Fortinet FortiGate on OCI - Installation

Overview

The purpose of this document is to help in installing Fortigate on Oracle Cloud Infrastructure(OCI). Basic OCI and FortiGate experience is recommended.

This configuration was validated using FortiGate version 6.2.0.

For more details on how to use FortiGate products, please visit their official site. FortiGate documentation for HA or manual deployment can be found at https://docs2.fortinet.com/vm/oci/fortigate/6.0/about-fortigate-for-oci/6.0.0/16658/overview.

Caveats and Limitations

FortiGate on OCI Marketplace

At this moment, OCI Marketplace contains two versions of FortiGate. FortiGate version 6.0.4, 6.0.5 and version 6.2.0. Each version has two working modes, Paravirtualized Mode and Emulated Mode. It is recommended to use the latest version in Paravirtualized Mode.

The license for FortiGate on OCI changed with version 6.0.2. The licensing for FortiGate-VM does not restrict whether the FortiGate can work on a VM instance in a public cloud that uses more vCPUs than the license allows. The number of vCPUs indicated by the license does not restrict the FortiGate from working, regardless of how many vCPUs are included in the virtual instance. However, only the licensed number of vCPUs process traffic and management. The rest of the vCPUs are unused.

https://docs2.fortinet.com/vm/oci/fortigate/6.0/about-fortigate-for-oci/6.0.0/43335/models

This new license model works only on version 6. An active FortiGate-VM license can work on version 5 and version 6.

A trial or permanent license needs to be used to be able to configure FortiGate.

FortiGate-VM - Installation

Step by step

Step 1. Install FortiGate from OCI Marketplace.

Step 2. Connect to FortiGate instance.

Step 1. Install FortiGate from OCI Marketplace.

Before starting be sure to select the desired region where to in stall FortiGate.

From OCI Console select "Marketplace".

From "Filters" use the "PUBLISHER" filter and select Fortinet. A list with all Fortinet products will be showed.

From the Fortinet list select "Fortinet FortiGate_VM". This will be used to install FortiGate Next-Generation Firewall.

After selecting "Fortinet FortiGate_VM", more details will be displayed. Now you need to select a version and in which compartment to install that FortiGate. Compartments are the primary building blocks you use to organize your cloud resources. You use compartments to organize and isolate your resources to make it easier to manage and secure access to them. For more details please visit the public documentation https://docs.cloud.oracle.com/iaas/Content/GSG/Concepts/settinguptenancy.htm#Understa.

Our recommendation is to use the latest version and to use "Paravirtualized Mode". To continue you need to agree with all terms and launch the instance.

A standard OCI Console "Create Compute Instance" will be displayed. From there you can chose the proper details needed for your environment. Some of these important details can be:

• name
• availability domain
• instance type
• OCI shape
• SSH key
• configure networking details

More details for "Management", "Networking" and "Image can be found at "Show Advanced Options". Some of these important details can be:

• "Management" ==> "Choose a fault domain". A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain contains three fault domains. Fault domains let you distribute your instances so that they are not on the same physical hardware within a single availability domain. A hardware failure or Compute hardware maintenance that affects one fault domain does not affect instances in other fault domains. For more details please visit the public documentation https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm.
• "Networking" ==> "Private IP address" is used to define a static private IP address with our without a public IP address associated using "Assign public IP address".
• "Networking" ==> "Hostname" is used to define a custom hostname that will be used in DNS.

After all details have been selected you need to click on the  button.

Step 2. Connect to FortiGate instance.

Based on the networking details provided at creation, you can connect to the Web UI or SSH using the private or public IP address. These informations can be found from the OCI Console at "Compute" ==> "Instances" and by selecting the newly created FortiGate instance.

FortiGate Web UI is accessible over HTTPS using port 443 (on HTTP - port 80, FortiGate will do a redirect to HTTPS - port 443). Be sure to permit the required ports on ingress at the VCN Security List level.

More details can be found at the official Fortinet documentation https://docs.fortinet.com/vm/oci/fortigate/6.0/single-fortigate-vm-deployment/6.0.0/721704/accessing-the-fortigate.