Using the Google Cloud SDK to Deploy FortiGate-VM
You can deploy FortiGate-VM (BYOL) by using the Google Cloud SDK on your local PC. This is a method of deploying FortiGate-VM on GCP outside of the marketplace product listing and without creating an instance on the Google Cloud Compute Portal.
For details, see Cloud SDK.
This deployment method is only applicable for BYOL. The PAYG deployment file will be ready at a later time.
The following example assumes that the Google Cloud SDK is installed on a Linux machine.
- Log into your GCP environment:
$sudo gcloud auth login
- Select your Google Cloud account and enter your credentials. Then, the default project will be specified.
- In Compute Engine, go to Disks and create a blank disk for the FortiGate-VM log disk. You will attach this disk to the FortiGate at the time of deployment.
You can also create a disk using Google Cloud. To create a disk, run the following command:
gcloud compute --project="project name" disks create "your disk name" --zone="your zone" --type="your disk type" --size="your disk size"
For example, if used with the example in the screenshot, the command looks as follows:
sudo gcloud compute --project="project name" disks create jkatocloudinit1 --zone=us-west1-a --type=pd-ssd --size=30GB
- The command to deploy a FortiGate-VM requires the following values. Check the following for your GCP environment:
VM name: desired VM name.
network name1: Name for the public-facing network.
subnet name1: Subnet name for the public-facing network.
network name2: Name for the internal protected network.
subnet name2: Subnet name for the Internet network.
no-addresswill not allocate an ephemeral/external IP address on the interface.
project name: Project where you will deploy the VM instance. You must have access to the project.
image name: The FortiGate image where you will deploy the VM from. For details on how to obtain this image, see Obtaining the Deployment Image.
--can-ip-forward: Should be specified for IP Forwarding=ON.
machine type: Enter the machine type, such as
zone name: Enter the zone name, such as
us-west-1a. Note that this is a zone within a region.
disk name: A blank disk name for the second disk. FortiGate-VM requires an additional disk for logging.
device name: Enter a device name.
- The command to deploy a FortiGate-VM is as follows. This example creates a VM with two network interfaces:
$gcloud compute instances create <VM name> --network-interface network=<network name1>,subnet=<subnet name1> --network-interface network=<network name2>,subnet=<subnet name2>,no-address --project <project name> --image <image name> --can-ip-forward --machine-type
In this example, let's run the following command to create the FortiGate-VM instance with name jkatofgt603cloudinit:
$sudo gcloud compute instances create jkatofgt603cloudinit --network-interface network=jkato001,subnet=publicfacing1 --network-interface network=jkato002,subnet=privfacing4 --project "project name" --image jkato-fgt-603-10162018-001 --can-ip-forward --machine-type n1-highcpu-2" --zone us-west1-a --disk=name=jkatocloudinit1,device-name=jkatodevicecloudinit1,mode=rw,boot=no
- Go to the Google Cloud Compute Engine and find the new VM instance.
- Connect to the FortiGate-VM instance. See Connecting to the FortiGate-VM.