Saturday, June 6, 2015

GOOG compute-engine kicking the tires ( w/ the fortigate )

In this post I will walk you around kicking the tires on a GOOG compute engine vm-instance. This task 1st started as me looking for a ipv6 support within the GOOG compute platform. To my disappointment GOOGLE does not support IPV6.

Yes, I was shocked, Ive asked then about this  feature over 10 months ago and they told me they are working on it. So I guess they are still drafting out  ipv6 design and deployment.

Now the vm instance  are quick and simple to engage. GOOG has a few CAN'd images available, but still no virtual firewall instances from any major vendor.

The start up on my simple vm-instance it's quick and almost instant. 

They do offer a few means for accessing the cli of the vm-instance, I used the integral https browser which seems to work very good and quick. No need to install key or modify anything. Even if you had no ssh client, this method would work for most all OSes.

Now to setup a vpn to your fortigate, the GOOG side of things was like steps 1-2-3 . You can build a vpn in like under 1 minute. In fact you can't select anything,  but the ike-version and remote network and ipsec-endpoint plus the PSK. You do more work on the fortigate when it comes to  vpn creation.

NOTE: I selected ikev2 for this blog post

And for the fortigate, I 've crafted the following using just a single cipher and with the proposal aes128-sha1.

NOTE: this is a route based vpn so we have a route installed to reach the remote compute  network

A simple ping after adding a firewall-policy to allow the traffic, shows I can  reach my newly created vm-instance.

GOOG made snapshot creations simple as 1-2-3. You can named the snapshot description if you so desire.

The thing that impressed me the most about Compute Engine
  •  every thing is simple to execute
  •  you could walk your mom thru, on how to launch a VM-instance
  •  status updates are given just about  every time you do anything
  •  accessing your vm-instance is so simple for ipsec LAN2LAN

Google has limited zones for instances ,  but they seems decent to say the least.

To learn more about google compute engine;

It's a simple, very well defined, and reliable virtual hosting cloud. The only things with GOOG;
  •  how much trust do you have with data in  the google cloud?
  •  and do you have means for a 100% deletion of sensitive data?

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       /  \

1 comment: