Fortinet white logo
Fortinet white logo

AliCloud Administration Guide

Manual deployment of auto scaling on AliCloud

Manual deployment of auto scaling on AliCloud

Following is a sample configuration for deploying Auto Scaling on AliCloud:

  1. Create a scaling group in the AliCloud console.
  2. Create a scaling configuration in the AliCloud console.
  3. Create scaling rules in the AliCloud console.
  4. Configure a FortiGate-VM in the Auto Scaling group as the primary member.
  5. Scale out a new FortiGate-VM, configure it as a secondary member, and synchronize the configuration from the primary to the secondary FortiGate-VM.
  6. Run diagnose commands to confirm that Auto Scaling is functioning.
To create a scaling group in the AliCloud console:
  1. Log into the AliCloud console.
  2. Go to Auto Scaling > Scaling Groups > Create Scaling Group.
  3. Set the following parameters for the Auto Scaling group:
    1. Scaling Group Name: Enter a name for the scaling group. The sample configuration is named FGT-ASG.
    2. Maximum Instances: Enter the maximum number of instances that can comprise the group. In the sample configuration, four (4) is the maximum number.
    3. Minimum Instances: Enter the minimum number of instances that can comprise the group. In the sample configuration, one (1) is the minimum number.
    4. Instance Configuration Source: Leave at the default value.
    5. Network Type: Leave at the default value, which is VPC.
    6. Select the VPC and VSwitch as desired.

  4. Click OK.
To create a scaling configuration in the AliCloud console:
  1. After creating an Auto Scaling group, AliCloud displays a popup for creating a new scaling configuration before activating Auto Scaling. In the popup, click Create Now.
  2. Select the instance type.
  3. Select the desired FortiGate-VM image.
  4. Ensure that Assign Public IP is selected.
  5. Select the desired security group.
  6. Click Next: System Configurations.

  7. (Optional) set the key pair.

  8. Preview the scaling configuration, then click Create and Enable Configuration.

  9. Go to Auto Scaling > Scaling Groups to ensure that AliCloud has created the Auto Scaling group and that the first FortiGate-VM has been automatically launched under the group.

To create scaling rules in the AliCloud console:
  1. In Auto Scaling > Scaling Groups, click the group name.
  2. Click Scaling Rules from the right-side menu.
  3. In the Create Scaling Rule dialog, enter a scaling rule name.
  4. Configure an action. In the sample configuration, the scaling rule is configured to add one (1) FortiGate-VM instance.
  5. Enter a cool down time, then click Create Scaling Rule. You could also configure another scaling rule which can be executed to remove one (1) FortiGate-VM instance.

To configure a FortiGate-VM in the Auto Scaling group as the primary member:
  1. Log into the FortiGate-VM.
  2. Run the following commands in the CLI to enable Auto Scaling and configure this FortiGate-VM as the primary member of the Auto Scaling group:

    config system auto-scale

    set status enable

    set role master

    set sync-interface "port1"

    set psksecret xxxxxx

    end

To scale out a new FortiGate-VM, configure it as a secondary member, and synchronize the configuration:
  1. In Auto Scaling > Scaling Groups, click the group name, then execute the scaling rule created earlier. AliCloud creates a new FortiGate-VM instance.
  2. Log into the new FortiGate-VM.
  3. Run the following commands in the CLI to enable Auto Scaling and configure this FortiGate-VM as the secondary member of the Auto Scaling group. The master-ip value should be the primary FortiGate-VM's private IP address:

    config system auto-scale

    set status enable

    set role slave

    set sync-interface "port1"

    set master-ip 192.168.1.204

    set psksecret xxxxxx

    end

    The secondary FortiGate-VM is synced with the primary FortiGate-VM. The secondary FortiGate-VM can receive configurations from the primary FortiGate-VM.

