscale-fortigate-autoscale-cehpm
Note

As part of the deployment, Terraform adjusts the ${fgt_secondary_ip} value within the baseconfig file located in assets/configset/. The value should be the external load balancer IP address. See Backend service-based external passthrough Network Load Balancer overview.
Previous
Next