Creating FortiProxy-VM instances for HA

Go to the AWS Marketplace’s page for Fortinet FortiProxy-VM Security Web Gateway (BYOL).
Click Continue to Subscribe and then Continue to Configuration.
Click Continue to Configuration.
Select the fulfillment option, version, and region as needed. Note that the region must match your VPC region. Then click Continue to Launch.
Under Choose Action, select Launch through EC2 and click Launch.
In the Name field, specify a name to identify the instance.
In the Instance type field, select an instance type according to your needs.
Under Key pair (login), select an existing key pair or create a new key pair.
Under Network settings, configure the following:
1. Select the VPC that you created earlier.
2. Select the public subnet you created earlier.
3. Disable Auto-assign public IP.
4. Select the security group you created earlier.
Expand the Advanced network configuration section and configure 3 interfaces as follows, each mapping to the public, hasync, and mgmt subnets. Make sure that you select the security group that you created earlier.
The sample deployment uses the following IP addresses for the interfaces:
Interface
Primary IP
First FortiProxy
Second FortiProxy
public/inlet
10.0.1.11
10.0.11.11
hasync
10.0.2.11
10.0.12.11
mngt
10.0.3.11
10.0.13.11
Under Configure storage, configure the storage specifications for the instance according to your needs.
Under Advanced details, configure the options as needed. Specifically, in the User data field, copy the string in the license file (.lic) you obtained during Licensing and paste it here. This ensures that the FortiProxy VM is licensed before you launch it and avoids the need to manually load the license file during your first login.
Click Launch instance at the bottom right corner.
In the instance summary page, verify that Instance state is Running. Note down the instance ID, which will be the default login password of the instance. The default username is admin.
Create an elastic IP.
1. In the menu on the left, select Elastic IPs under Network & Security.
2. Click Allocate Elastic IP address on the top right corner.
3. Enter a key and value. Click Allocate.
Assign the elastic IP to the mgmt interface (port3) of the FortiProxy instance.
1. In the menu on the left, select Network Interfaces under Network & Security.
2. Select the mgmt interface you created earlier and select Actions > Associate address.
3. Select the elastic IP address you created earlier and click Associate.
Now that you have created the first FortiProxy VM instance, repeat the steps above for the second FortiProxy VM (using the subnets of the second availability zone when creating interfaces in step 10) you want to set up in the HA active-active (config-sync) cluster. You can add a maximum of 8 FortiProxy VM instances in the cluster.
Repeat step 15 to create an extra elastic IP address which will be used to associate with the network load balancer in later steps.

Interface	Primary IP
public/inlet	10.0.1.11	10.0.11.11
hasync	10.0.2.11	10.0.12.11
mngt	10.0.3.11	10.0.13.11

Go to the AWS Marketplace’s page for Fortinet FortiProxy-VM Security Web Gateway (BYOL).

Click Continue to Subscribe and then Continue to Configuration.

Click Continue to Configuration.

Select the fulfillment option, version, and region as needed. Note that the region must match your VPC region. Then click Continue to Launch.

Under Choose Action, select Launch through EC2 and click Launch.

In the Name field, specify a name to identify the instance.

In the Instance type field, select an instance type according to your needs.

Under Key pair (login), select an existing key pair or create a new key pair.

Under Network settings, configure the following:

Select the VPC that you created earlier.
Select the public subnet you created earlier.
Disable Auto-assign public IP.
Select the security group you created earlier.

Expand the Advanced network configuration section and configure 3 interfaces as follows, each mapping to the public, hasync, and mgmt subnets. Make sure that you select the security group that you created earlier.

The sample deployment uses the following IP addresses for the interfaces:

Interface	Primary IP
Interface	First FortiProxy	Second FortiProxy
public/inlet	10.0.1.11	10.0.11.11
hasync	10.0.2.11	10.0.12.11
mngt	10.0.3.11	10.0.13.11

Under Configure storage, configure the storage specifications for the instance according to your needs.

Under Advanced details, configure the options as needed. Specifically, in the User data field, copy the string in the license file (.lic) you obtained during Licensing and paste it here. This ensures that the FortiProxy VM is licensed before you launch it and avoids the need to manually load the license file during your first login.

Click Launch instance at the bottom right corner.

In the instance summary page, verify that Instance state is Running. Note down the instance ID, which will be the default login password of the instance. The default username is admin.

Create an elastic IP.

In the menu on the left, select Elastic IPs under Network & Security.
Click Allocate Elastic IP address on the top right corner.
Enter a key and value. Click Allocate.

Assign the elastic IP to the mgmt interface (port3) of the FortiProxy instance.

In the menu on the left, select Network Interfaces under Network & Security.
Select the mgmt interface you created earlier and select Actions > Associate address.
Select the elastic IP address you created earlier and click Associate.

Now that you have created the first FortiProxy VM instance, repeat the steps above for the second FortiProxy VM (using the subnets of the second availability zone when creating interfaces in step 10) you want to set up in the HA active-active (config-sync) cluster. You can add a maximum of 8 FortiProxy VM instances in the cluster.

Repeat step 15 to create an extra elastic IP address which will be used to associate with the network load balancer in later steps.

Cloud Deployment Guide (AWS EC2)

Creating FortiProxy-VM instances for HA

Creating FortiProxy-VM instances for HA

Creating FortiProxy-VM instances for HA