Fortinet Document Library

Version:

6.0.0

Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.4 6.2 6.0

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

6.0.0
6.0.0
Download PDF
Copy Link

CFT parameters

On the Specify stack details page, enter the stack name and CFT parameters.

CFT parameters

The following sections provide descriptions of the available parameters. Some parameters are specific to certain templates, and are only displayed when that template is selected.

Resource tagging configuration

Parameter label (name)

Default

Description

Resource tag prefix (ResourceTagPrefix)

Requires input

The ResourceGroup Tag Key used on all resources and as the name prefix of all applicable resources. Can only contain uppercase letters, lowercase letters, and numbers, ampersat(@), hyphens (-), period (.), and hash (#).

Maximum length is 50.

Resource name prefix (CustomIdentifier)

fgtASG

An alternative name prefix to be used on a resource that the Resource tag prefix cannot apply to. Can only contain uppercase letters, lowercase letters, and numbers.

Maximum length is 10.

Network configuration (New VPC, no Transit Gateway)

Parameter label (name)

Default

Description

Availability Zones (AvailabilityZones)

Requires input

The list of Availability Zones to use for the subnets in the VPC. The FortiGate Autoscale solution uses two Availability Zones from your list and preserves the logical order you specify.

VPC CIDR (VPCCIDR)

192.168.0.0/16

The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC.

Autoscale subnet 1 CIDR (PublicSubnet1CIDR)

192.168.0.0/24

The CIDR block for the subnet located in Availability Zone 1 where FortiGate Autoscale instances will be deployed to.

Autoscale subnet 2 CIDR (PublicSubnet2CIDR)

192.168.1.0/24

The CIDR block for the subnet located in Availability Zone 2 where FortiGate Autoscale instances will be deployed to.

Protected subnet 1 CIDR (PrivateSubnet1CIDR)

192.168.2.0/24

The CIDR block for the private subnet located in Availability Zone 1 where it is protected by the FortiGates in the public subnet of the same Availability Zone.

Protected subnet 2 CIDR (PrivateSubnet2CIDR)

192.168.3.0/24

The CIDR block for the private subnet located in Availability Zone 2 where it is protected by the FortiGates in the public subnet of the same Availability Zone.

Network configuration (Existing VPC, no Transit Gateway)

Parameter label (name)

Default

Description

VPC ID (VPCID)

Requires input

The ID of the existing VPC where FortiGate Autoscale will be deployed. The VPC must have the option DNS hostnames enabled and each of the two Availability Zones in the VPC must have at least 1 public subnet and at least 1 private subnet.

VPC CIDR (VPCCIDR)

Requires input

The CIDR block of the selected existing VPC. This can be found in parentheses in the VPC ID parameter selection.

Autoscale subnet 1 ID (PublicSubnet1)

Requires input

The ID of the public subnet 1 located in Availability Zone 1 of the selected existing VPC.

Autoscale subnet 2 ID (PublicSubnet2)

Requires input

The ID of the public subnet 2 located in Availability Zone 2 of the selected existing VPC.

Private subnet 1 (PrivateSubnet1)

Requires input

The ID of the private subnet 1 located in Availability Zone 1 of the selected existing VPC. This subnet will be protected by the FortiGates in the public subnet of the same Availability Zone.

Private subnet 2 (PrivateSubnet2)

Requires input

The ID of the private subnet 2 located in Availability Zone 2 of the selected existing VPC. This subnet will be protected by the FortiGates in the public subnet of the same Availability Zone.

Private subnet route table (PrivateSubnetRouteTable)

Requires input

Route table ID associated with the two private subnets.

Network configuration (Transit Gateway integration)

Parameter label (name)

Default

Description

Availability Zones (AvailabilityZones)

Requires input

The list of Availability Zones to use for the subnets in the VPC. The FortiGate Autoscale solution uses two Availability Zones from your list and preserves the logical order you specify.

VPC CIDR (VPCCIDR)

192.168.0.0/16

The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC.

Autoscale subnet 1 CIDR (PublicSubnet1CIDR)

192.168.0.0/24

The CIDR block for the subnet located in Availability Zone 1 where FortiGate Autoscale instances will be deployed to.

Autoscale subnet 2 CIDR (PublicSubnet2CIDR)

192.168.1.0/24

The CIDR block for the subnet located in Availability Zone 2 where FortiGate Autoscale instances will be deployed to.

