Fortinet black logo

AWS Administration Guide

Home FortiGate Public Cloud 7.0.0 AWS Administration Guide

Deploying the CloudFormation templates

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID e129c4eb-867b-11eb-9995-00505692583a:864455
Download PDF

Deploying the CloudFormation templates

FortiGate Autoscale for AWS can be deployed:

  • with Transit Gateway integration (using a new Transit Gateway or integrating with your existing Transit Gateway). This option builds a new AWS environment consisting of the VPC, subnets, security groups, and other infrastructure components. It then deploys FortiGate Autoscale into this new VPC and attaches this new VPC to the Transit Gateway.
  • without Transit Gateway integration. This option allows for deployment into a new VPC or into an existing VPC.

Deployment notes

Deployment option

Notes

with Transit Gateway integration (new VPC only)

One inbound route domain and one outbound route domain will be created for the new or existing Transit Gateway. FortiGate Autoscale for AWS will be attached to the Transit Gateway.

into an existing VPC

  • Incoming requests go through a connection that flows through the internet gateway, Network Load Balancer, and FortiGate Auto Scaling group before reaching the protected instances in the private subnets in your existing VPC. The protected instances return a response using the same connection.
  • Outgoing requests from the protected instances go through one FortiGate-VM instance in an Auto Scaling group and the internet gateway to the public network. The public network returns the response using the same path.
  • Note

    FortiGate Autoscale will manage the 0.0.0.0/0 route for overall egress traffic. For details on using other NAT gateways refer to the section How to partially route egress traffic.
To deploy the CloudFormation templates:
  1. Navigate to the S3 folder you uploaded files to in the previous section. In the following example, we navigate to Amazon S3 > fortigate-autoscale > deployment-package.
  2. Click templates and select the appropriate entry template to start the deployment. To deploy:
    • with Transit Gateway integration, click autoscale-tgw-new-vpc.template.yaml
    • without Transit Gateway integration, click autoscale-new-vpc.template.yaml to deploy into a new VPC
    • without Transit Gateway integration, click autoscale-existing-vpc.template.yaml to deploy into an existing VPC

    Select template

  3. Copy the Object URL of the template you picked in the previous step. In our example, the template chosen is for deploying into a new VPC.
    Copy the Object URL
  4. Click Services, and then Management & Governance > CloudFormation.
  5. Confirm the region you are in and then click Create Stack > With new resources (standard).
    Create Stack
  6. Paste the Object URL from step 3 into the Amazon S3 URL field as shown:
    Paste Object URL
  7. Click Next.
  8. On the Specify stack details page, enter a stack name and review parameters for the template, providing values for parameters that require input.

    CFT parameters

Previous
Next

Deploying the CloudFormation templates

FortiGate Autoscale for AWS can be deployed:

  • with Transit Gateway integration (using a new Transit Gateway or integrating with your existing Transit Gateway). This option builds a new AWS environment consisting of the VPC, subnets, security groups, and other infrastructure components. It then deploys FortiGate Autoscale into this new VPC and attaches this new VPC to the Transit Gateway.
  • without Transit Gateway integration. This option allows for deployment into a new VPC or into an existing VPC.

Deployment notes

Deployment option

Notes

with Transit Gateway integration (new VPC only)

One inbound route domain and one outbound route domain will be created for the new or existing Transit Gateway. FortiGate Autoscale for AWS will be attached to the Transit Gateway.

into an existing VPC

  • Incoming requests go through a connection that flows through the internet gateway, Network Load Balancer, and FortiGate Auto Scaling group before reaching the protected instances in the private subnets in your existing VPC. The protected instances return a response using the same connection.
  • Outgoing requests from the protected instances go through one FortiGate-VM instance in an Auto Scaling group and the internet gateway to the public network. The public network returns the response using the same path.
  • Note

    FortiGate Autoscale will manage the 0.0.0.0/0 route for overall egress traffic. For details on using other NAT gateways refer to the section How to partially route egress traffic.
To deploy the CloudFormation templates:
  1. Navigate to the S3 folder you uploaded files to in the previous section. In the following example, we navigate to Amazon S3 > fortigate-autoscale > deployment-package.
  2. Click templates and select the appropriate entry template to start the deployment. To deploy:
    • with Transit Gateway integration, click autoscale-tgw-new-vpc.template.yaml
    • without Transit Gateway integration, click autoscale-new-vpc.template.yaml to deploy into a new VPC
    • without Transit Gateway integration, click autoscale-existing-vpc.template.yaml to deploy into an existing VPC

    Select template

  3. Copy the Object URL of the template you picked in the previous step. In our example, the template chosen is for deploying into a new VPC.
    Copy the Object URL
  4. Click Services, and then Management & Governance > CloudFormation.
  5. Confirm the region you are in and then click Create Stack > With new resources (standard).
    Create Stack
  6. Paste the Object URL from step 3 into the Amazon S3 URL field as shown:
    Paste Object URL
  7. Click Next.
  8. On the Specify stack details page, enter a stack name and review parameters for the template, providing values for parameters that require input.

    CFT parameters

Previous
Next