Not reply health check from GCP

Sawtom · ‎04-14-2023

Hi, I am thinking about why FortiGate-VM instance does not reply a health check on GCP.

I created FG-VM on GCP and have set local-in-policy and admin-profile(restricted address).
From GCP console, I can connect SSH and HTTPS on the IP of NW-LAN.
*Connect to C.C.C.C

However, trying connect on IP of the external LB is fail.(which is through LB(GCP))
*Connect to ~~B.B.B.B~~ A.A.A.A

<Structure>
PC --- Internet --- |GCP| --- (IP:A.A.A.A/x)LB --- (NW-LAN) --- (IP:B.B.B.B/x)FG-VM (--- (NW-GCP console)(C.C.C.C))
*FG-VM is a single.
*FG-VM is in an instance group with health check: TCP/80.
*A.A.A.A is a public IP of LB.
*B.B.B.B is a private IP of FG-VM.
*C.C.C.C is a public IP of FG-VM.(for GCP console)

You know when health check fails, we cannot connect to VM.
On the same structure, I created Apache and it works correct.

So, I suspect a listening port of FG-VM for health check is not work well.

Thank you for reading and I would like you to give me some advices if you have.

Regards,

Sawtom

knagaraju · ‎04-14-2023

Hello Sawtom.
As I understand you are unable to connect to B.B.B.B from the NW-GCP console. Please correct me if I am wrong.
Also, I request you to go through the below link for the health check to verify the config
https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/gcp-administration-guide/313933/crea...

Sawtom · ‎04-14-2023

Hello @knagaraju ,

Thank you for your quick comment and sorry I had a mistake.

I tried (and would like) to connect to A.A.A.A(LB/Global IP), not B.B.B.B. (just edited last post)

Sawtom

Sawtom · ‎04-18-2023

I have an additional question.

Can I set a listening port on FortiGate-VM?

*For the health check on GCP.

regards,

Sawtom

Not reply health check from GCP

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website