FortiGate A/P HA Cluster in OCI Hands-on Lab

Disclaimer

This lab guide is prepared for Fortinet XPERTS Summit KSA '26 session.

Overview

This step-by-step guide describes how to deploy a FortiGate Active/Passive HA cluster on Oracle Cloud Infrastructure using Terraform and OCI Resource Manager Stacks.

The lab protects workloads for north-south, south-north, and east-west traffic using native OCI networking components, including VCNs, subnets, route tables, security lists, and Dynamic Routing Gateway.

Lab Objectives

By the end of this lab, you will be able to:

Log in to Oracle Cloud Infrastructure.
Select the correct OCI region.
Deploy a FortiGate Active/Passive HA cluster.
Deploy spoke Ubuntu VMs for testing.
Configure OCI Dynamic Routing Gateway.
Configure DRG route tables and route distributions.
Configure FortiGate static routing.
Configure FortiGate firewall policies.
Test ingress, egress, and east-west traffic.
Destroy the lab environment.

Lab Sections

Lab Topology

Prerequisites

Before starting, confirm that you have received the following information from your instructor:

Item	Example / Notes
OCI Console URL	`https://cloud.oracle.com/`
Cloud account name	Provided by instructor
Identity domain	Provided by instructor
OCI username	Provided by instructor
OCI password	Provided by instructor
OCI region	Saudi Arabia West Jeddah
Student compartment	Provided by instructor
Student prefix	Example: `Student25`
Compartment OCID	Provided by instructor
FortiFlex token values	Provided by instructor

Important

Do not share OCI credentials, FortiGate passwords, private keys, compartment OCIDs, or FortiFlex token values with other students.

Naming Convention

Use the following naming convention throughout the lab:

text

Student<number>

FortiGate A/P HA Cluster in OCI Hands-on Lab ​

Overview ​

Lab Objectives ​

Lab Sections ​

Lab Topology ​

Prerequisites ​

Naming Convention ​