Skip to content
Navigation Menu

IBM Cloud

  • CatalogCatalog
  • Cost EstimatorCost Estimator
    • HelpHelp
      • Docs
  • Log in
  • Sign up
  • Catalog
  • Cost Estimator
  • Help
    • Docs

  • Navigation settings

Error

Change theme

This feature is in early stage, some parts of the platform might not fully support different themes yet.

Themes
  1. Catalog
  2. Fortinet FortiGate Next-Generation Firewall - A/P HA

Readme file

        Version last updated: 05/28/2025

        Description

        A Terraform script to deploy an Active-Passive (A-P) HA cluster in a single zone. This template makes use of the FortiGate IBM SDN connector to failover in the event of a VM shutdown.
        After the active VM is back up, it will take over as active once again.

        Requirements

        • Terraform 0.13+
        • Two FortiOS 7.0 BYOL Licenses.
        • A VPC with four subnets in a single zone
        • A configured IBM SSH key
        • A security group

        Deployment overview

        Note: For a local deployment, a Gen 2 API key will be needed. For details see IBM Gen 2 API key.

        Terraform deploys the following components:

        • Two FortiGate BYOL instances with four NICs each, one in each subnet.
        • Three floating Public IP addresses: one attached to the Primary FortiGate on Port1, which will failover and the other two attached to the HA management port (Port4) of each FortiGate.
        • One log disk per FortiGate.
        • A basic bootstrap configuration with HA support.

        Deployment Diagram

        IBM FortiGate Diagram

        Deployment

        Note: For Subnets, the UUID is required.

        1. Fill in the required Subnets, security group and VPC information as shown in the example below:

          IBM FortiGate Example Inputs

        2. Apply the plan.

        3. Outputs, such as the Public IP and Default username and password can be found under the View Log link.

        Destroy the cluster

        To destroy the cluster, click on Actions...->Destroy.

        Support

        • FortiGate is supported by Fortinet Inc in 24x7x365. Please refer https://www.fortinet.com/support for more details. If you encounter problems, you can open a support issue with the Fortinet via the methods listed in https://www.fortinet.com/support/contact.

        • Support locations include: Argentina, Australia, Austria, Bahrain, Belarus, Belgium, Bermuda, Brazil, Brunei Darussalam, Bulgaria, Canada, Chile, China, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, Dominican Republic, Egypt, Estonia, Fiji, Finland, France, Germany, Greece, Hong Kong, Hungary, Iceland, India, Indonesia, Ireland, Israel, Italy, Jamaica, Japan, Jordan, Korea, Republic of, Kuwait, Latvia, Lithuania, Luxembourg, Macao, Malaysia, Mauritius, Mexico, Monaco, Netherlands, New Zealand, Norway, Oman, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Romania, Russian Federation, Saudi Arabia, Singapore, Slovakia, Slovenia, South Africa, Sri Lanka, Spain, Sweden, Switzerland, Taiwan, Thailand, Turkey, Turks and Caicos Islands, Ukraine, United Arab Emirates, United Kingdom, United States, Virgin Islands, British, Virgin Islands, U.S., Uruguay, Venezuela, Bolivarian Republic of, Vietnam.

        • For direct issues related to this Terraform template, please refer to the Issues tab of this GitHub project.

        • For other questions related to this project, contact github@fortinet.com.

        License

        License © Fortinet Technologies. All rights reserved.