search

fortinetdev / terraform-google-cloud-modules

Apache License 2.0
1 stars 1 forks source link

Using existing VPC for NICs #1

Open aymanelbacha-ismena opened 2 months ago

aymanelbacha-ismena commented 2 months ago

having 8 NICs, We're trying to add all 8 internal NICs (none are external) using existing VPCs, one of them is dedicated for HA-SYNC and the remaings have ILB for each NIC Appreciate your support to give another example on using an existing VPC as you did for VPC_protected.

dux-fortinet commented 2 months ago

Hi @aymanelbacha-ismena ,

Thanks for raising this issue. I need a bit more clarity on the requirement to "add all 8 internal NICs using existing VPCs"? Are you suggesting that the Terraform project should not create any new VPCs and ILBs, and instead utilize the existing infrastructure?

Here are two conceptual diagrams to illustrate potential implementations:

The first one is similar to the autoscale_fgt_lb_sandwich, and the Terraform project will create 8 VPCs and 7 ILBs for you. gcp_github_1_1

As for the second one, the Terraform project will not create any VPCs; rather, it will configure NICs to connect with your pre-existing VPCs. (The structure of existing VPCs depends on your implementation. The structure of VPC1 and VPC2 are different in this diagram.)

gcp_github_1_2

I think the second diagram better fits your current needs. Do you need Internet access? Please provide further details to help us tailor an example that best fits your needs.

Thanks, Dux

aymanelbacha-ismena commented 2 months ago

Hi Dux,

I realllyy appreaciate the effort of sharing the above !! really intrested the way you put this code for auto-scale Indeed, I am trying to add/merge the code to GCP fast fabric(VPC, firewall rules as well peering already created), where it should connect to pre-existing VPCs, where their would be an option in the tfvars under the list of network interfaces for example to specify subnets and VPCs already created So I suggest if the following can be added:

Let me know if that answers your doubts I'd like to share that better to make a condition on the password, since it will fail to reset since it won't conform with password policy and I have increased the timeout to 60 seconds in the function

dux-fortinet commented 2 months ago

Hi @aymanelbacha-ismena ,

Thanks for the prompt reply and suggestions! I will support your requests in the upcoming release.

Please correct me if I'm wrong: In your scenario, you already have 7+1 existing VPCs, and you'd like this Terraform project to create a FortiGate auto-scale group (A group of FortiGates with 8 interfaces (NICs). The number of FortiGates varies depending on the workload). The NICs of FortiGates connect to your pre-existing 8 VPCs. 7 Internal Load Balancers (ILBs) should be created by this Terraform project (Since you can't create an ILB without specifying its backend, ILBs can't be pre-existed before this Terraform project). In your 7 pre-existing VPCs (except the HA-SYNC VPC), each VPC will have a new ILB and a new route that directs all outbound VPC traffic to the ILB's frontend.

The architecture of this project should be like the second diagram in my previous comment.

I will start to work on your requests. This Github project is expected to be updated every two months, time varies depending on the workload and requests.

I will leave new comments if I encounter any issues or need further clarification.

Thanks, Dux

aymanelbacha-ismena commented 2 months ago

Hi Dux,

I really appreciate your effort and prompt support since day 1. indeed, your description mentioned above clearly describe of what we except to have in our Landing Zone. Looking to hear from you on the status of this release since customer is looking to have it working as expected the soonest

Thanks, Ayman

aymanelbacha-ismena commented 3 weeks ago

Hi Dux,

Having said that "This Github project is expected to be updated every two months" We're wondering about the status of our shared request sent 2 months ago. is there any info you'd like us to share

Thanks Ayman

dux-fortinet commented 3 weeks ago

Hi @aymanelbacha-ismena,

Sorry for not updating recently. A new example "autoscale_fgt_as_hub" has been developed and is now in the QA process. This example is expected to be released next week (before 11/15).

Here is the preview document

Any suggestions are welcome. I will bring more code information next workday.

Thanks, Dux

dux-fortinet commented 2 weeks ago

Hi @aymanelbacha-ismena,

The new example has been released. You can use this example to deploy a FortiGate Autoscale Group and connect your existing VPCs.

Please feel free to let me know if you have any questions regarding this example.

Best regards, Dux