Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Prerequisites

Installing and configuring FortiGate Autoscale for AWS requires knowledge of the following:

  • Configuring a FortiGate using the CLI
  • AWS CloudFormation templates
  • AWS Lambda Function

It is expected that FortiGate Autoscale for AWS will be deployed by DevOps engineers or advanced system administrators who are familiar with the above.

Before starting the deployment, the following steps must be carried out:

  1. Log into your AWS account. If you do not already have one, create one by following the on-screen instructions.
    Note CFT deployment will fail if the AWS user deploying the template does not have sufficient AWS permissions to perform the required service actions on resources. At a minimum, the following are required:
    • Service: IAM; Actions:CreateRole; Resource: *.
  2. Use the region selector in the navigation bar to choose the AWS region where you want to deploy FortiGate Autoscale for AWS.
    Note

    The c5.large instance type is not compatible with the Asia Pacific (Sydney) Region (ap-southeast-2).

    AWS Auto Scaling is not supported in every region. Please check the AWS Region Table prior to selecting a region. Region support may be added without prior notification.

  3. Confirm that you have a valid subscription to the On-Demand and/or BYOL marketplace listings for FortiGate, as required for your deployment:
    Note

    Without the valid subscriptions, the deployment will fail with errors.

  4. Create a key pair in your selected region.
  5. If necessary, request a service limit increase. You may need to do this if you encounter an issue where you exceed the default limit with this deployment. The default instance type is c5.large.

Resources

Prerequisites

Installing and configuring FortiGate Autoscale for AWS requires knowledge of the following:

  • Configuring a FortiGate using the CLI
  • AWS CloudFormation templates
  • AWS Lambda Function

It is expected that FortiGate Autoscale for AWS will be deployed by DevOps engineers or advanced system administrators who are familiar with the above.

Before starting the deployment, the following steps must be carried out:

  1. Log into your AWS account. If you do not already have one, create one by following the on-screen instructions.
    Note CFT deployment will fail if the AWS user deploying the template does not have sufficient AWS permissions to perform the required service actions on resources. At a minimum, the following are required:
    • Service: IAM; Actions:CreateRole; Resource: *.
  2. Use the region selector in the navigation bar to choose the AWS region where you want to deploy FortiGate Autoscale for AWS.
    Note

    The c5.large instance type is not compatible with the Asia Pacific (Sydney) Region (ap-southeast-2).

    AWS Auto Scaling is not supported in every region. Please check the AWS Region Table prior to selecting a region. Region support may be added without prior notification.

  3. Confirm that you have a valid subscription to the On-Demand and/or BYOL marketplace listings for FortiGate, as required for your deployment:
    Note

    Without the valid subscriptions, the deployment will fail with errors.

  4. Create a key pair in your selected region.
  5. If necessary, request a service limit increase. You may need to do this if you encounter an issue where you exceed the default limit with this deployment. The default instance type is c5.large.