Fortinet black logo

AWS Administration Guide

Home FortiGate Public Cloud 7.4.0 AWS Administration Guide

Subscribing to the FortiGate

7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 94c869ba-eb59-11ed-8e6d-fa163e15d75b:764350
Download PDF

Subscribing to the FortiGate

Caution

Downgrading to a previous GA version that does not support UEFI boot mode when using a UEFI-enabled FortiGate instance is not supported. FortiOS 7.4 supports UEFI boot mode.
To subscribe to the FortiGate:
  1. Go to the AWS Marketplace’s page for Fortinet FortiGate-VM (BYOL) or FortiGate-VM (on-demand). Select Continue.
  2. Select Manual Launch.
  3. Select Launch with EC2 Console beside the region you want to launch.
  4. Select an instance type, then select Next: Configure Instance Details.
  5. Configure instance details:
    1. In the Network field, select the VPC that you created.
    2. In the Subnet field, select the public subnet.
    3. In the Network interfaces section, you see the entry for eth0 that was created for the public subnet. Select Add Device to add another network interface (in this example, eth1), and select the private subnet. Assigning static IP addresses is recommended.
    4. When you have two network interfaces, an elastic IP address (EIP) is not assigned automatically. You must manually assign one later. Select Review and Launch, then select Launch.
  6. Select an existing key pair or create a new key pair. Select the acknowledgment checkbox. Select Launch Instances.
  7. To easily identify the instance, set a name for it in the Name field.
  8. On-demand FortiGate-VMs require connectivity to FortiCare to obtain a valid license. Without connectivity to FortiCare, the FortiGate-VM shuts down for self-protection. Ensure the following:
    1. Outgoing connectivity to https://directregistration.fortinet.com:443 is allowed in security groups and ACLs.
    2. You have assigned a public IP address (default or EIP). If you have not enabled a public address during instance creation, follow the remaining steps to assign an EIP and bring up the FortiGate-VM again.
  9. Configure an EIP:
    1. In the Network & Security menu, select Elastic IPs, then select one that is available for you to use or create one. Select Actions > Associate Address. If you do not have one available to use, create one.

    2. In the Resource type section, select Network Interface.
    3. In the Network interface field, select the interface ID of the network interface that you created for the public subnet (in this example, eth0). In the Private IP field, select the IP address that belongs to the public subnet. To find these values, go to the EC2 Management Console, select Instances, and select the interface in the Network interfaces section in the lower pane of the page (Interface ID and Private IP Address fields). Select Associate. A message displays indicating the address association succeeded. If the Internet gateway is not associated with a VPC, the EIP assignment fails.

Previous
Next

Subscribing to the FortiGate

Caution

Downgrading to a previous GA version that does not support UEFI boot mode when using a UEFI-enabled FortiGate instance is not supported. FortiOS 7.4 supports UEFI boot mode.
To subscribe to the FortiGate:
  1. Go to the AWS Marketplace’s page for Fortinet FortiGate-VM (BYOL) or FortiGate-VM (on-demand). Select Continue.
  2. Select Manual Launch.
  3. Select Launch with EC2 Console beside the region you want to launch.
  4. Select an instance type, then select Next: Configure Instance Details.
  5. Configure instance details:
    1. In the Network field, select the VPC that you created.
    2. In the Subnet field, select the public subnet.
    3. In the Network interfaces section, you see the entry for eth0 that was created for the public subnet. Select Add Device to add another network interface (in this example, eth1), and select the private subnet. Assigning static IP addresses is recommended.
    4. When you have two network interfaces, an elastic IP address (EIP) is not assigned automatically. You must manually assign one later. Select Review and Launch, then select Launch.
  6. Select an existing key pair or create a new key pair. Select the acknowledgment checkbox. Select Launch Instances.
  7. To easily identify the instance, set a name for it in the Name field.
  8. On-demand FortiGate-VMs require connectivity to FortiCare to obtain a valid license. Without connectivity to FortiCare, the FortiGate-VM shuts down for self-protection. Ensure the following:
    1. Outgoing connectivity to https://directregistration.fortinet.com:443 is allowed in security groups and ACLs.
    2. You have assigned a public IP address (default or EIP). If you have not enabled a public address during instance creation, follow the remaining steps to assign an EIP and bring up the FortiGate-VM again.
  9. Configure an EIP:
    1. In the Network & Security menu, select Elastic IPs, then select one that is available for you to use or create one. Select Actions > Associate Address. If you do not have one available to use, create one.

    2. In the Resource type section, select Network Interface.
    3. In the Network interface field, select the interface ID of the network interface that you created for the public subnet (in this example, eth0). In the Private IP field, select the IP address that belongs to the public subnet. To find these values, go to the EC2 Management Console, select Instances, and select the interface in the Network interfaces section in the lower pane of the page (Interface ID and Private IP Address fields). Select Associate. A message displays indicating the address association succeeded. If the Internet gateway is not associated with a VPC, the EIP assignment fails.

Previous
Next