Fortinet Document Library

Version:


Table of Contents

Copy Link

Parameters for existing VPC deployment

Network configuration

Parameter label (name)

Default

Description

VPC ID (VpcId)

Requires input

Select the existing VPC IDs where you want to deploy the ASG and related resources. The VPC must have the option DNS hostnames enabled, and two subnets in different AZs.
VPC CIDR (VPCCIDR) Requires input Enter the CIDR block of the selected VPC.
FortiWeb subnet 1 (PublicSubnet1) Requires input Select a subnet in the VPC.
FortiWeb subnet 2 (PublicSubnet2) Requires input Select another subnet in the VPC. The two subnets should be in different AZs.

FortiWeb-VM configuration

Parameter label (name)

Default

Description

Resource name prefix (CustomIdentifier) fwbASG A custom identifier as resource name prefix. Must be at most ten characters long and only contain uppercase, lowercase letters, and numbers.

FortiWeb version (FortiWebVersionShow)

LATEST

The version of FortiWe-VM.

Instance type (FortiWebInstanceType) c5.large Instance type to launch as FortiWeb-VM on-demand instances. Currently t2.small and c5 instance types are supported. For more information about instance types, see Amazon EC2 Instance Types.
Admin port (FortiWebAdminPort) 8443

A port number for FortiWeb-VM administration.

Select 8443 for HTTPS access or 8080 for HTTP access.

Admin CIDR block (FortiWebAdminCidr) Requires input

CIDR block for external admin management access.

WARNING: 0.0.0.0/0 accepts connections from any IP address. It is recommended to use a constrained CIDR range to reduce the potential of inbound attacks from unknown IP addresses.

Key pair name (KeyPairName) Requires input Amazon EC2 key pair for admin access.

Admin password

(FortiWebAdminPassword)

Requires input

The admin password for FortiWeb-VMs. The password needs to contain lowercase letters, uppercase letters, numbers, and one of these special characters "$@$!%*#?&". The length should be between 8-16.

FortiWeb Elastic IP option(ElasticIPOption)

use an Elastic IP specified below

An Elastic IP can be used to access the master FortiWeb-VM. When the master role is transferred from one instance to another, the EIP will be associated with the new instance at the same time.

You can fill in the existing Elastic IP below, or let us create a new one for you. The default action is to use an existing Elastic IP.

FortiWeb Elastic IP(FortiWebElasticIP)

fwbASG-EIP

Elastic IP address or name, through which you can log in to the master VM. If you use an existing Elastic IP, fill it in here. If you create a new Elastic IP, give it a name so that you can find it easily in the AWS console.

FortiWeb-VM ASG configuration

Parameter label (name)

Default

Description

Instance lifecycle expiry (ExpireLifecycleEntry) 300 FortiWeb-VM instance lifecycle expiry entry (in seconds). Minimum is 60. Maximum is 3,600.
Minimum On-Demand FortiWeb group size (FortiWebAsgMinSizeOnDemand) 2 Minimum number of On-Demand FortiWeb-VM instances in the Auto-Scaling Group. Value should be less than or equal to Desired On-Demand FortiWeb.

Maximum On-Demand FortiWeb group size

(FortiWebAsgMaxSizeOnDemand)

4 Maximum number of On-Demand FortiWeb instances in the Auto-Scaling Group. Maximum is 16. Value should be greater than or equal to Desired On-Demand FortiWeb capacity.
Desired BYOL FortiWeb capacity (FortiWebAsgCapacityBYOL) 2

The number of BYOL FortiWeb instance. For On-demand only case, set this value to 0; For hybrid case, set it to a value >= 1.

Please note that you need to provide an equal number of licenses.

The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16.

Desired On-Demand FortiWeb capacity (FortiWebAsgDesiredCapacityOnDemand)

2

The initial number of On-Demand FortiWeb instance. Value must be between Minimum On-Demand FortiWeb group size and Maximum On-Demand FortiWeb group size. The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16.

Health check grace period (FortiWebAsgHealthCheckGracePeriod) 300 The length of time (in seconds) that auto scaling waits before checking an instance's health status. Minimum is 60.
Scaling cooldown period (FortiWebAsgCooldown) 300 The ASG waits for the cooldown period (in seconds) to complete before resuming scaling activities. Minimum is 60. Maximum is 3,600.

