diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/customdatafwba.tpl b/FortiWeb/Active-Active/Existing-VCN/terraform/customdatafwba.tpl new file mode 100644 index 0000000..15d0cdc --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/customdatafwba.tpl @@ -0,0 +1,48 @@ +Content-Type: multipart/mixed; boundary="==OCI==" +MIME-Version: 1.0 + +--==OCI== +Content-Type: text/plain; charset="us-ascii" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Content-Disposition: attachment; filename="config" + +config system global + set hostname ${fwba_vm_name} +end +config system interface + edit port1 + set type physical + set allowaccess ping ssh snmp http https FWB-manager + set mode dhcp + next +end +config system interface + edit port2 + set type physical + set ip ${fwba_ipaddress_port2} ${trust_mask} + set allowaccess ping ssh http https + next +end +config router static + edit 1 + set device port1 + set gateway ${untrusted_gateway_ip} + next +end +config system ha + set mode active-active-high-volume + set group-id 1 + set group-name fwbaa + set priority 1 + set override enable + set tunnel-local ${fwba_ipaddress_port2} + set tunnel-peer ${fwbb_ipaddress_port2} + set monitor port1 port2 + +--==OCI== +Content-Type: text/plain; charset="us-ascii" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit + +--==OCI==-- diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/customdatafwbb.tpl b/FortiWeb/Active-Active/Existing-VCN/terraform/customdatafwbb.tpl new file mode 100644 index 0000000..88d332f --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/customdatafwbb.tpl @@ -0,0 +1,47 @@ +Content-Type: multipart/mixed; boundary="==OCI==" +MIME-Version: 1.0 + +--==OCI== +Content-Type: text/plain; charset="us-ascii" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit +Content-Disposition: attachment; filename="config" + +config system global + set hostname ${fwbb_vm_name} +end +config system interface + edit port1 + set type physical + set allowaccess ping ssh snmp http https FWB-manager + set mode dhcp + next +end +config system interface + edit port2 + set type physical + set ip ${fwbb_ipaddress_port2} ${trust_mask} + set allowaccess ping ssh http https + next +end +config router static + edit 1 + set device port1 + set gateway ${untrusted_gateway_ip} + next +end +config system ha + set mode active-active-high-volume + set group-id 1 + set group-name fwbaa + set override enable + set tunnel-local ${fwbb_ipaddress_port2} + set tunnel-peer ${fwba_ipaddress_port2} + set monitor port1 port2 + +--==OCI== +Content-Type: text/plain; charset="us-ascii" +MIME-Version: 1.0 +Content-Transfer-Encoding: 7bit + +--==OCI==-- diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/datasources.tf b/FortiWeb/Active-Active/Existing-VCN/terraform/datasources.tf new file mode 100644 index 0000000..8998cb6 --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/datasources.tf @@ -0,0 +1,27 @@ +############################################################################################################## +# +# FortiWeb Active/Active Load Balanced pair of standalone FortiWeb VMs for resilience and scale +# Terraform deployment template for Oracle Cloud +# +############################################################################################################## + +# Gets a list of Availability Domains +data "oci_identity_availability_domains" "ads" { + compartment_id = var.tenancy_ocid +} + +# Gets the boot volume attachments for each instance +data "oci_core_boot_volume_attachments" "block_attach_fwb_a" { + depends_on = [oci_core_instance.vm_fwb_a] + availability_domain = oci_core_instance.vm_fwb_a.availability_domain + compartment_id = var.compartment_ocid + instance_id = oci_core_instance.vm_fwb_a.id +} + +# Gets the boot volume attachments for each instance +data "oci_core_boot_volume_attachments" "block_attach_fwb_b" { + depends_on = [oci_core_instance.vm_fwb_b] + availability_domain = oci_core_instance.vm_fwb_b.availability_domain + compartment_id = var.compartment_ocid + instance_id = oci_core_instance.vm_fwb_b.id +} \ No newline at end of file diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/fortiweb-a.tf b/FortiWeb/Active-Active/Existing-VCN/terraform/fortiweb-a.tf new file mode 100644 index 0000000..08e319f --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/fortiweb-a.tf @@ -0,0 +1,92 @@ +############################################################################################################## +## FortiWeb-A