Overview
The purpose of this document is to help in installing Fortigate on Oracle Cloud Infrastructure(OCI). Basic OCI and FortiGate experience is recommended.
This configuration was validated using FortiGate version 6.2.0.
For more details on how to use FortiGate products, please visit their official site. FortiGate documentation for HA or manual deployment can be found at https://docs2.fortinet.com/vm/oci/fortigate/6.0/about-fortigate-for-oci/6.0.0/16658/overview.
Caveats and Limitations
FortiGate on OCI Marketplace
At this moment, OCI Marketplace contains two versions of FortiGate. FortiGate version 6.0.4, 6.0.5 and version 6.2.0. Each version has two working modes, Paravirtualized Mode and Emulated Mode. It is recommended to use the latest version in Paravirtualized Mode.
The license for FortiGate on OCI changed with version 6.0.2. The licensing for FortiGate-VM does not restrict whether the FortiGate can work on a VM instance in a public cloud that uses more vCPUs than the license allows. The number of vCPUs indicated by the license does not restrict the FortiGate from working, regardless of how many vCPUs are included in the virtual instance. However, only the licensed number of vCPUs process traffic and management. The rest of the vCPUs are unused.
https://docs2.fortinet.com/vm/oci/fortigate/6.0/about-fortigate-for-oci/6.0.0/43335/models
This new license model works only on version 6. An active FortiGate-VM license can work on version 5 and version 6.
A trial or permanent license needs to be used to be able to configure FortiGate.
FortiGate-VM - Installation
Step by step
Step 1. Install FortiGate from OCI Marketplace.
Step 2. Connect to FortiGate instance.
Step 1. Install FortiGate from OCI Marketplace.
Before starting be sure to select the desired region where to in stall FortiGate.
From OCI Console select "Marketplace".
From "Filters" use the "PUBLISHER" filter and select Fortinet. A list with all Fortinet products will be showed.
From the Fortinet list select "Fortinet FortiGate_VM". This will be used to install FortiGate Next-Generation Firewall.
After selecting "Fortinet FortiGate_VM", more details will be displayed. Now you need to select a version and in which compartment to install that FortiGate. Compartments are the primary building blocks you use to organize your cloud resources. You use compartments to organize and isolate your resources to make it easier to manage and secure access to them. For more details please visit the public documentation https://docs.cloud.oracle.com/iaas/Content/GSG/Concepts/settinguptenancy.htm#Understa.
Our recommendation is to use the latest version and to use "Paravirtualized Mode". To continue you need to agree with all terms and launch the instance.
A standard OCI Console "Create Compute Instance" will be displayed. From there you can chose the proper details needed for your environment. Some of these important details can be:
More details for "Management", "Networking" and "Image can be found at "Show Advanced Options". Some of these important details can be:
After all details have been selected you need to click on the button.
Step 2. Connect to FortiGate instance.
Based on the networking details provided at creation, you can connect to the Web UI or SSH using the private or public IP address. These informations can be found from the OCI Console at "Compute" ==> "Instances" and by selecting the newly created FortiGate instance.
FortiGate Web UI is accessible over HTTPS using port 443 (on HTTP - port 80, FortiGate will do a redirect to HTTPS - port 443). Be sure to permit the required ports on ingress at the VCN Security List level.
More details can be found at the official Fortinet documentation https://docs.fortinet.com/vm/oci/fortigate/6.0/single-fortigate-vm-deployment/6.0.0/721704/accessing-the-fortigate.