PoCaS (Proof-of-Concept-as-Script)
This script deploys resources to demonstrate ability of building a working IPSec VPN between a cluster of Fortigate devices located behind a 1-1 NAT and GCP CloudVPN gateway (classic).
None
Main steps of this PoC are fully provided by the runme script
- Deploy the resources
gcloud deployment-manager deployments create gcp-vpn-pocas --config config.yaml
- Give it a minute and check the status of the VPN tunnel:
gcloud compute vpn-tunnels describe fortidemo-cloudvpn-tunnel
- Verify the actual connectivity by checking client's serial console output (the client instance is constantly pinging the server):
gcloud compute instances tail-serial-port-output fortidemo-client
In order to verify HA failover few additional steps related to HA deployment need to be taken care of manually:
- After the deployment, log into the primary unit using its instance id as a password and change the password
- Make sure both cluster nodes are in sync (
get sys ha status
) - Remove the ephemeral public IP from nic0 of secondary device:
gcloud compute instances delete-access-config fortidemo-fgt2 --zone europe-west1-c --access-config-name="Temporary External"