Configuration +############################################################################################################## + +# FortiWeb-A instance configuration +resource "oci_core_instance" "vm_fwb_a" { + availability_domain = lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain - 1], "name") + compartment_id = var.compartment_ocid + display_name = "${var.PREFIX}-fwba" + shape = var.instance_shape + + create_vnic_details { + subnet_id = oci_core_subnet.untrusted_subnet.id + display_name = "${var.PREFIX}-fwba-vnic-untrusted" + assign_public_ip = true + hostname_label = "${var.PREFIX}-fwba-vnic-untrusted" + private_ip = var.fwba_ipaddress_port1 + } + + launch_options { + // network_type = "PARAVIRTUALIZED" + network_type = "PARAVIRTUALIZED" + } + + source_details { + source_type = "image" + source_id = var.vm_image_ocid // marketplace listing + //source_id = "ocid1.image.oc1.phx.aaaaaaaalvrzh6j2edqh6s42rabhbhclwgnk4owdpjhqu5qsgtur7pc4lqaa" // private image + boot_volume_size_in_gbs = "50" + } + + // Required for bootstrap + // Commnet out the following if you use the feature. + metadata = { + user_data = base64encode(data.template_file.custom_data_fwb_a.rendered) + # ssh_authorized_keys = file("~/.ssh/id_rsa.pub") + } + + timeouts { + create = "60m" + } +} + +# FortiWeb-A trust vNIC configuration + +resource "oci_core_vnic_attachment" "vnic_attach_trust_a" { + depends_on = [oci_core_instance.vm_fwb_a] + instance_id = oci_core_instance.vm_fwb_a.id + display_name = "${var.PREFIX}-vnic_trust" + + create_vnic_details { + subnet_id = oci_core_subnet.trust_subnet.id + display_name = "${var.PREFIX}-fwba-vnic-trusted" + assign_public_ip = false + skip_source_dest_check = true + private_ip = var.fwba_ipaddress_port2 + } +} + +### DISK MANAGEMENT ### + +resource "oci_core_volume" "volume_fwb_a" { + availability_domain = lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain - 1], "name") + compartment_id = var.compartment_ocid + display_name = "${var.PREFIX}-fwba-volume" + size_in_gbs = var.volume_size +} + +// Use paravirtualized attachment for now. +resource "oci_core_volume_attachment" "volume_attach_fwb_a" { + attachment_type = "paravirtualized" + //attachment_type = "iscsi" // user needs to manually add the iscsi disk on fos after + instance_id = oci_core_instance.vm_fwb_a.id + volume_id = oci_core_volume.volume_fwb_a.id +} + +// Use for bootstrapping cloud-init +data "template_file" "custom_data_fwb_a" { + template = file("${path.module}/customdatafwba.tpl") + + vars = { + fwba_vm_name = "${var.PREFIX}-fwba" + untrusted_gateway_ip = oci_core_subnet.untrusted_subnet.virtual_router_ip + vcn_cidr = var.vcn + fwba_ipaddress_port1 = var.fwba_ipaddress_port1 + fwba_ipaddress_port2 = var.fwba_ipaddress_port2 + fwbb_ipaddress_port1 = var.fwbb_ipaddress_port1 + fwbb_ipaddress_port2 = var.fwbb_ipaddress_port2 + trust_mask = "255.255.255.240" + untrust_mask = "255.255.255.240" + } +} \ No newline at end of file diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/fortiweb-b.tf b/FortiWeb/Active-Active/Existing-VCN/terraform/fortiweb-b.tf new file mode 100644 index 0000000..305be86 --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/fortiweb-b.tf @@ -0,0 +1,86 @@ +############################################################################################################## +## FortiWeb-B +############################################################################################################## +resource "oci_core_instance" "vm_fwb_b" { + availability_domain = lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain2 - 1], "name") + compartment_id = var.compartment_ocid + display_name = "${var.PREFIX}-fwbb" + shape = var.instance_shape + + create_vnic_details { + subnet_id = oci_core_subnet.untrusted_subnet.id + display_name = "${var.PREFIX}-fwbb-vnic-untrusted" + assign_public_ip = true + hostname_label = "${var.PREFIX}-fwbb-vnic-untrusted" + private_ip = var.fwbb_ipaddress_port1 + } + + launch_options { + network_type = "PARAVIRTUALIZED" + } + + source_details { + source_type = "image" + source_id = var.vm_image_ocid // marketplace listing + //source_id = "ocid1.image.oc1.phx.aaaaaaaalvrzh6j2edqh6s42rabhbhclwgnk4owdpjhqu5qsgtur7pc4lqaa" // private image + boot_volume_size_in_gbs = "50" + } + + // Required for bootstrap + // Commnet out the following if you use the feature. + metadata = { + user_data = "${base64encode(data.template_file.custom_data_fwb_b.rendered)}" + # ssh_authorized_keys = file("~/.ssh/id_rsa.pub") + } + + timeouts { + create = "60m" + } +} + +# FortiWeb-B trust vNIC configuration + +resource "oci_core_vnic_attachment" "vnic_attach_trust_b" { + depends_on = [oci_core_instance.vm_fwb_b] + instance_id = oci_core_instance.vm_fwb_b.id + display_name = "${var.PREFIX}-vnic_trust" + + create_vnic_details { + subnet_id = oci_core_subnet.trust_subnet.id + display_name = "${var.PREFIX}-fwbb-vnic-trusted" + assign_public_ip = false + skip_source_dest_check = true + private_ip = var.fwbb_ipaddress_port2 + } +} + +resource "oci_core_volume" "volume_fwb_b" { + availability_domain = lookup(data.oci_identity_availability_domains.ads.availability_domains[var.availability_domain2 - 1], "name") + compartment_id = var.compartment_ocid + display_name = "${var.PREFIX}-fwbb-volume" + size_in_gbs = var.volume_size +} + +resource "oci_core_volume_attachment" "volume_attach_fwb_b" { + attachment_type = "paravirtualized" + //attachment_type = "iscsi" // user needs to manually add the iscsi disk on fos after + instance_id = oci_core_instance.vm_fwb_b.id + volume_id = oci_core_volume.volume_fwb_b.id +} + +// Use for bootstrapping cloud-init +data "template_file" "custom_data_fwb_b" { + template = file("${path.module}/customdatafwbb.tpl") + + vars = { + fwbb_vm_name = "${var.PREFIX}-fwbb" + untrusted_gateway_ip = oci_core_subnet.untrusted_subnet.virtual_router_ip + vcn_cidr = var.vcn + fwbb_ipaddress_port1 = var.fwbb_ipaddress_port1 + fwbb_ipaddress_port2 = var.fwbb_ipaddress_port2 + fwba_ipaddress_port1 = var.fwba_ipaddress_port1 + fwba_ipaddress_port2 = var.fwba_ipaddress_port2 + trust_mask = "255.255.255.240" + untrust_mask = "255.255.255.240" + } +} \ No newline at end of file diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/image_subscription.tf b/FortiWeb/Active-Active/Existing-VCN/terraform/image_subscription.tf new file mode 100644 index 0000000..cc205b1 --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/image_subscription.tf @@ -0,0 +1,38 @@ +//Local variables pointing to the Marketplace catalog resource +locals { + mp_listing_id = var.mp_listing_id + mp_listing_resource_id = var.vm_image_ocid + mp_listing_resource_version = var.mp_listing_resource_version +} + +//Get Image Agreement +resource "oci_core_app_catalog_listing_resource_version_agreement" "mp_image_agreement" { + listing_id = local.mp_listing_id + listing_resource_version = local.mp_listing_resource_version +} + +//Accept Terms and Subscribe to the image, placing the image in a particular compartment +resource "oci_core_app_catalog_subscription" "mp_image_subscription" { + compartment_id = var.compartment_ocid + eula_link = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.eula_link + listing_id = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.listing_id + listing_resource_version = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.listing_resource_version + oracle_terms_of_use_link = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.oracle_terms_of_use_link + signature = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.signature + time_retrieved = oci_core_app_catalog_listing_resource_version_agreement.mp_image_agreement.time_retrieved + + timeouts { + create = "30m" + } +} + +// Gets the partner image subscription +data "oci_core_app_catalog_subscriptions" "mp_image_subscription" { + #Required + compartment_id = var.compartment_ocid + listing_id = local.mp_listing_id + filter { + name = "listing_resource_version" + values = ["${local.mp_listing_resource_version}"] + } +} \ No newline at end of file diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/network.tf b/FortiWeb/Active-Active/Existing-VCN/terraform/network.tf new file mode 100644 index 0000000..965a67e --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/network.tf @@ -0,0 +1,233 @@ +############################################################################################################## +## 1. NETWORK COMPONENTS +############################################################################################################## + +############################################################################################################## +## 1.1 HUB VCN settings +############################################################################################################## + +# Hub VCN name & CIDR +//resource "oci_core_virtual_network" "vcn" { +// cidr_block = var.vcn +// compartment_id = var.compartment_ocid +// display_name = "${var.PREFIX}-vcn" +// dns_label = "fwbhub" +//} + +//if you want to point to an existing vcn, use data source +data "oci_core_vcn" "vcn" { + vcn_id = var.vcn +} + +//# Internet Gateway for Hub VCN +//resource "oci_core_internet_gateway" "igw" { +// compartment_id = var.compartment_ocid +// display_name = "${var.PREFIX}-igw" +// vcn_id = oci_core_virtual_network.vcn.id +//} + +data "oci_core_internet_gateways" "igw" { + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id +} + +############################################################################################################## +## 1.2 LOAD BALANCER SUBNET (created in Hub VCN) +############################################################################################################## + +# Load Balancer subnet settings +resource "oci_core_subnet" "lb_subnet" { + cidr_block = var.subnet["1"] + display_name = "${var.PREFIX}-lb" + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id + route_table_id = oci_core_route_table.lb_routetable.id + security_list_ids = [data.oci_core_vcn.vcn.default_security_list_id, oci_core_security_list.nlb_security_list.id] + dhcp_options_id = data.oci_core_vcn.vcn.default_dhcp_options_id + dns_label = "fwbloadbalancer" +} + +# Route Table for network load balancer subnet +resource "oci_core_route_table" "lb_routetable" { + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id + display_name = "${var.PREFIX}-lb-rt" + + route_rules { + destination = "0.0.0.0/0" + network_entity_id = var.igw_ocid + } +} + +# Security list for network load balancer subnet +resource "oci_core_security_list" "nlb_security_list" { + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id + display_name = "${var.PREFIX}-nlb-security-list" + + // allow outbound traffic on all ports + egress_security_rules { + destination = "0.0.0.0/0" + protocol = "all" + stateless = false + } + + // allow inbound traffic on all ports from network + ingress_security_rules { + protocol = "all" + source = "0.0.0.0/0" + stateless = false + } +} + +############################################################################################################## +## UNTRUSTED SUBNET Configuration +############################################################################################################## + +# Untrusted subnet settings +resource "oci_core_subnet" "untrusted_subnet" { + cidr_block = var.subnet["2"] + display_name = "${var.PREFIX}-untrusted" + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id + route_table_id = oci_core_route_table.untrusted_routetable.id + security_list_ids = [data.oci_core_vcn.vcn.default_security_list_id, oci_core_security_list.untrusted_security_list.id] + dhcp_options_id = data.oci_core_vcn.vcn.default_dhcp_options_id + dns_label = "fwbuntrusted" +} + +# Route table for Untrusted subnet + +resource "oci_core_route_table" "untrusted_routetable" { + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id + display_name = "${var.PREFIX}-untrusted-rt" + + route_rules { + destination = "0.0.0.0/0" + network_entity_id = var.igw_ocid + + } +} + +# Security List for Untrusted Subnet + +resource "oci_core_security_list" "untrusted_security_list" { + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id + display_name = "${var.PREFIX}-untrusted-security-list" + + // allow outbound traffic on all ports + egress_security_rules { + destination = "0.0.0.0/0" + protocol = "all" + stateless = false + } + + // allow inbound traffic on all ports from network + ingress_security_rules { + protocol = "all" + source = "0.0.0.0/0" + stateless = false + } +} + +############################### +## TRUST NETWORK SETTINGS ## +############################### + +resource "oci_core_subnet" "trust_subnet" { + cidr_block = var.subnet["3"] + display_name = "${var.PREFIX}-trusted" + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id + route_table_id = oci_core_route_table.trust_routetable.id + security_list_ids = [data.oci_core_vcn.vcn.default_security_list_id, oci_core_security_list.trust_security_list.id] + dhcp_options_id = data.oci_core_vcn.vcn.default_dhcp_options_id + dns_label = "trust" + prohibit_public_ip_on_vnic = "true" +} + +resource "oci_core_route_table" "trust_routetable" { + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id + display_name = "${var.PREFIX}-trust-routetable" +} + +# Protocols are specified as protocol numbers. +# http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml +resource "oci_core_security_list" "trust_security_list" { + compartment_id = var.compartment_ocid + vcn_id = data.oci_core_vcn.vcn.id + display_name = "${var.PREFIX}-trust-security-list" + + + // allow outbound traffic on all ports + egress_security_rules { + destination = "0.0.0.0/0" + protocol = "all" + stateless = false + } + + // allow inbound traffic on all ports from network + ingress_security_rules { + protocol = "all" + source = var.vcn_cidr + stateless = false + } +} + + + +############################################################################################################## +## EXTERNAL NETWORK LOAD BALANCER Configuration +############################################################################################################## + +# Load Balancer name & shape +resource "oci_network_load_balancer_network_load_balancer" "lb_external" { + #Required + depends_on = [oci_core_instance.vm_fwb_b] + compartment_id = var.compartment_ocid + display_name = "${var.PREFIX}-lb-untrusted" + subnet_id = oci_core_subnet.lb_subnet.id + #Optional + is_private = false + is_preserve_source_destination = true +} + +# Network Load Balancer Listener +resource "oci_network_load_balancer_listener" "lb_external_listener" { + default_backend_set_name = oci_network_load_balancer_backend_set.lb_external_backend_set.name + name = "${var.PREFIX}-lb-untrusted-listener" + network_load_balancer_id = oci_network_load_balancer_network_load_balancer.lb_external.id + port = 0 + protocol = "ANY" +} + +# Network Load Balancer Backend Set +resource "oci_network_load_balancer_backend_set" "lb_external_backend_set" { + health_checker { + protocol = "TCP" + port = 8443 + } + + name = "${var.PREFIX}-untrusted-backend-set" + network_load_balancer_id = oci_network_load_balancer_network_load_balancer.lb_external.id + policy = "FIVE_TUPLE" + is_preserve_source = true +} + +# Network Load Balancer Backends +resource "oci_network_load_balancer_backend" "lb_external_backend_fwba" { + backend_set_name = oci_network_load_balancer_backend_set.lb_external_backend_set.name + network_load_balancer_id = oci_network_load_balancer_network_load_balancer.lb_external.id + port = 0 + ip_address = var.fwba_ipaddress_port1 +} + +resource "oci_network_load_balancer_backend" "lb_external_backend_fwbb" { + backend_set_name = oci_network_load_balancer_backend_set.lb_external_backend_set.name + network_load_balancer_id = oci_network_load_balancer_network_load_balancer.lb_external.id + port = 0 + ip_address = var.fwbb_ipaddress_port1 +} \ No newline at end of file diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/output.tf b/FortiWeb/Active-Active/Existing-VCN/terraform/output.tf new file mode 100644 index 0000000..6645c67 --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/output.tf @@ -0,0 +1,27 @@ +############################################################################################################## +# +# FortiWeb Active/Active Load Balanced pair of standalone FortiWeb VMs for resilience and scale +# Terraform deployment template for Oracle Cloud +# +############################################################################################################## + +// Default Username and Password +output "Default_Username" { + value = "admin" +} +output "Default_Password_FortiWeb_A" { + value = oci_core_instance.vm_fwb_a.id +} +output "Default_Password_FortiWeb_B" { + value = oci_core_instance.vm_fwb_b.id +} + +// FortiGate A +output "FortiWeb_A_Management_IP" { + value = oci_core_instance.vm_fwb_a.*.public_ip +} + +// FortiGate B +output "FortiWeb_B_Management_IP" { + value = oci_core_instance.vm_fwb_b.*.public_ip +} diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/provider.tf b/FortiWeb/Active-Active/Existing-VCN/terraform/provider.tf new file mode 100644 index 0000000..be3f43d --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/provider.tf @@ -0,0 +1,17 @@ +provider "oci" { + tenancy_ocid = var.tenancy_ocid + user_ocid = var.user_ocid + fingerprint = var.fingerprint + private_key_path = var.private_key_path + region = var.region +} + +terraform { + required_providers { + oci = { + source = "oracle/oci" + version = ">=5.9.0" + } + template = ">=2.1.2" + } +} \ No newline at end of file diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/terraform.tfvars b/FortiWeb/Active-Active/Existing-VCN/terraform/terraform.tfvars new file mode 100644 index 0000000..f666fc3 --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/terraform.tfvars @@ -0,0 +1,7 @@ +// Change to