Creating the GWLB and registering targets
Creating the GWLB and registering targets
To create the GWLB and register targets:
- Go to Compute > EC2 Dashboard > Load Balancing > Load Balancers.
- Click Create Load Balancer, then Gateway Load Balancer.
- Configure the gateway load balancer (GWLB):
- From the IP address type dropdown list, select ipv4.
- From the VPC dropdown list, select the security VPC, where the FortiGate is deployed.
- From the Availability Zones dropdown list, select the AZ and subnet where the FortiGate is deployed. This example selects the private subnet where the FortiGate port2 is mapped to. In this example, you can enable multiple VDOMs (only available on BYOL instances) or split-task VDOMs (available on BYOL and on-demand instances), and port2 is mapped to the traffic-handling VDOM. You then create the Geneve interface on port2 to handle the traffic that has been redirected via the GWLB. See Post-deployment configuration
.
- Under IP Listeners Routing, click Create Target Group to configure a target group:
- For Target Type, select IP Address.
- In the Target Group Name field, enter the desired name.
- For Protocol, select GENEVE.
- In the Port field, enter 6081.
- For VPC, select the VPC where you have deployed or will deploy the GWLB. In this example, the desired VPC is the security VPC.
- Under Health Checks, configure the following:
- For Protocol, select TCP.
- Override the Advanced Health Check Settings > Port setting to 443.
- Register the targets during target group creation:
- In the IP field, enter the FortiGate IP address. In this example, you would enter the FortiGate port2 IP address.
- Click Include as pending below.
- Click Create Target Group.
- Ensure that cross-zone LB is enabled:
- Go to Compute > EC2 Dashboard > Load Balancing > Load Balancers.
- Select the newly created LB.
- On the Attributes tab, edit the attributes and ensure that cross-zone LB is enabled.
Creating the GWLB and registering targets
To create the GWLB and register targets:
- Go to Compute > EC2 Dashboard > Load Balancing > Load Balancers.
- Click Create Load Balancer, then Gateway Load Balancer.
- Configure the gateway load balancer (GWLB):
- From the IP address type dropdown list, select ipv4.
- From the VPC dropdown list, select the security VPC, where the FortiGate is deployed.
- From the Availability Zones dropdown list, select the AZ and subnet where the FortiGate is deployed. This example selects the private subnet where the FortiGate port2 is mapped to. In this example, you can enable multiple VDOMs (only available on BYOL instances) or split-task VDOMs (available on BYOL and on-demand instances), and port2 is mapped to the traffic-handling VDOM. You then create the Geneve interface on port2 to handle the traffic that has been redirected via the GWLB. See Post-deployment configuration
.
- Under IP Listeners Routing, click Create Target Group to configure a target group:
- For Target Type, select IP Address.
- In the Target Group Name field, enter the desired name.
- For Protocol, select GENEVE.
- In the Port field, enter 6081.
- For VPC, select the VPC where you have deployed or will deploy the GWLB. In this example, the desired VPC is the security VPC.
- Under Health Checks, configure the following:
- For Protocol, select TCP.
- Override the Advanced Health Check Settings > Port setting to 443.
- Register the targets during target group creation:
- In the IP field, enter the FortiGate IP address. In this example, you would enter the FortiGate port2 IP address.
- Click Include as pending below.
- Click Create Target Group.
- Ensure that cross-zone LB is enabled:
- Go to Compute > EC2 Dashboard > Load Balancing > Load Balancers.
- Select the newly created LB.
- On the Attributes tab, edit the attributes and ensure that cross-zone LB is enabled.