Scale-out threshold (FortiWebAsgScaleOutThreshold)

80

The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale out (add) one instance. Minimum is 1. Maximum is 100. The value should be between Scale-in threshold and 100.

Scale-in threshold (FortiWebAsgScaleInThreshold)

25

The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale in (remove) one instance. Minimum is 1. Maximum is 100. The value should be between 1 and Scale-out threshold.

Healthy threshold (FortiWebElbTgHealthyThreshold)

3

The number of consecutive health check failures required before considering a FortiWeb-VM instance unhealthy. Minimum is three.

Load balancing configuration

Parameter label (name)

Default

Description

LoadBalancer option (LoadBalancingOption)

add a new load balancer

Select add a new load balancer or add an existing load balancer located in the VPC specified above. The load balancer will be used to route traffic to HTTP and HTTPS web services.

  • If you select an existing load balancer, refer to Configuring external ELB to configure its listeners to route HTTP and HTTPS traffic to the HTTP and HTTPS target autoscaling group you have created.
  • If you select add a new load balancer, the required configurations will be automatically set by the template.

ELB DNS name (LoadBalancerDnsName)

(empty)

Leave it empty if you selected add a new load balancer.

If you selected an existing load balancer, enter the DNS name of this load balancer.

HTTP Web service traffic port (BalanceWebTrafficOverPortHTTP) 80 Receive HTTP web service traffic through this port and load balance traffic to FortiWeb. Minimum is 1. Maximum is 65535.
HTTPS Web service traffic port (BalanceWebTrafficOverPortHTTPS) 443 Receive HTTPS web service traffic through this port and load balance traffic to FortiWeb. Minimum is 1. Maximum is 65535.

AWS Quick Start configuration

Parameter label (name)

Default

Description

Quick Start S3 bucket name (QSS3BucketName) N/A

The name of the S3 bucket in which the FortiWeb autoscaling deployment package is stored, for example, aws-quickstart.

Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

Quick Start S3 key prefix (QSS3KeyPrefix) N/A

The path of the FortiWeb autoscaling deployment package in s3, for example: quickstart-fortinet-FortiWeb/.

Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).

Parameters for existing VPC deployment

Network configuration

Parameter label (name)

Default

Description

VPC ID (VpcId)

Requires input

Select the existing VPC IDs where you want to deploy the ASG and related resources. The VPC must have the option DNS hostnames enabled, and two subnets in different AZs.
VPC CIDR (VPCCIDR) Requires input Enter the CIDR block of the selected VPC.
FortiWeb subnet 1 (PublicSubnet1) Requires input Select a subnet in the VPC.
FortiWeb subnet 2 (PublicSubnet2) Requires input Select another subnet in the VPC. The two subnets should be in different AZs.

FortiWeb-VM configuration

Parameter label (name)

Default

Description

Resource name prefix (CustomIdentifier) fwbASG A custom identifier as resource name prefix. Must be at most ten characters long and only contain uppercase, lowercase letters, and numbers.

FortiWeb version (FortiWebVersionShow)

LATEST

The version of FortiWe-VM.

Instance type (FortiWebInstanceType) c5.large Instance type to launch as FortiWeb-VM on-demand instances. Currently t2.small and c5 instance types are supported. For more information about instance types, see Amazon EC2 Instance Types.
Admin port (FortiWebAdminPort) 8443

A port number for FortiWeb-VM administration.

Select 8443 for HTTPS access or 8080 for HTTP access.

Admin CIDR block (FortiWebAdminCidr) Requires input

CIDR block for external admin management access.

WARNING: 0.0.0.0/0 accepts connections from any IP address. It is recommended to use a constrained CIDR range to reduce the potential of inbound attacks from unknown IP addresses.

Key pair name (KeyPairName) Requires input Amazon EC2 key pair for admin access.

Admin password

(FortiWebAdminPassword)

Requires input

The admin password for FortiWeb-VMs. The password needs to contain lowercase letters, uppercase letters, numbers, and one of these special characters "$@$!%*#?&". The length should be between 8-16.

FortiWeb Elastic IP option(ElasticIPOption)

use an Elastic IP specified below

An Elastic IP can be used to access the master FortiWeb-VM. When the master role is transferred from one instance to another, the EIP will be associated with the new instance at the same time.

You can fill in the existing Elastic IP below, or let us create a new one for you. The default action is to use an existing Elastic IP.

