Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Verifying the deployment

FortiGate Autoscale for AWS creates an Auto Scaling group with lifecycle events attached to the group. Verify the following components:

To verify the Auto Scaling group:
  1. In the AWS console, select the Services > Management & Governance > CloudFormation.
  2. On the top right, choose the AWS region where you deployed the template.
  3. In the Filter box, enter the Stack name you entered in the Specify Details page of the section CFT parameters.

    Filter on stack name

  4. Look for the stack which has a Description starting with “FortiGate Autoscale Solution (Existing VPC)”. Click the Stack Name for that stack.

    Locate stack

  5. Under Resources, search for the resource with a Logical ID of “FortiGateScalingGroup”. The Physical ID for this resource is a link to the Auto Scaling group. You will need this link to connect to the FortiGate in the section Connecting to the master FortiGate instance.

    Stack resources

  6. Click on that link.
  7. Check that the number in the Instances column is equal to or greater than the Desired Capacity you specified.
  8. In the lower pane, click on the Instances tab and check that the Lifecycle of each instance is “InService”.
To verify the master election:
  1. Look up the DynamoDB table CustomIdentifier-FortiGateMasterElection-UniqueID.
    • CustomIdentifier refers to the template parameter Resource name prefix you specified when filling out the CFT parameters.
    • UniqueID refers to a random string automatically generated during the deployment.
    • Both are found on the Outputs tab of the stack you located in step 4 when verifying the Auto Scaling group .

      Outputs tab

  2. Click the Items tab and double-click the master record.

    Items tab

In the master record,

  • instanceId is the instance ID of the master instance of the Auto Scaling group. You will need the instance ID to connect to the FortiGate-VM in the section Connecting to the master FortiGate instance.
  • ip refers to its primary private IP address.
  • subnetId is the ID of the subnet in which the master FortiGate is located.
  • voteState is the state of the voting process.
    • pending: election of the master instance is still in progress.
    • done: the master election process is done.
  • vpcId is the ID of the VPC in which the master FortiGate instance is located.

The master election has been completed when the voteState is done.

Resources

Verifying the deployment

FortiGate Autoscale for AWS creates an Auto Scaling group with lifecycle events attached to the group. Verify the following components:

To verify the Auto Scaling group:
  1. In the AWS console, select the Services > Management & Governance > CloudFormation.
  2. On the top right, choose the AWS region where you deployed the template.
  3. In the Filter box, enter the Stack name you entered in the Specify Details page of the section CFT parameters.

    Filter on stack name

  4. Look for the stack which has a Description starting with “FortiGate Autoscale Solution (Existing VPC)”. Click the Stack Name for that stack.

    Locate stack

  5. Under Resources, search for the resource with a Logical ID of “FortiGateScalingGroup”. The Physical ID for this resource is a link to the Auto Scaling group. You will need this link to connect to the FortiGate in the section Connecting to the master FortiGate instance.

    Stack resources

  6. Click on that link.
  7. Check that the number in the Instances column is equal to or greater than the Desired Capacity you specified.
  8. In the lower pane, click on the Instances tab and check that the Lifecycle of each instance is “InService”.
To verify the master election:
  1. Look up the DynamoDB table CustomIdentifier-FortiGateMasterElection-UniqueID.
    • CustomIdentifier refers to the template parameter Resource name prefix you specified when filling out the CFT parameters.
    • UniqueID refers to a random string automatically generated during the deployment.
    • Both are found on the Outputs tab of the stack you located in step 4 when verifying the Auto Scaling group .

      Outputs tab

  2. Click the Items tab and double-click the master record.

    Items tab

In the master record,

  • instanceId is the instance ID of the master instance of the Auto Scaling group. You will need the instance ID to connect to the FortiGate-VM in the section Connecting to the master FortiGate instance.
  • ip refers to its primary private IP address.
  • subnetId is the ID of the subnet in which the master FortiGate is located.
  • voteState is the state of the voting process.
    • pending: election of the master instance is still in progress.
    • done: the master election process is done.
  • vpcId is the ID of the VPC in which the master FortiGate instance is located.

The master election has been completed when the voteState is done.