Fortinet black logo

Administration Guide

Home FortiGate CNF Administration Guide

Creating a new AWS FortiGate CNF instance

Creating a new AWS FortiGate CNF instance

To create a new AWS FortiGate CNF instance:

  1. In CNF Instances, click New and select AWS.

  2. In CNF Name, enter a unique name for this instance.

  3. Select the appropriate Region. This ideally is in the same region as the workload, but may be different for some configurations, such as east-west traffic.

    For more information about possible deployment scenarios, see Deployment scenarios.

  4. Enable or disable FortiManager mode. For more information, see FortiManager mode.

    Tooltip

    If FortiManager mode is enabled when creating a FortiGate CNF instance, policy management for this instance is disabled in the FortiGate CNF console.

    You will be provided with the IP address and login credentials to the FortiGate, which you can use to add the device to FortiManager.

  5. Set Internal Logging to one of the following options:

    • None: Disable internal logging.

    • S3 Bucket: Enable logging to the AWS account S3 bucket, then select the S3 Bucket in Log Traffic to S3 Bucket.

    • Security Lake: Enable logging to AWS Security Lake, then select the destination Security Lake in Log Traffic to Security Lake.

      Caution

      FortiGate CNF does not create a Security Lake destination. You must create it and enable access using the CloudFormation template.

      In the CloudFormation Stack Details, set SecurityLakeCustomLogSourceName to your Security Lake custom source.

      See Configuring Security Lake.

  6. In External Logging, select one of the available options:

    • None: disable external logging.

    • External Syslog: Enter the External Syslog Server IP.

    • FortiAnalyzer: Enter the FortiAnalyzer IP.

    For more information about FortiGate log messages and formats, see the FortiOS Log Message reference.

  7. Optionally, add endpoints. For more information about endpoints, see Adding an endpoint to an AWS instance.

  8. Click OK.

    The CNF Instances list displays, with the new instance having a status of Initializing. After the instance has initialized, the status changes to Active and the instance can be configured with endpoints and policy sets.

    In the background, the FortiGate CNF instances and other infrastructure are created. This process takes approximately 10 minutes.

Previous
Next

Creating a new AWS FortiGate CNF instance

To create a new AWS FortiGate CNF instance:

  1. In CNF Instances, click New and select AWS.

  2. In CNF Name, enter a unique name for this instance.

  3. Select the appropriate Region. This ideally is in the same region as the workload, but may be different for some configurations, such as east-west traffic.

    For more information about possible deployment scenarios, see Deployment scenarios.

  4. Enable or disable FortiManager mode. For more information, see FortiManager mode.

    Tooltip

    If FortiManager mode is enabled when creating a FortiGate CNF instance, policy management for this instance is disabled in the FortiGate CNF console.

    You will be provided with the IP address and login credentials to the FortiGate, which you can use to add the device to FortiManager.

  5. Set Internal Logging to one of the following options:

    • None: Disable internal logging.

    • S3 Bucket: Enable logging to the AWS account S3 bucket, then select the S3 Bucket in Log Traffic to S3 Bucket.

    • Security Lake: Enable logging to AWS Security Lake, then select the destination Security Lake in Log Traffic to Security Lake.

      Caution

      FortiGate CNF does not create a Security Lake destination. You must create it and enable access using the CloudFormation template.

      In the CloudFormation Stack Details, set SecurityLakeCustomLogSourceName to your Security Lake custom source.

      See Configuring Security Lake.

  6. In External Logging, select one of the available options:

    • None: disable external logging.

    • External Syslog: Enter the External Syslog Server IP.

    • FortiAnalyzer: Enter the FortiAnalyzer IP.

    For more information about FortiGate log messages and formats, see the FortiOS Log Message reference.

  7. Optionally, add endpoints. For more information about endpoints, see Adding an endpoint to an AWS instance.

  8. Click OK.

    The CNF Instances list displays, with the new instance having a status of Initializing. After the instance has initialized, the status changes to Active and the instance can be configured with endpoints and policy sets.

    In the background, the FortiGate CNF instances and other infrastructure are created. This process takes approximately 10 minutes.

Previous
Next