Technical Tip: GCP SDN connector DNS connectivity issue

For configuring the GCP connector, Refer to: Configuring an SDN connector in Azure

Use the following diagnosis commands to identify GCP connector issues. These commands enable debugging of the SDN connector with a debug level of -1 for detailed results.

diagnose debug application gcpd -1

diagnose debug console timestamp en
diagnose debug en

To stop the debugging, run the following commands:

diagnose debug disable

diagnose debug reset

The CLI displays debug output similar to the following:

curl DNS lookup failed: www.googleapis.com      <------------------->
gcpd request oauth2 token failed, -1
gcpd get token failed
gcpd sdn connector gcp_ha failed to get token
In HA primary state

The issue seems to be related to DNS resolution.

There are 2 solutions/workaround. All is related to DNS resolution.

1. This debugs output 'curl DNS lookup failed: www.googleapis.com', shows that FortiGate is not able to resolve this URL. it is not using the normal interface, but it will use the MGMT interface to determine the URL. The MGMT interface on FortiGate needs to have Internet access.
2. Create Cloud DNS, Private Zone. Follow these steps:

Step 1:

Configure DNS in the FortiGate using the CLI:

config system DNS
    set primary 169.254.169.254
end

Step 2:
Configure a Cloud DNS Private Zone in the GCP Console for the 'restricted.googleapis.com' using the attached information from the screenshot.

Step 3:
Enable 'Private Google Access' for the NIC0 Subnet.