Instance type support

FortiGate-VM supports the following instance types on AWS. Supported instances in the AWS marketplace listing may change without notice and vary between bring your own license (BYOL) and on-demand models. See Order types. As of May 2018, C3 and M-series instances no longer appear as recommended instances.

When you run FortiGate-native active-passive HA, each FortiGate-VM instance requires four network interfaces (port 1 to port 4). For details, see Deploying and configuring FortiGate-VM active-passive HA.

For up-to-date information on each instance type, see the following links:

• Amazon EC2 Instance Types
• Elastic Network Interfaces

Instance category	Instance type	vCPU	Max NIC (enabled by AWS)	FortiGate minimum order (BYOL) to consume all instance CPU
General purpose	T2.small	1	2	FG-VM01 or FG-VM01v
Compute optimized	C4.large	2	3	FG-VM02 or FG-VM02v
	C4.xlarge	4	4	FG-VM04 or FG-VM04v
	C4.2xlarge	8	4	FG-VM08 or FG-VM08v
	C4.4xlarge	16	8	FG-VM16 or FG-VM16v
	C4.8xlarge	36	8	FG-VMUL or FG-VMULv
	C5.large (recommended by default)	2	3	FG-VM02 or FG-VM02v
	C5.xlarge	4	4	FG-VM04 or FG-VM04v
	C5.2xlarge	8	4	FG-VM08 or FG-VM08v
	C5.4xlarge	16	8	FG-VM16 or FG-VM16v
	C5.9xlarge	36	8	FG-VMUL or FG-VMULv
	C5.18xlarge	72	15

You can apply a smaller FortiGate-VM license if you are OK with consuming less CPU than is present on your instance. See Models.

To change your instance type to the recommended C5 instance type, ensure that ENA is enabled. Otherwise the instance does not boot up properly.

In the following example, after changing the instance type to C5, ENA is not enabled. The example shows changing the ENA support attribute to true:

$ aws ec2 describe-instances --instance-ids i-xxxxxxx --query "Reservations[].Instances[].EnaSupport"

[]

$ aws ec2 modify-instance-attribute --instance-id i-xxxxxxx --ena-support

$ aws ec2 describe-instances --instance-ids i-xxxxxxx --query "Reservations[].Instances[].EnaSupport"

[

true

]

The instance can now boot up as a C5 instance type.