Day1 templates allow you to add and remove functionality from your existing FortiGate cluster. It is, and it should be treated as merely an example of possibilities and is not meant to be a complete production-ready set of modules for your own production deployment.
The example configuration will deploy the following:
- Inbound inspection module
- Outbound inspection module
- VPC Peering to the workload VPCs
- East-west firewall rule for communication between tier1 and tier2
- Example workload servers running a proxy and simple web server
Note: as terraform cannot create the networks and use them as data source in the same plan, we will use targetting to work around this limitation.
- Initialize terraform by running
terraform init - Create and verify a plan including all the resources by running
terraform plan -out tf.plan - Deploy by running
terraform apply --parallelism=1 tf.plan - Wait about a minute and test connection over http to the IP address visible in the outputs.
Run terraform destroy