Question on GCP NIC requirements

Question

Question on GCP NIC requirements

philip-harvey opened this issue 2 years ago · 2 comments

We strongly desire to deploy a HA config with a single CPU per instance for cost reasons which limits us to 2 vNICs per instance and all the examples use 3 or 4 vNICs. We don't want to expose the management interface to the internet and have a shared VPC as our internal (protected) network. I assume that we can manage the appliance via the internal interface. I am however unsure if there is a hard requirement in the appliance to have a dedicated vNIC for the HA/Sync traffic. Can the HA/Sync use the internal or external vNIC instead of a dedicated vNIC?

Answer 1 · 2023-02-15T17:09:46.000Z

Hi,

hasync port needs to be it's own dedicated vnic. It can't be mixed with the traffic port.

https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/gcp-administration-guide/478251/checking-the-prerequisites

Hope that helps.

Cheers

Answer 2 · 2023-02-15T17:19:00.000Z

Thanks @mobilesuitzero
I saw that document, but one of the Terraoform examples in this repo has 3 NICs for a HA setup, so it seems that the requirement isn't actually 4 NICs. It is a shame that it forces HA/Sync to use a separate NIC since this increases costs by approx. 4X per HA pair.