Fortinet black logo

AWS Administration Guide

Home FortiGate Public Cloud 7.4.0 AWS Administration Guide

Creating the GWLB and registering targets

7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 94c869ba-eb59-11ed-8e6d-fa163e15d75b:249812
Download PDF

Creating the GWLB and registering targets

For this deployment, you create the GWLB in the security subnet.

To create the GWLB and register targets:
  1. Go to Compute > EC2 Dashboard > Load Balancing > Load Balancers.
  2. Click Create Load Balancer, then Gateway Load Balancer.
  3. Configure the GWLB:
    1. From the IP address type dropdown list, select ipv4.
    2. From the VPC dropdown list, select the security VPC, where the FortiGate is deployed.
    3. From the Availability Zones dropdown list, select the AZ and subnet where the FortiGate is deployed. This example selects the private subnets for the respective AZs where the FortiGate port2 is mapped to. In this example, you can enable multiple VDOMs (only available on BYOL instances) or split-task VDOMs (available on BYOL and on-demand instances), and port2 is mapped to the traffic-handling VDOM. You then create the Geneve interface on port2 to handle the traffic that has been redirected via the GWLB. See Post-deployment configuration.

  4. Configure routing:
    1. From the Target group dropdown list, create a new target group with the desired name.
    2. For Target type, select IP.
    3. Ensure that Protocol:Port displays as GENEVE: 6081.
    4. From the Protocol dropdown list, select HTTPS.
    5. From the Port dropdown list, select the desired port. This example uses port 443. Ensure that your security group configuration allows traffic on that port.
  5. Register the targets:
    1. In the IP field, enter the FortiGate IP address. In this example, you would enter the FortiGate port2 IP address.
    2. Click Add to list, then Next.
    3. Click Review and Create.
  6. Ensure that cross-zone LB is enabled:
    1. Go to Compute > EC2 Dashboard > Load Balancing > Load Balancers.
    2. Select the newly created LB.
    3. On the Description tab, ensure that cross-zone LB is enabled.
Previous
Next

Creating the GWLB and registering targets

For this deployment, you create the GWLB in the security subnet.

To create the GWLB and register targets:
  1. Go to Compute > EC2 Dashboard > Load Balancing > Load Balancers.
  2. Click Create Load Balancer, then Gateway Load Balancer.
  3. Configure the GWLB:
    1. From the IP address type dropdown list, select ipv4.
    2. From the VPC dropdown list, select the security VPC, where the FortiGate is deployed.
    3. From the Availability Zones dropdown list, select the AZ and subnet where the FortiGate is deployed. This example selects the private subnets for the respective AZs where the FortiGate port2 is mapped to. In this example, you can enable multiple VDOMs (only available on BYOL instances) or split-task VDOMs (available on BYOL and on-demand instances), and port2 is mapped to the traffic-handling VDOM. You then create the Geneve interface on port2 to handle the traffic that has been redirected via the GWLB. See Post-deployment configuration.

  4. Configure routing:
    1. From the Target group dropdown list, create a new target group with the desired name.
    2. For Target type, select IP.
    3. Ensure that Protocol:Port displays as GENEVE: 6081.
    4. From the Protocol dropdown list, select HTTPS.
    5. From the Port dropdown list, select the desired port. This example uses port 443. Ensure that your security group configuration allows traffic on that port.
  5. Register the targets:
    1. In the IP field, enter the FortiGate IP address. In this example, you would enter the FortiGate port2 IP address.
    2. Click Add to list, then Next.
    3. Click Review and Create.
  6. Ensure that cross-zone LB is enabled:
    1. Go to Compute > EC2 Dashboard > Load Balancing > Load Balancers.
    2. Select the newly created LB.
    3. On the Description tab, ensure that cross-zone LB is enabled.
Previous
Next