Fortinet Document Library

Version:

6.0.0
FortiGate / FortiOS FortiAnalyzer FortiManager FortiWeb

Table of Contents

About FortiGate for GCP

Deploying FortiGate-VM on Google Cloud Marketplace

Deploying FortiGate-VM on Google Cloud Compute Engine

Deploying FortiGate-VM Using Google Cloud SDK

Use Case: High Availability for FortiGate on GCP

Security Fabric Connector Integration with GCP

Resources

Upgrade Path Tool
Home Google GCP FortiGate / FortiOS
6.2 6.0

About FortiGate for GCP

Deploying FortiGate-VM on Google Cloud Marketplace

Deploying FortiGate-VM on Google Cloud Compute Engine

Deploying FortiGate-VM Using Google Cloud SDK

Use Case: High Availability for FortiGate on GCP

Security Fabric Connector Integration with GCP

6.0.0
6.0.0
Copy Link

Configuring GCP SDN Connector on FortiGate for GCP

  1. In FortiOS, go to Security Fabric > Fabric Connectors.
  2. Click Create New, and select Google Cloud Platform (GCP).

    Note you can create only one SDN Connector per connector type. For example, you can create one entry for GCP.

  3. Configure the connector as follows:
    1. Name: Enter the desired connector name.
    2. Use metadata IAM: The Google platform requires a certain authentication level to call APIs from the FortiGate.
      1. If you enable Use metadata IAM, ensure that the FortiGate has API access on Google Compute Engine. For details, see Checking Metadata API Access.
      2. If you do not enable Use metadata IAM, you must specify your own service account.

      The Use metadata IAM option is only available to FortiGate-VMs running on GCP. FortiGates running outside of GCP (including physical FortiGate units and FortiGate-VMs running on other cloud platforms) have a configuration that is equivalent to disabling this option.

    3. GCP project name: Enter the name of the GCP project. The VMs whose IP addresses you want to populate should be running within this project.
    4. GCP service account email: Enter the email address associated with the service account that will call APIs to the GCP project specified above.
    5. GCP private key: Enter the private key statement as shown in the text box. For details, see Creating a GCP Service Account.
    6. Update interval: the default value is 60 seconds. You can enter a value between 1 and 3600 seconds.
    7. Status: Green means that the connector is enabled. You can disable it at any time by toggling the switch.

    Once the connector is successfully configured, a green indicator appears at the bottom right corner. If the indicator is red, the connector is not working. See Troubleshooting GCP SDN Connector.

Resources

Upgrade Path Tool

Configuring GCP SDN Connector on FortiGate for GCP

  1. In FortiOS, go to Security Fabric > Fabric Connectors.
  2. Click Create New, and select Google Cloud Platform (GCP).

    Note you can create only one SDN Connector per connector type. For example, you can create one entry for GCP.

  3. Configure the connector as follows:
    1. Name: Enter the desired connector name.
    2. Use metadata IAM: The Google platform requires a certain authentication level to call APIs from the FortiGate.
      1. If you enable Use metadata IAM, ensure that the FortiGate has API access on Google Compute Engine. For details, see Checking Metadata API Access.
      2. If you do not enable Use metadata IAM, you must specify your own service account.

      The Use metadata IAM option is only available to FortiGate-VMs running on GCP. FortiGates running outside of GCP (including physical FortiGate units and FortiGate-VMs running on other cloud platforms) have a configuration that is equivalent to disabling this option.

    3. GCP project name: Enter the name of the GCP project. The VMs whose IP addresses you want to populate should be running within this project.
    4. GCP service account email: Enter the email address associated with the service account that will call APIs to the GCP project specified above.
    5. GCP private key: Enter the private key statement as shown in the text box. For details, see Creating a GCP Service Account.
    6. Update interval: the default value is 60 seconds. You can enter a value between 1 and 3600 seconds.
    7. Status: Green means that the connector is enabled. You can disable it at any time by toggling the switch.

    Once the connector is successfully configured, a green indicator appears at the bottom right corner. If the indicator is red, the connector is not working. See Troubleshooting GCP SDN Connector.