FortiWeb Elastic IP(FortiWebElasticIP)

fwbASG-EIP

Elastic IP address or name, through which you can log in to the master VM. If you use an existing Elastic IP, fill it in here. If you create a new Elastic IP, give it a name so that you can find it easily in the AWS console.

FortiWeb-VM ASG configuration

Parameter label (name)

Default

Description

Instance lifecycle expiry (ExpireLifecycleEntry) 300 FortiWeb-VM instance lifecycle expiry entry (in seconds). Minimum is 60. Maximum is 3,600.
Minimum On-Demand FortiWeb group size (FortiWebAsgMinSizeOnDemand) 2 Minimum number of On-Demand FortiWeb-VM instances in the Auto-Scaling Group. Value should be less than or equal to Desired On-Demand FortiWeb.

Maximum On-Demand FortiWeb group size

(FortiWebAsgMaxSizeOnDemand)

4 Maximum number of On-Demand FortiWeb instances in the Auto-Scaling Group. Maximum is 16. Value should be greater than or equal to Desired On-Demand FortiWeb capacity.
Desired BYOL FortiWeb capacity (FortiWebAsgCapacityBYOL) 2

The number of BYOL FortiWeb instance. For On-demand only case, set this value to 0; For hybrid case, set it to a value >= 1.

Please note that you need to provide an equal number of licenses.

The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16.

Desired On-Demand FortiWeb capacity (FortiWebAsgDesiredCapacityOnDemand)

2

The initial number of On-Demand FortiWeb instance. Value must be between Minimum On-Demand FortiWeb group size and Maximum On-Demand FortiWeb group size. The total number of BYOL and On-Demand FortiWeb needs to be less than or equal to 16.

Health check grace period (FortiWebAsgHealthCheckGracePeriod) 300 The length of time (in seconds) that auto scaling waits before checking an instance's health status. Minimum is 60.
Scaling cooldown period (FortiWebAsgCooldown) 300 The ASG waits for the cooldown period (in seconds) to complete before resuming scaling activities. Minimum is 60. Maximum is 3,600.

Scale-out threshold (FortiWebAsgScaleOutThreshold)

80

The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale out (add) one instance. Minimum is 1. Maximum is 100. The value should be between Scale-in threshold and 100.

Scale-in threshold (FortiWebAsgScaleInThreshold)

25

The average CPU threshold (in percentage) for the FortiWeb-VM ASG to scale in (remove) one instance. Minimum is 1. Maximum is 100. The value should be between 1 and Scale-out threshold.

Healthy threshold (FortiWebElbTgHealthyThreshold)

3

The number of consecutive health check failures required before considering a FortiWeb-VM instance unhealthy. Minimum is three.

Load balancing configuration

Parameter label (name)

Default

Description

LoadBalancer option (LoadBalancingOption)

add a new load balancer

Select add a new load balancer or add an existing load balancer located in the VPC specified above. The load balancer will be used to route traffic to HTTP and HTTPS web services.

  • If you select an existing load balancer, refer to Configuring external ELB to configure its listeners to route HTTP and HTTPS traffic to the HTTP and HTTPS target autoscaling group you have created.
  • If you select add a new load balancer, the required configurations will be automatically set by the template.

ELB DNS name (LoadBalancerDnsName)

(empty)

Leave it empty if you selected add a new load balancer.

If you selected an existing load balancer, enter the DNS name of this load balancer.

HTTP Web service traffic port (BalanceWebTrafficOverPortHTTP) 80 Receive HTTP web service traffic through this port and load balance traffic to FortiWeb. Minimum is 1. Maximum is 65535.
HTTPS Web service traffic port (BalanceWebTrafficOverPortHTTPS) 443 Receive HTTPS web service traffic through this port and load balance traffic to FortiWeb. Minimum is 1. Maximum is 65535.

AWS Quick Start configuration

Parameter label (name)

Default

Description

Quick Start S3 bucket name (QSS3BucketName) N/A

The name of the S3 bucket in which the FortiWeb autoscaling deployment package is stored, for example, aws-quickstart.

Quick Start bucket name can include numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

Quick Start S3 key prefix (QSS3KeyPrefix) N/A

The path of the FortiWeb autoscaling deployment package in s3, for example: quickstart-fortinet-FortiWeb/.

Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), and forward slash (/).