To run diagnose commands:

You can run the following diagnose commands to determine if the primary and secondary FortiGate-VMs are able to synchronize configurations:

FortiGate-VM64-ALION~AND # diag deb app hasync -1

slave's configuration is not in sync with master's, sequence:0

slave's configuration is not in sync with master's, sequence:1

slave's configuration is not in sync with master's, sequence:2

slave's configuration is not in sync with master's, sequence:3

slave's configuration is not in sync with master's, sequence:4

slave starts to sync with master

logout all admin users

Manual deployment of auto scaling on AliCloud

Manual deployment of auto scaling on AliCloud

Following is a sample configuration for deploying Auto Scaling on AliCloud:

  1. Create a scaling group in the AliCloud console.
  2. Create a scaling configuration in the AliCloud console.
  3. Create scaling rules in the AliCloud console.
  4. Configure a FortiGate-VM in the Auto Scaling group as the primary member.
  5. Scale out a new FortiGate-VM, configure it as a secondary member, and synchronize the configuration from the primary to the secondary FortiGate-VM.
  6. Run diagnose commands to confirm that Auto Scaling is functioning.
To create a scaling group in the AliCloud console:
  1. Log into the AliCloud console.
  2. Go to Auto Scaling > Scaling Groups > Create Scaling Group.
  3. Set the following parameters for the Auto Scaling group:
    1. Scaling Group Name: Enter a name for the scaling group. The sample configuration is named FGT-ASG.
    2. Maximum Instances: Enter the maximum number of instances that can comprise the group. In the sample configuration, four (4) is the maximum number.
    3. Minimum Instances: Enter the minimum number of instances that can comprise the group. In the sample configuration, one (1) is the minimum number.
    4. Instance Configuration Source: Leave at the default value.
    5. Network Type: Leave at the default value, which is VPC.
    6. Select the VPC and VSwitch as desired.

  4. Click OK.
To create a scaling configuration in the AliCloud console:
  1. After creating an Auto Scaling group, AliCloud displays a popup for creating a new scaling configuration before activating Auto Scaling. In the popup, click Create Now.
  2. Select the instance type.
  3. Select the desired FortiGate-VM image.
  4. Ensure that Assign Public IP is selected.
  5. Select the desired security group.
  6. Click Next: System Configurations.

  7. (Optional) set the key pair.

  8. Preview the scaling configuration, then click Create and Enable Configuration.

  9. Go to Auto Scaling > Scaling Groups to ensure that AliCloud has created the Auto Scaling group and that the first FortiGate-VM has been automatically launched under the group.

To create scaling rules in the AliCloud console:
  1. In Auto Scaling > Scaling Groups, click the group name.
  2. Click Scaling Rules from the right-side menu.
  3. In the Create Scaling Rule dialog, enter a scaling rule name.
  4. Configure an action. In the sample configuration, the scaling rule is configured to add one (1) FortiGate-VM instance.
  5. Enter a cool down time, then click Create Scaling Rule. You could also configure another scaling rule which can be executed to remove one (1) FortiGate-VM instance.

To configure a FortiGate-VM in the Auto Scaling group as the primary member:
  1. Log into the FortiGate-VM.
  2. Run the following commands in the CLI to enable Auto Scaling and configure this FortiGate-VM as the primary member of the Auto Scaling group:

    config system auto-scale

    set status enable

    set role master

    set sync-interface "port1"

    set psksecret xxxxxx

    end

To scale out a new FortiGate-VM, configure it as a secondary member, and synchronize the configuration:
  1. In Auto Scaling > Scaling Groups, click the group name, then execute the scaling rule created earlier. AliCloud creates a new FortiGate-VM instance.
  2. Log into the new FortiGate-VM.
  3. Run the following commands in the CLI to enable Auto Scaling and configure this FortiGate-VM as the secondary member of the Auto Scaling group. The master-ip value should be the primary FortiGate-VM's private IP address:

    config system auto-scale

    set status enable

    set role slave

    set sync-interface "port1"

    set master-ip 192.168.1.204

    set psksecret xxxxxx

    end

    The secondary FortiGate-VM is synced with the primary FortiGate-VM. The secondary FortiGate-VM can receive configurations from the primary FortiGate-VM.

To run diagnose commands:

You can run the following diagnose commands to determine if the primary and secondary FortiGate-VMs are able to synchronize configurations:

FortiGate-VM64-ALION~AND # diag deb app hasync -1

slave's configuration is not in sync with master's, sequence:0

slave's configuration is not in sync with master's, sequence:1

slave's configuration is not in sync with master's, sequence:2

slave's configuration is not in sync with master's, sequence:3

slave's configuration is not in sync with master's, sequence:4

slave starts to sync with master

logout all admin users