Fortinet black logo

AWS Administration Guide

Home FortiGate Public Cloud 7.0.0 AWS Administration Guide

Adding network interfaces and elastic IP addresses to the FortiGate-VMs

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID e129c4eb-867b-11eb-9995-00505692583a:903457
Download PDF

Adding network interfaces and elastic IP addresses to the FortiGate-VMs

To add network interfaces and elastic IP addresses to the FortiGate-VMs:
  1. Add network interfaces:
    1. In the AWS console, open the Elastic Compute Cloud (EC2) service.
    2. Select Network Interfaces, then click the Create Network Interface button.
    3. Provide a description of the interface, specify the private subnet in availability zone A and specify the security group created in Deploying FortiGate-VM from AWS marketplace.
    4. Click Yes, Create.
    5. Click the newly created interface. From the Actions dropdown list, select Change Source/Dest Check. Disable Source/Dest Check and save.
    6. From the Actions dropdown list, select Attach.
    7. From the dropdown list, select the first FortiGate-VM. Click Attach.
    8. Repeat the process for the second FortiGate-VM.
  2. Repeat step 1 for the secondary FortiGate-VM. Each FortiGate-VM will be attached with four network interfaces:

    Port

    Purpose

    Port1 (eth0)

    Public network IP address. Elastic IP address (EIP) only for primary FortiGate in high availability group.

    Port2 (eth1)

    Private network IP address

    Port3 (eth2)

    Heartbeat network IP address

    Port4 (eth3)

    Management network IP address. EIP on each FortiGate.

  3. Add elastic IP addresses (EIPs):
    1. In the AWS console, open the EC2 service.
    2. Select Elastic IPs, then click the Allocate new address button.
    3. Accept the defaults, then click the Allocate button.
    4. Repeat steps a-c twice for a total of three EIPs:
      • One EIP is for port1 that will move to the secondary FortiGate-VM during failover.
      • Two EIPs are for high availability (HA) management ports.
  4. Attach three EIPs as follows:
    1. Port 1 of the primary FortiGate by selecting Network Interface as the Resource Type and its eth0 ENI network interface to associate.
    2. Port 4 of the primary FortiGate by selecting Network Interface as the Resource Type and its eth3 ENI network interface to associate.
    3. Port 4 of the secondary FortiGate by selecting Network Interface as the Resource Type and its eth 3ENI network interface to associate.

    The primary FortiGate port 1 EIP will fail over to the secondary FortiGate in case of failure.

    Port4 elastic IP addresses are not accessible until you form an HA cluster.

Previous
Next

Adding network interfaces and elastic IP addresses to the FortiGate-VMs

To add network interfaces and elastic IP addresses to the FortiGate-VMs:
  1. Add network interfaces:
    1. In the AWS console, open the Elastic Compute Cloud (EC2) service.
    2. Select Network Interfaces, then click the Create Network Interface button.
    3. Provide a description of the interface, specify the private subnet in availability zone A and specify the security group created in Deploying FortiGate-VM from AWS marketplace.
    4. Click Yes, Create.
    5. Click the newly created interface. From the Actions dropdown list, select Change Source/Dest Check. Disable Source/Dest Check and save.
    6. From the Actions dropdown list, select Attach.
    7. From the dropdown list, select the first FortiGate-VM. Click Attach.
    8. Repeat the process for the second FortiGate-VM.
  2. Repeat step 1 for the secondary FortiGate-VM. Each FortiGate-VM will be attached with four network interfaces:

    Port

    Purpose

    Port1 (eth0)

    Public network IP address. Elastic IP address (EIP) only for primary FortiGate in high availability group.

    Port2 (eth1)

    Private network IP address

    Port3 (eth2)

    Heartbeat network IP address

    Port4 (eth3)

    Management network IP address. EIP on each FortiGate.

  3. Add elastic IP addresses (EIPs):
    1. In the AWS console, open the EC2 service.
    2. Select Elastic IPs, then click the Allocate new address button.
    3. Accept the defaults, then click the Allocate button.
    4. Repeat steps a-c twice for a total of three EIPs:
      • One EIP is for port1 that will move to the secondary FortiGate-VM during failover.
      • Two EIPs are for high availability (HA) management ports.
  4. Attach three EIPs as follows:
    1. Port 1 of the primary FortiGate by selecting Network Interface as the Resource Type and its eth0 ENI network interface to associate.
    2. Port 4 of the primary FortiGate by selecting Network Interface as the Resource Type and its eth3 ENI network interface to associate.
    3. Port 4 of the secondary FortiGate by selecting Network Interface as the Resource Type and its eth 3ENI network interface to associate.

    The primary FortiGate port 1 EIP will fail over to the secondary FortiGate in case of failure.

    Port4 elastic IP addresses are not accessible until you form an HA cluster.

Previous
Next