You can deploy FortiWeb-VM HA (High Availability) on AWS. This requires a manual deployment incorporating CFT.
FortiWeb HA supports three modes including active-active HA, standard active-active HA and high volume active-active HA. In the HA group, one of the member instances will be selected as the master node, while the others are slaves. If the master node fails, the slave takes over as the master. The FortiWeb-VMs run heartbeats between dedicated UDP-tunnel and synchronize the master node’s configuration to all the members in the HA group. For information on the three HA modes, see FortiWeb high availability (HA) in FortiWeb Administration Guide.
In standard active-active and high volume active-active HA modes, all the instances in the HA group process traffic. We use an external ELB (Elastic load balancer) to distribute traffic to all the HA members. If an instance is down, it will be ignored by the load balancer for traffic distribution. If the failed instances is the master node, one of the slave instances immediately takes its role to become the new master.
In active-passive mode, only the master instance processes traffic. we associate an EIP (Elastic IP address) to the master instance. When the master node fails, the slave immediately takes the master role and processes traffic. The EIP is switched to the new master.
The following resources will be created in the deployment process:
- A highly available architecture that spans two AZs.
- A VPC configured with public subnets.
- An Internet gateway to allow access to the Internet.
- AWS security groups.
- An externally facing network load balancer to distribute traffic when the HA mode is standard active-active or high volume active-active.
- FortiWeb instances.
- AWS S3 bucket to store valid licenses for HA members when the image type is BYOL.
- An EIP to associate with the master node when the HA mode is active-passive.