- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Any additional settings for FortiGate-VM on GCP?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any additional settings for FortiGate-VM on GCP?
Hi,
I am testing on GCP, to create VPN between FortiGate-VM and the on-prem router.
It is connected over Cloud Interconnect and BGP for Cloud Router.
The routes are correctly advertised(including FG-VM and the on-prem router), but the ping between that two hosts fails.
I want the next hop of FG-VM to connect to Cloud Router, but it seems to connect to the Internet gateway.
Are there any additional settings to set FG's next hop to Cloud Router?
Of course Cloud Router and FG-VM belong to the same VPC network/VPC network subnet.
Please give me some ideas.
regards,
Sawtom
FortiGate
FortiGate
FortiGate Cloud
FortiGate Cloud
Sawtom
Labels:
- Labels:
-
FortiGate
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sawtom,
Did you change the default route in the VPC.
By default when you create VPC default route pointing towards internet gateway, which needs to b deleted & create new default route which point towards Forti-VM interface IP.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Mitesh
Thank you for your advice.
I tried some but it's still not working.
When I was creating a route, I set the priority as the new rule gets prior to the default one.
*Instead of deleting the default route which you explain may be used by other instances.
Then I set the next hop as "Default internet gateway", "Specify an instance" and "Specify IP address of an instance".
And "Specify VPN tunnel", it shows nothing.
I will keep doing.
regards,
Sawtom
Sawtom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sawtom,
Can you please share architecture diagram, which will give us better understanding of problem statement.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Mitesh ,
I would share the architecture here.
Actually I am not sure any more about details of the on-prem side.
Is this helpful for you?
■Physical / Network
Physical:
VPN/BGP Router --- |On-prem| --- (Service Provider) --- |Google Cloud| --- Cloud Router --- FortiGate-VM
Network (on GCP):
(Service Provider) --- Cloud Router --- (VPC-NW-A-subnet) --- [nic0]FortiGate-VM
■Logical
Underlay:
BGP --- |On-prem| --- (Service Provider) --- |GCP| --- BGP
Overlay:
VPN tunnel --- (BGP) --- |On-prem| --- (Service Provider) --- |GCP| --- (BGP) --- VPN tunnel
regards,
Sawtom
Sawtom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sawtom,
Based on your input i have drawn architecture diagram, is my understanding is right.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Mitesh
Yes, almost correct: I would like to compose it without Cloud VPN/HA VPN.(This is a test so please understand that.)
To keep VPN tunnel up, I would see 2 patterns;
1.using Cloud VPN(= HA VPN)
2.using FG-VM
regards,
Sawtom
Sawtom
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Sawtom,
Are you using Cloud VPN or NGFW for IPSec tunnel ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Related Posts
- Community Forum: Change the user avatar... 1095 Views
- Fortigate Disable FQDN resolving for... 631 Views
- Fortianalyzer add device works but the... 723 Views
- FortiClient VPN Error 5053 5052 89% 11686 Views
Labels
-
FortiGate
6,536 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
Customer Service
70 -
FortiToken
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
Firewall policy
23 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.