Parameters for new VPC deployment
Network configuration
Parameter label (name) |
Default |
Description |
---|---|---|
Availability Zones (AvailabilityZones) |
Requires input |
Select the AZs to use for the subnets in the VPC. It required to select two AZs. |
VPC CIDR (VPCCIDR) |
10.0.0.0/16 |
The CIDR block for the VPC. |
Public subnet 1 CIDR (PublicSubnet1CIDR) |
10.0.0.0/24 |
The CIDR block for the subnet located in AZ 1. |
Public subnet 2 CIDR (PublicSubnet2CIDR) |
10.0.2.0/24 |
The CIDR block for the subnet located in AZ 2. |
FortiWeb configuration
Parameter label (name) |
Default |
Description |
---|---|---|
Resource name prefix (CustomIdentifier) | fwbASG | A custom identifier as resource name prefix. Must be at most ten characters long and only contain uppercase, lowercase letters, and numbers. |
FortiWeb version (FortiWebVersionShow) |
LATEST |
The version of FortiWe-VM. |
Instance type (FortiWebInstanceType) | c5.large | Instance type to launch as FortiWeb-VM on-demand instances. For more information about instance types, see Amazon EC2 Instance Types. |
Admin port (FortiWebAdminPort) | 8443 |
A port number for FortiWeb-VM administration. Select 8443 for HTTPS access or 8080 for HTTP access. |
Admin CIDR block (FortiWebAdminCidr) | Requires input |
CIDR block for external admin management access. WARNING: 0.0.0.0/0 accepts connections from any IP address. It is recommend to use a constrained CIDR range to reduce the potential of inbound attacks from unknown IP addresses. |
Key pair name (KeyPairName) | Requires input | Amazon EC2 key pair for admin access. |
Admin password (FortiWebAdminPassword) |
Requires input |
The admin password for FortiWeb-VMs. The password needs to contain lowercase letters, uppercase letters, numbers, and one of these special characters "$@$!%*#?&". The length should be between 8-16. |
FortiWeb Elastic IP option(ElasticIPOption) |
use an Elastic IP specified below |
An Elastic IP can be used to access the master FortiWeb-VM. When the master role is transferred from one instance to another, the EIP will be associated with the new instance at the same time. You can fill in the existing Elastic IP below, or let us create a new one for you. The default action is to use an existing Elastic IP. |
FortiWeb Elastic IP(FortiWebElasticIP) |
fwbASG-EIP |
Specify the Elastic IP address or name, through which you can manage FortiWeb. If you use an existing Elastic IP, fill it in here. If you create a new Elastic IP, give it a name so that you can find it easily in the AWS console. |
FortiWeb-VM ASG configuration
Parameter label (name) |
Default |
Description |
---|---|---|
Instance lifecycle expiry (ExpireLifecycleEntry) | 300 | FortiWeb-VM instance lifecycle expiry entry (in seconds). Minimum is 60. Maximum is 3,600. |
Minimum On-Demand FortiWeb group size (FortiWebAsgMinSizeOnDemand) | 2 | Minimum number of On-Demand FortiWeb-VM instances in the Auto-Scaling Group. Value should be less than or equal to Desired On-Demand FortiWeb. |
Maximum On-Demand FortiWeb group size (FortiWebAsgMaxSizeOnDemand) |
4 | Maximum number of On-Demand FortiWeb instances in the Auto-Scaling Group. Maximum is 16. Value should be greater than or equal to Desired On-Demand FortiWeb capacity. |
Desired BYOL FortiWeb capacity (FortiWebAsgCapacityBYOL) | 2 |
The number of BYOL FortiWeb instance. For On-demand only case, set this value to 0; For hybrid case, set it to a value >= 1. Please note that you need to provide an equal number of licenses. The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16. |
Desired On-Demand FortiWeb capacity (FortiWebAsgDesiredCapacityOnDemand) |
2 |
The initial number of On-Demand FortiWeb instance. Value must be between Minimum On-Demand FortiWeb group size and Maximum On-Demand FortiWeb group size. The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16. |
Health check grace period (FortiWebAsgHealthCheckGracePeriod) | 300 | The length of time (in seconds) that auto scaling waits before checking an instance's health status. Minimum is 60. |
Scaling cooldown period (FortiWebAsgCooldown) | 300 | The ASG waits for the cooldown period (in seconds) to complete before resuming scaling activities. Minimum is 60. Maximum is 3,600. |
Scale-out threshold (FortiWebAsgScaleOutThreshold) |
80 |
The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale out (add) one instance. Minimum is 1. Maximum is 100. The value should be between Scale-in threshold and 100. |
Scale-in threshold (FortiWebAsgScaleInThreshold) |
25 |
The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale in (remove) one instance. Minimum is 1. Maximum is 100. The value should be between 1 and Scale-out threshold. |
Healthy threshold (FortiWebElbTgHealthyThreshold) |
3 |
The number of consecutive health check failures required before considering a FortiWeb-VM instance unhealthy. Minimum is three. |
Load balancing configuration
Parameter label (name) |
Default |
Description |
---|---|---|
LoadBalancer option (LoadBalancingOption) |
add a new load balancer |
Select add a new load balancer. It will be used to route traffic to HTTP and HTTPS web services. The required configurations of this load balancer will be automatically set by the template. |
ELB DNS name (LoadBalancerDnsName) |
(empty) |
Leave it empty. This option is not necessary if you selected add a new load balancer. It will be automatically configured by the template. |
HTTP Web service traffic port (BalanceWebTrafficOverPortHTTP) | 80 | Receive HTTP web service traffic through this port and load balance traffic to this port of FortiWeb. Minimum is 1. Maximum is 65535. |
HTTPS Web service traffic port (BalanceWebTrafficOverPortHTTPS) | 443 | Receive HTTPS web service traffic through this port and load balance traffic to this port of FortiWeb. Minimum is 1. Maximum is 65535. |
AWS Quick Start configuration
Parameter label (name) |
Default |
Description |
---|---|---|
Quick Start S3 bucket name (QSS3BucketName) | Requires input |
The name of the S3 bucket in which the FortiWeb autoscaling deployment package is stored, for example, aws-quickstart. Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-). |
Quick Start S3 key prefix (QSS3KeyPrefix) | Requires input |
The path of the FortiWeb autoscaling deployment package in s3, for example: quickstart-fortinet-FortiWeb/. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/). |