- Add network interfaces:
- In the AWS console, open the Elastic Compute Cloud (EC2) service.
- Select Network Interfaces, then click the Create Network Interface button.
- Provide a description of the interface, specify the private subnet in availability zone A and specify the security group created in Deploying FortiGate-VM from AWS marketplace.
- Click Yes, Create.
- Click the newly created interface. From the Actions dropdown list, select Change Source/Dest Check. Disable Source/Dest Check and save.
- From the Actions dropdown list, select Attach.
- From the dropdown list, select the first FortiGate-VM. Click Attach.
- Repeat step 1 for the secondary FortiGate-VM. Each FortiGate-VM will be attached with four network interfaces:
Public network IP address. Elastic IP address (EIP) only for primary FortiGate in high availability group.
Private network IP address
Heartbeat network IP address
Management network IP address. EIP on each FortiGate.
- Add elastic IP addresses (EIPs):
- In the AWS console, open the EC2 service.
- Select Elastic IPs, then click the Allocate new address button.
- Accept the defaults, then click the Allocate button.
- Repeat steps a-c twice for a total of three EIPs:
- One EIP is for port1 that will move to the secondary FortiGate-VM during failover.
- Two EIPs are for high availability (HA) management ports.
- Attach three EIPs as follows:
- Port 1 of the primary FortiGate by selecting Network Interface as the Resource Type and its eth0 ENI network interface to associate.
- Port 4 of the primary FortiGate by selecting Network Interface as the Resource Type and its eth3 ENI network interface to associate.
- Port 4 of the secondary FortiGate by selecting Network Interface as the Resource Type and its eth 3ENI network interface to associate.
The primary FortiGate port 1 EIP will fail over to the secondary FortiGate in case of failure.
Port4 elastic IPs are not accessible until you form an HA cluster.