Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Verifying the deployment

FortiGate Autoscale for AWS without Transit Gateway integration creates an Auto Scaling group with lifecycle events attached to the group. Verify the following components:

To verify the Auto Scaling group:
  1. In the AWS console, select the Services > Compute > EC2.
  2. In the left navigation tree, click INSTANCES > Instances.
  3. Click the filter box and select Tag Keys > ResourceGroup.
  4. Select your ResourceTagPrefix from the list of Tag Keys.
  5. Instances will be listed along with a status. Confirm that the Instance Status for each instance is running.

    Instances

  6. In the left navigation tree, click AUTO SCALING > Auto Scaling Groups.
  7. Click the filter box and look up the Auto Scaling group using the ResourceTagPrefix.
  8. The number of Auto Scaling groups listed is based on your implementation. The image below shows two Auto Scaling groups, one for BYOL instances, and one for PAYG instances. Confirm that the number in the Instances column is equal to or greater than the Desired Capacity you specified.

    Auto Scaling group

  9. For each Auto Scaling group, select the check box to left of the Name, and then click the Instances tab in the lower pane and confirm that the Lifecycle of each instance is InService.

    Auto Scaling group

To verify the master election:
  1. Look up the DynamoDB table <ResourceTagPrefix>-FortiGateMasterElection as described in the section Locating deployed resources.
  2. Select the <ResourceTagPrefix>-FortiGateMasterElection table.
  3. In the right hand pane, select the Items tab.
  4. The master record will be the only item listed. Click the master record.

Items tab

In the master record,

  • instanceId is the instance ID of the master instance.
  • ip refers to its primary private IP address.
  • subnetId is the ID of the subnet in which the master FortiGate-VM is located.
  • voteState is the state of the voting process.
    • pending: election of the master instance is still in progress.
    • done: the master election process is done.
  • vpcId is the ID of the VPC in which the master FortiGate-VM instance is located.

The master record will look as follows:

Master record

The master election has been completed when the voteState is done.

Note

Make note of the instanceID, as you will need it to connect to the FortiGate-VM in the section Connecting to the master FortiGate-VM instance.

If you have both BYOL and PAYG instances, you will also need the scalingGroupName to locate the master instance.

Resources

Verifying the deployment

FortiGate Autoscale for AWS without Transit Gateway integration creates an Auto Scaling group with lifecycle events attached to the group. Verify the following components:

To verify the Auto Scaling group:
  1. In the AWS console, select the Services > Compute > EC2.
  2. In the left navigation tree, click INSTANCES > Instances.
  3. Click the filter box and select Tag Keys > ResourceGroup.
  4. Select your ResourceTagPrefix from the list of Tag Keys.
  5. Instances will be listed along with a status. Confirm that the Instance Status for each instance is running.

    Instances

  6. In the left navigation tree, click AUTO SCALING > Auto Scaling Groups.
  7. Click the filter box and look up the Auto Scaling group using the ResourceTagPrefix.
  8. The number of Auto Scaling groups listed is based on your implementation. The image below shows two Auto Scaling groups, one for BYOL instances, and one for PAYG instances. Confirm that the number in the Instances column is equal to or greater than the Desired Capacity you specified.

    Auto Scaling group

  9. For each Auto Scaling group, select the check box to left of the Name, and then click the Instances tab in the lower pane and confirm that the Lifecycle of each instance is InService.

    Auto Scaling group

To verify the master election:
  1. Look up the DynamoDB table <ResourceTagPrefix>-FortiGateMasterElection as described in the section Locating deployed resources.
  2. Select the <ResourceTagPrefix>-FortiGateMasterElection table.
  3. In the right hand pane, select the Items tab.
  4. The master record will be the only item listed. Click the master record.

Items tab

In the master record,

  • instanceId is the instance ID of the master instance.
  • ip refers to its primary private IP address.
  • subnetId is the ID of the subnet in which the master FortiGate-VM is located.
  • voteState is the state of the voting process.
    • pending: election of the master instance is still in progress.
    • done: the master election process is done.
  • vpcId is the ID of the VPC in which the master FortiGate-VM instance is located.

The master record will look as follows:

Master record

The master election has been completed when the voteState is done.

Note

Make note of the instanceID, as you will need it to connect to the FortiGate-VM in the section Connecting to the master FortiGate-VM instance.

If you have both BYOL and PAYG instances, you will also need the scalingGroupName to locate the master instance.