Skip to content

netskopeoss/terraform-netskopebwan-gcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
images
images
 
 
modules
modules
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
example.tfvars
example.tfvars
 
 
main.tf
main.tf
 
 
output.tf
output.tf
 
 
provider.tf
provider.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Netskope SD-WAN GW GCP Module

This Infrastructure as Code (IaC) will help you deploy Netskope SD-WAN Gateway in your GCP environment in following scenarios:

  • Deploy and activate Netskope SD-WAN Gateway in a new VPC and connect to a new Cloud Router
  • Deploy and activate Netskope SD-WAN Gateway in an existing VPC with a new Cloud Router
  • Deploy Gateway with multiple WAN links / interfaces
  • Optional client deployment for end to end solution validation

This module creates / configures the following objects in GCP and Netskop SD-WAN Portal:

GCP Cloud

  • VPC per interface (Re-use existing or create new one)
  • Subnets (always creates new one)
  • Network Connectivity Hub
  • Cloud Router
  • Firewall Rules (For both WAN network and Private network)
  • BGP Peering in Cloud Router to Netskope SD-WAN (This module will provide the actual command to manually execute)
  • Host VPC / VM and required peerings (if chosen)

Netskope SD-WAN Portal

  • Create new policy
  • Create new gateway (HA deployment is optional)
  • Configure required static routes and BGP peers

Key Points

  • The default username for the gateway is "infiot". Password authentication is disabled and you must use SSH keys to authenticate.
  • This module has an option to set the password for the default username "infiot". This will be used only for console access.

Known Limitations

  1. Since terraform provider APIs for Cloud Router has issues when trying to add redundant interfaces, following configurations should be done through CLIs

    • Cloud router interface configuration
    • BGP Peering configuration in GCP

    This terraform module will help you the actual command to be executed when you apply this module.

Architecture Diagram

This IaC will create the GCP resources as shown below.

Fig 1. Netskope SD-WAN GW deployment in GCP

Deployment

To deploy this template in GCP:

  • Identify the "Base URL" for your Netskope SD-WAN Tenant. This is a URL that you use to access your Netskope tenant, for example: https://example.infiot.net This will be set in "netskope_tenant" variable blob

  • Get the ID of your Tenant from Netskope Team.

  • Create a REST API Token as follows:

API Token

Fig 2. Netskope SD-WAN Portal API Token

  • Clone the GitHub repository for this deployment.

  • Configure provider block or set variables in the "provider.tf" file.

  • Customize variables in the example.tfvars and variables.tf file as needed.

  • Change to the repository directory and then initialize the providers and modules.

    $ cd <Code Directory>
$ terraform init

  • Submit the Terraform plan to preview the changes Terraform will make to match your configuration.

    $ terraform plan

  • Apply the plan. The apply will make no changes to your resources, you can either respond to the confirmation prompt with a 'Yes' or cancel the apply if changes are needed.

    $ terraform apply

Destruction

  • To destroy this deployment, use the command:

    $ terraform destroy

Support

Netskope-provided scripts in this and other GitHub projects do not fall under the regular Netskope technical support scope and are not supported by Netskope support services.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 1

v0.0.1 Latest
Jan 6, 2023

Packages

No packages published

Languages