Setting up a virtual private cloud (VPC) for HA

Assuming this is a new environment, the first step is to set up a virtual private cloud (VPC) with three subnets:

Create a VPC:
1. Log in to the AWS Management Console and click VPC in the homepage.
2. Click Create VPC at the top left corner.
3. Configure the VPC:
  1. In the Resources to create field, select VPC only.
  2. In the Name tag field, set the VPC name.
  3. In the CIDR block field, specify an IPv4 address range for your VPC. This sample deploymen uses10.0.0.0/16.
  4. In the Tenancy field, select Default.
  5. Click Create VPC at the bottom right corner.

Create a security group, which is a set of firewall rules that control the traffic for your VM instances within a VPC.

While each VPC includes a default security group to protect instances in it, Fortinet recommends that you create a new security group with inbound rules to allow traffic to flow on the specified ports.

Under the Security menu on the left, select Security groups.
Click Create security group.
In the window that appears, configure the following options:
1. Specify a name to identify the security group.
2. Select the VPC you created earlier.
3. Add an inbound rule and define the allowed IP and ports for ingress traffic. For example, ICMP and TCP/80/443/22/8080/21 (for HTTP, HTTPS, SSH access, default explicit web proxy, and FTP/FTP proxy, respectively).
4. Configure the destination of the existing outbound rule to meet your needs or add a new rule to define the allowed IP and ports for engress traffic. For example, ICMP and TCP/80/443/22/8080/21 (for HTTP, HTTPS, SSH access, default explicit web proxy, and FTP/FTP proxy, respectively).
5. Click Create security group.

Create an Internet Gateway and attach it to the VPC:
1. In the Virtual Private Cloud menu on the left, select Internet Gateways.
2. Click Create Internet Gateway at the top right corner.
3. In the Name tag field, set the Internet gateway name, then click Create internet gateway.
4. At the top right corner, click Attach to a VPC or Actions > Attach to VPC.
5. Select the VPC that you created and click Attach internet gateway.
  Verify that the Internet gateway state changes from Detached to Attached.

Create 3 subnets for the VPC. One for public traffic, one for HA synchronization, and one for HA management.

In the Virtual Private Cloud menu on the left, select Subnets.
Click Create subnet.

Specify the following settings for the subnet.

Select the VPC you created earlier.
Specify a name for the subnet. Differentiate the subnets by naming them by the functionality. For example:
- public—For external and internal data traffic.
- hasync—For heartbeat traffic between the two HA members. This is unicast communication.
- mgmt—For dedicated HA management.
Select an availability zone if needed.

Specify the IPv4 subnet CIDR block, which should be a subnet of the VPC. The following is a sample deployment:

Subnet	IPv4 subnet CIDR block
public	10.0.1.0/24
hasync	10.0.2.0/24
mngt	10.0.3.0/24

Click Create subnet.

Repeat the steps above for the remaining 2 subnets.

Create and configure a route table for the VPC:
1. In the Virtual Private Cloud menu on the left, select Route tables.
2. Click Create route table.
3. Specify a name to identify the route table and select the VPC you created earlier. Click Create route table.
4. On the route table details page, click Actions > Edit subnet associations.
5. Select the public and mgmt subnets and click Save associations.
6. Configure the external default route to the Internet Gateway you created earlier:
  1. On the route table details page, click Actions > Edit routes.
  2. Click Add route.
  3. Configure the route to the Internet Gateway you created earlier:
    1. In the Destination field, select 0.0.0.0/0.
    2. In the Target field, select Internet Gateway and then select the Internet Gateway you created earlier.
    3. Click Save changes.

Setting up a virtual private cloud (VPC) for HA

Assuming this is a new environment, the first step is to set up a virtual private cloud (VPC) with three subnets:

Create a VPC:

Log in to the AWS Management Console and click VPC in the homepage.
Click Create VPC at the top left corner.
Configure the VPC:
1. In the Resources to create field, select VPC only.
2. In the Name tag field, set the VPC name.
3. In the CIDR block field, specify an IPv4 address range for your VPC. This sample deploymen uses10.0.0.0/16.
4. In the Tenancy field, select Default.
5. Click Create VPC at the bottom right corner.

Create a security group, which is a set of firewall rules that control the traffic for your VM instances within a VPC.

Under the Security menu on the left, select Security groups.
Click Create security group.
In the window that appears, configure the following options:
1. Specify a name to identify the security group.
2. Select the VPC you created earlier.
3. Add an inbound rule and define the allowed IP and ports for ingress traffic. For example, ICMP and TCP/80/443/22/8080/21 (for HTTP, HTTPS, SSH access, default explicit web proxy, and FTP/FTP proxy, respectively).
4. Configure the destination of the existing outbound rule to meet your needs or add a new rule to define the allowed IP and ports for engress traffic. For example, ICMP and TCP/80/443/22/8080/21 (for HTTP, HTTPS, SSH access, default explicit web proxy, and FTP/FTP proxy, respectively).
5. Click Create security group.

Create an Internet Gateway and attach it to the VPC:

In the Virtual Private Cloud menu on the left, select Internet Gateways.
Click Create Internet Gateway at the top right corner.
In the Name tag field, set the Internet gateway name, then click Create internet gateway.
At the top right corner, click Attach to a VPC or Actions > Attach to VPC.
Select the VPC that you created and click Attach internet gateway.
Verify that the Internet gateway state changes from Detached to Attached.

Create 3 subnets for the VPC. One for public traffic, one for HA synchronization, and one for HA management.

In the Virtual Private Cloud menu on the left, select Subnets.
Click Create subnet.

Specify the following settings for the subnet.

Select the VPC you created earlier.
Specify a name for the subnet. Differentiate the subnets by naming them by the functionality. For example:
- public—For external and internal data traffic.
- hasync—For heartbeat traffic between the two HA members. This is unicast communication.
- mgmt—For dedicated HA management.
Select an availability zone if needed.

Specify the IPv4 subnet CIDR block, which should be a subnet of the VPC. The following is a sample deployment:

Subnet	IPv4 subnet CIDR block
public	10.0.1.0/24
hasync	10.0.2.0/24
mngt	10.0.3.0/24

Click Create subnet.

Repeat the steps above for the remaining 2 subnets.

Create and configure a route table for the VPC:

In the Virtual Private Cloud menu on the left, select Route tables.
Click Create route table.
Specify a name to identify the route table and select the VPC you created earlier. Click Create route table.
On the route table details page, click Actions > Edit subnet associations.
Select the public and mgmt subnets and click Save associations.
Configure the external default route to the Internet Gateway you created earlier:
1. On the route table details page, click Actions > Edit routes.
2. Click Add route.
3. Configure the route to the Internet Gateway you created earlier:
  1. In the Destination field, select 0.0.0.0/0.
  2. In the Target field, select Internet Gateway and then select the Internet Gateway you created earlier.
  3. Click Save changes.

Cloud Deployment Guide (AWS EC2)

Setting up a virtual private cloud (VPC) for HA

Setting up a virtual private cloud (VPC) for HA

Setting up a virtual private cloud (VPC) for HA