Hi @Vijaygvasan ,

Not sure if you are using a FortiGate-VM Next Generation Firewall or the physical FortiGate firewall appliance. However, I happen to find helpful documentations that you may check:

1. If you are going to use a GCP Load balancer and direct traffic to the FortiGate instance, this documentation might help you give the idea on how to set it up.

2. If you are going to use the GCP Load balancer in front of a physical FortiGate firewall, you will need to consider the following:

a. Make sure that your physical FortiGate firewall is connected to the GCP network. This involves configuring VPNs, Interconnects, or other networking components depending on your specific setup.
b. Consider how health checks will be performed on the physical FortiGate firewall. Health checks are essential for the load balancer to determine the availability of the backend instances. In the case of a physical firewall, you might need to set up external monitoring mechanisms or use available interfaces on the FortiGate that can be probed for health.
c. Configure the FortiGate firewall to allow incoming traffic from the GCP Load Balancer. Make sure that the necessary ports and protocols are open to accept traffic from the load balancer.
d. Adjust the load balancer settings based on the capabilities and requirements of your physical FortiGate firewall. For example, you might need to configure session affinity, SSL termination, etc.

According to this documentation, if your FortiGate is accepting connections via a load balancer (LB), you must additionally configure routes to the health probes' IP ranges on each interface receiving traffic. This prevents the reverse path forwarding check from blocking the health probes. The IP ranges are different for different LB types. Google documents the ranges. For the internal LB, the ranges are 35.191.0.0/16 and 130.211.0.0/22.

The 0.0.0.0/0 route on the external interface covers the ranges that the external network LB uses.