Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • AliCloud Administration Guide

    Home FortiGate Public Cloud 6.4.0 AliCloud Administration Guide
    6.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Manual deployment of auto scaling on AliCloud

    Manual deployment of auto scaling on AliCloud

    Following is a sample configuration for deploying Auto Scaling on AliCloud:

    1. Create a scaling group in the AliCloud console.
    2. Create a scaling configuration in the AliCloud console.
    3. Create scaling rules in the AliCloud console.
    4. Configure a FortiGate-VM in the Auto Scaling group as the primary member.
    5. Scale out a new FortiGate-VM, configure it as a secondary member, and synchronize the configuration from the primary to the secondary FortiGate-VM.
    6. Run diagnose commands to confirm that Auto Scaling is functioning.
    To create a scaling group in the AliCloud console:
    1. Log into the AliCloud console.
    2. Go to Auto Scaling > Scaling Groups > Create Scaling Group.
    3. Set the following parameters for the Auto Scaling group:
      1. Scaling Group Name: Enter a name for the scaling group. The sample configuration is named FGT-ASG.
      2. Maximum Instances: Enter the maximum number of instances that can comprise the group. In the sample configuration, four (4) is the maximum number.
      3. Minimum Instances: Enter the minimum number of instances that can comprise the group. In the sample configuration, one (1) is the minimum number.
      4. Instance Configuration Source: Leave at the default value.
      5. Network Type: Leave at the default value, which is VPC.
      6. Select the VPC and VSwitch as desired.

    4. Click OK.
    To create a scaling configuration in the AliCloud console:
    1. After creating an Auto Scaling group, AliCloud displays a popup for creating a new scaling configuration before activating Auto Scaling. In the popup, click Create Now.
    2. Select the instance type.
    3. Select the desired FortiGate-VM image.
    4. Ensure that Assign Public IP is selected.
    5. Select the desired security group.
    6. Click Next: System Configurations.

    7. (Optional) set the key pair.

    8. Preview the scaling configuration, then click Create and Enable Configuration.

    9. Go to Auto Scaling > Scaling Groups to ensure that AliCloud has created the Auto Scaling group and that the first FortiGate-VM has been automatically launched under the group.

    To create scaling rules in the AliCloud console:
    1. In Auto Scaling > Scaling Groups, click the group name.
    2. Click Scaling Rules from the right-side menu.
    3. In the Create Scaling Rule dialog, enter a scaling rule name.
    4. Configure an action. In the sample configuration, the scaling rule is configured to add one (1) FortiGate-VM instance.
    5. Enter a cool down time, then click Create Scaling Rule. You could also configure another scaling rule which can be executed to remove one (1) FortiGate-VM instance.

    To configure a FortiGate-VM in the Auto Scaling group as the primary member:
    1. Log into the FortiGate-VM.
    2. Run the following commands in the CLI to enable Auto Scaling and configure this FortiGate-VM as the primary member of the Auto Scaling group:

      config system auto-scale

      set status enable

      set role master

      set sync-interface "port1"

      set psksecret xxxxxx

      end

    To scale out a new FortiGate-VM, configure it as a secondary member, and synchronize the configuration:
    1. In Auto Scaling > Scaling Groups, click the group name, then execute the scaling rule created earlier. AliCloud creates a new FortiGate-VM instance.
    2. Log into the new FortiGate-VM.
    3. Run the following commands in the CLI to enable Auto Scaling and configure this FortiGate-VM as the secondary member of the Auto Scaling group. The master-ip value should be the primary FortiGate-VM's private IP address:

      config system auto-scale

      set status enable

      set role slave

      set sync-interface "port1"

      set master-ip 192.168.1.204

      set psksecret xxxxxx

      end

      The secondary FortiGate-VM will be synced with the primary FortiGate-VM. The secondary FortiGate-VM can receive configurations from the primary FortiGate-VM.

    To run diagnose commands:

    You can run the following diagnose commands to determine if the primary and secondary FortiGate-VMs are able to synchronize configurations:

    FortiGate-VM64-ALION~AND # diag deb app hasync -1

    slave's configuration is not in sync with master's, sequence:0

    slave's configuration is not in sync with master's, sequence:1

    slave's configuration is not in sync with master's, sequence:2

    slave's configuration is not in sync with master's, sequence:3

    slave's configuration is not in sync with master's, sequence:4

    slave starts to sync with master

    logout all admin users

    Previous
    Next

    Manual deployment of auto scaling on AliCloud

    Manual deployment of auto scaling on AliCloud

    Following is a sample configuration for deploying Auto Scaling on AliCloud:

    1. Create a scaling group in the AliCloud console.
    2. Create a scaling configuration in the AliCloud console.
    3. Create scaling rules in the AliCloud console.
    4. Configure a FortiGate-VM in the Auto Scaling group as the primary member.
    5. Scale out a new FortiGate-VM, configure it as a secondary member, and synchronize the configuration from the primary to the secondary FortiGate-VM.
    6. Run diagnose commands to confirm that Auto Scaling is functioning.
    To create a scaling group in the AliCloud console:
    1. Log into the AliCloud console.
    2. Go to Auto Scaling > Scaling Groups > Create Scaling Group.
    3. Set the following parameters for the Auto Scaling group:
      1. Scaling Group Name: Enter a name for the scaling group. The sample configuration is named FGT-ASG.
      2. Maximum Instances: Enter the maximum number of instances that can comprise the group. In the sample configuration, four (4) is the maximum number.
      3. Minimum Instances: Enter the minimum number of instances that can comprise the group. In the sample configuration, one (1) is the minimum number.
      4. Instance Configuration Source: Leave at the default value.
      5. Network Type: Leave at the default value, which is VPC.
      6. Select the VPC and VSwitch as desired.

    4. Click OK.
    To create a scaling configuration in the AliCloud console:
    1. After creating an Auto Scaling group, AliCloud displays a popup for creating a new scaling configuration before activating Auto Scaling. In the popup, click Create Now.
    2. Select the instance type.
    3. Select the desired FortiGate-VM image.
    4. Ensure that Assign Public IP is selected.
    5. Select the desired security group.
    6. Click Next: System Configurations.

    7. (Optional) set the key pair.

    8. Preview the scaling configuration, then click Create and Enable Configuration.

    9. Go to Auto Scaling > Scaling Groups to ensure that AliCloud has created the Auto Scaling group and that the first FortiGate-VM has been automatically launched under the group.

    To create scaling rules in the AliCloud console:
    1. In Auto Scaling > Scaling Groups, click the group name.
    2. Click Scaling Rules from the right-side menu.
    3. In the Create Scaling Rule dialog, enter a scaling rule name.
    4. Configure an action. In the sample configuration, the scaling rule is configured to add one (1) FortiGate-VM instance.
    5. Enter a cool down time, then click Create Scaling Rule. You could also configure another scaling rule which can be executed to remove one (1) FortiGate-VM instance.

    To configure a FortiGate-VM in the Auto Scaling group as the primary member:
    1. Log into the FortiGate-VM.
    2. Run the following commands in the CLI to enable Auto Scaling and configure this FortiGate-VM as the primary member of the Auto Scaling group:

      config system auto-scale

      set status enable

      set role master

      set sync-interface "port1"

      set psksecret xxxxxx

      end

    To scale out a new FortiGate-VM, configure it as a secondary member, and synchronize the configuration:
    1. In Auto Scaling > Scaling Groups, click the group name, then execute the scaling rule created earlier. AliCloud creates a new FortiGate-VM instance.
    2. Log into the new FortiGate-VM.
    3. Run the following commands in the CLI to enable Auto Scaling and configure this FortiGate-VM as the secondary member of the Auto Scaling group. The master-ip value should be the primary FortiGate-VM's private IP address:

      config system auto-scale

      set status enable

      set role slave

      set sync-interface "port1"

      set master-ip 192.168.1.204

      set psksecret xxxxxx

      end

      The secondary FortiGate-VM will be synced with the primary FortiGate-VM. The secondary FortiGate-VM can receive configurations from the primary FortiGate-VM.

    To run diagnose commands:

    You can run the following diagnose commands to determine if the primary and secondary FortiGate-VMs are able to synchronize configurations:

    FortiGate-VM64-ALION~AND # diag deb app hasync -1

    slave's configuration is not in sync with master's, sequence:0

    slave's configuration is not in sync with master's, sequence:1

    slave's configuration is not in sync with master's, sequence:2

    slave's configuration is not in sync with master's, sequence:3

    slave's configuration is not in sync with master's, sequence:4

    slave starts to sync with master

    logout all admin users

    Previous
    Next