Open obriensystems opened 7 months ago
add service enablement before running the script - or integrate
gcloud services enable compute.googleapis.com
gcloud services enable container.googleapis.com
Having issues with connectivity using the day0.plan of the terraform version The terraform version has public IPs like the gcloud but no external load balancer Triaging against my working gcloud version details https://github.com/GoogleCloudPlatform/pbmm-on-gcp-onboarding/issues/345
Issue with fortios authentication in day1 and an expected config for https://github.com/fortinet/fortigate-tutorial-gcp/blob/main/terraform/day0/main.tf#L9
# Auto-detect your own IP address to add it to the API trusthost list in FortiGate configuration
data "http" "my_ip" {
url = "http://api.ipify.org"
}
never mind - that address gets your IP - leave as is but the issue may be IPV6 related
testing a hardcoded all-internet range - no need for ipv4 discovery
module "fortigates" {
source = "../modules/fgcp-ha-ap-lb"
region = var.GCE_REGION
service_account = data.google_service_account.fgt.email != null ? data.google_service_account.fgt.email : ""
# admin_acl = ["${data.http.my_ip.body}/32"]
admin_acl = ["0.0.0.0/0"]
# api_acl = ["${data.http.my_ip.body}/32"]
api_acl = ["0.0.0.0/0"]
working now with the 0.0.0.0/0 incoming change on the VMs
also verifying the code in https://github.com/40net-cloud/fortinet-gcp-solutions/blob/master/howto-tf.md#deploying-with-terraform via https://github.com/40net-cloud/fortinet-gcp-solutions/issues/11
additional changes required around
VPC default 5 quota increase https://github.com/fortinet/fortigate-tutorial-gcp/issues/9
fortios authentication via username/password instead of token https://github.com/fortinet/fortigate-tutorial-gcp/issues/10 https://registry.terraform.io/providers/fortinetdev/fortios/latest/docs
and 0.0.0.0/0 wider incoming fg rule for IPV6 address checking https://github.com/fortinet/fortigate-tutorial-gcp/issues/8
7.0 to 7.4 image change https://github.com/fortinet/fortigate-tutorial-gcp/issues/11
Team, I have rerun the scripts after the last successful run 2 years ago under #1 All good, everything working with BYOL. A couple minor changes I will put a PR in within the next 24 hours 1 - SA is recreated - we get an expected failure - this is ok - thinking of leaving this so that either script makes sure to create the SA 2 - byol license updated to 7.4 3 - increase timeout on login pw change from 2 to 4 min
see testing in https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/issues/843 4 - mgmt web interface worked before pw change and working well after