your own variables +tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaambr3uzztoyhweohbzqqdo775h7d3t54zpmzkp4b2cf35vs55ck3a" +compartment_ocid = "ocid1.compartment.oc1..aaaaaaaam6bypzy7et2h3xepldc7mjpaqdxp6a65mkbwvhrfnvphsz35r73a" +user_ocid = "ocid1.user.oc1..aaaaaaaapbaqbra7ms64ti76bnoupkcuce7l3yiemgvqsucqv4ghf5qfrsta" +fingerprint = "c7:32:ba:fa:d3:59:d0:9b:84:dc:0e:a0:ca:15:0f:d0" +private_key_path = "/Users/ozanoguz/.oci/oraclekey.pem" +region = "eu-frankfurt-1" diff --git a/FortiWeb/Active-Active/Existing-VCN/terraform/variables.tf b/FortiWeb/Active-Active/Existing-VCN/terraform/variables.tf new file mode 100644 index 0000000..e53072a --- /dev/null +++ b/FortiWeb/Active-Active/Existing-VCN/terraform/variables.tf @@ -0,0 +1,148 @@ +############################################################################################################## +# +# FortiWeb Active/Active Load Balanced pair of standalone FortiWeb VMs for resilience and scale +# Terraform deployment template for Oracle Cloud +# +############################################################################################################## + +# Prefix for all resources created for this deployment in Microsoft Azure +variable "PREFIX" { + default = "FortiWeb" +} + +variable "region" { + description = "Oracle Cloud region" +} + +############################################################################################################## +# Oracle Cloud configuration +############################################################################################################## + +variable "tenancy_ocid" {} +variable "compartment_ocid" {} +variable "user_ocid" { + default = "" +} +variable "private_key_path" { + default = "" +} +variable "fingerprint" { + default = "" +} + +############################################################################################################## +# FortiWeb Instance Type +############################################################################################################## +variable "instance_shape" { + type = string + default = "VM.Standard2.2" +} + +variable "mp_listing_id" { + default = "ocid1.appcataloglisting.oc1..aaaaaaaabns5i7dbr5rwxrkvbxlofsnn5gdvbe47qtfnqtl54sni3ltuxoga" //BYOL +} + +//variable "mp_listing_resource_id" { +//default = "ocid1.image.oc1..aaaaaaaahzbjbsp22ixqkmj5nn2mr2mvknh2sqd27zqrscwndt5kwf5isleq" +//} + +// Version +variable "mp_listing_resource_version" { + default = "7.0.4" +} + +// Image OCID +variable "vm_image_ocid" { + default = "ocid1.image.oc1..aaaaaaaahzbjbsp22ixqkmj5nn2mr2mvknh2sqd27zqrscwndt5kwf5isleq" +} + +// Cert use for SDN Connector setting +variable "cert" { + type = string + default = "Fortinet_Factory" +} + +############################################################################################################## +# VCN and SUBNET ADDRESSESS +############################################################################################################## + +variable "vcn_cidr" { + description = "Enter your VCN CIDR" +} + +variable "vcn" { + description = "Enter your VCN OCID" +} + +variable "igw_ocid" { + description = "Enter your Internet Gateway OCID" +} + +variable "subnet" { + type = map(string) + description = "" + + default = { + "1" = "172.16.140.0/28" # Flexible Network Load Balancer + "2" = "172.16.140.16/28" # Untrusted + "3" = "172.16.140.32/28" # Trusted + } +} + +variable "subnetmask" { + type = map(string) + description = "" + + default = { + "1" = "28" # Flexible Network Load Balancer + "2" = "28" # Untrusted + "3" = "28" # Trusted + } +} + +variable "gateway" { + type = map(string) + description = "" + + default = { + "1" = "172.16.140.1" # Flexible Network Load Balancer + "2" = "172.16.140.17" # Untrusted + "3" = "172.16.140.33" #Trusted + } +} + +variable "fwba_ipaddress_port1" { + type = string + default = "172.16.140.20" # Untrusted +} + +variable "fwbb_ipaddress_port1" { + type = string + default = "172.16.140.21" # Untrusted +} + +variable "fwba_ipaddress_port2" { + type = string + default = "172.16.140.40" # Trusted +} + +variable "fwbb_ipaddress_port2" { + type = string + default = "172.16.140.41" # Trusted +} + +# Choose an Availability Domain (1,2,3) +variable "availability_domain" { + type = string + default = "1" +} + +variable "availability_domain2" { + type = string + default = "2" +} + +variable "volume_size" { + type = string + default = "50" //GB; you can modify this, can't less than 50 +} \ No newline at end of file