Configuring GCP SDN Connector on FortiGate for GCP
- In FortiOS, go to Security Fabric > Fabric Connectors.
- Click Create New, and select Google Cloud Platform (GCP).
Note you can create only one SDN Connector per connector type. For example, you can create one entry for GCP.
- Configure the connector as follows:
- Name: Enter the desired connector name.
Use metadata IAM: The Google platform requires a certain authentication level to call APIs from the FortiGate.
- If you enable Use metadata IAM, ensure that the FortiGate has API access on Google Compute Engine. For details, see Checking Metadata API Access.
- If you do not enable Use metadata IAM, you must specify your own service account.
The Use metadata IAM option is only available to FortiGate-VMs running on GCP. FortiGates running outside of GCP (including physical FortiGate units and FortiGate-VMs running on other cloud platforms) have a configuration that is equivalent to disabling this option.
- GCP project name: Enter the name of the GCP project. The VMs whose IP addresses you want to populate should be running within this project.
- GCP service account email: Enter the email address associated with the service account that will call APIs to the GCP project specified above.
- GCP private key: Enter the private key statement as shown in the text box. For details, see Creating a GCP Service Account.
- Update interval: the default value is 60 seconds. You can enter a value between 1 and 3600 seconds.
- Status: Green means that the connector is enabled. You can disable it at any time by toggling the switch.
Once the connector is successfully configured, a green indicator appears at the bottom right corner. If the indicator is red, the connector is not working. See Troubleshooting GCP SDN Connector.