FortiGate configuration

Parameter label (name)

Default

Description

Instance type (FortiGateInstanceType)

c5.large

Instance type for the FortiGates in the Auto Scaling group. There are t2.small and compute-optimized instances such as c4 and c5 available with different vCPU sizes and bandwidths. For more information about instance types, see Instance Types.

FortiOS version (FortiOSVersion)

6.2.3

FortiOS version supported by FortiGate Autoscale for AWS.

FortiGate PSK secret (FortiGatePskSecret)

Requires input

A secret key for the FortiGate instances to securely communicate with each other. Must contain numbers and letters and may contain special characters.

Maximum length is 128.

Note

Changes to the PSK secret after FortiGate Autoscale for AWS has been deployed are not reflected here. For new instances to be spawned with the changed PSK secret, this environment variable will need to be manually updated.

Admin port (FortiGateAdminPort)

8443

A port number for FortiGate administration.

Minimum is 1. Maximum is 65535.

Do not use the FortiGate reserved ports 443, 541, 514, or 703.

Admin CIDR block (FortiGateAdminCidr)

Requires input

CIDR block for external admin management access.

Warning

0.0.0.0/0 accepts connections from any IP address. We recommend that you use a constrained CIDR range to reduce the potential of inbound attacks from unknown IP addresses.

Key pair name (KeyPairName)

Requires input

Amazon EC2 Key Pair for admin access.

BGP ASN (BgpAsn)

65000

The Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the Customer Gateway of each FortiGate instance in the Auto Scaling group. This value ranges from 64512 to 65534.

Note

Only for deployments with Transit Gateway integration.

FortiGate Auto Scaling group configuration

Parameter label (name)

Default

Description

Desired capacity (BYOL) (FgtAsgDesiredCapacityByol)

2

The number of FortiGate instances the BYOL Auto Scaling group should have at any time.

For High Availability in BYOL-only and Hybrid use cases, ensure at least 2 FortiGates are in the group.

For specific use cases, set to 0 for On-Demand-only, and >= 2 for BYOL-only or hybrid licensing.

Minimum group size (BYOL) (FgtAsgMinSizeByol)

2

Minimum number of FortiGate instances in the BYOL Auto Scaling group.

For specific use cases, set to 0 for On-Demand-only, and >= 2 for BYOL-only or hybrid licensing.

Note

For BYOL-only and hybrid licensing deployments, this parameter must be at least 2. If it is set to 1 and the instance fails to work, the current FortiGate configuration will be lost.

Maximum group size (BYOL) (FgtAsgMaxSizeByol)

2

Maximum number of FortiGate instances in the BYOL Auto Scaling group.

For specific use cases, set to 0 for On-Demand-only, and >= 2 for BYOL-only or hybrid licensing. This number must be greater than or equal to the Minimum group size (BYOL).

Desired capacity (On-Demand instances) (FgtAsgDesiredCapacityPayg)

0

The number of FortiGate instances the On-Demand-only Auto Scaling group should have at any time.

For High Availability in an On-Demand-only use case, ensure at least 2 FortiGates are in the group.

For specific use cases, set to 0 for BYOL-only, >= 2 for On-Demand-only, and >= 0 for hybrid licensing.

Minimum group size (On-Demand instances) (FgtAsgMinSizePayg)

0

Minimum number of FortiGate instances in the On-Demand-only Auto Scaling group.

For specific use cases, set to 0 for BYOL-only, >= 2 for On-Demand-only, and >= 0 for hybrid licensing.

Note

For On-Demand-only deployments, this parameter must be at least 2. If it is set to 1 and the instance fails to work, the current FortiGate configuration will be lost.

Maximum group size (On-Demand instances) (FgtAsgMaxSizePayg)

0

Maximum number of FortiGate instances in the On-Demand-only Auto Scaling group.

For specific use cases, set to 0 for BYOL-only, >= 2 for On-Demand-only, and >= 0 for hybrid licensing. This number must be greater than or equal to the Minimum group size (On-Demand-only instances).

Scale-out threshold (FgtAsgScaleOutThreshold)

80

The threshold (in percentage) for the FortiGate Auto Scaling group to scale out (add) 1 instance.

Minimum is 1. Maximum is 100.

Scale-in threshold (FgtAsgScaleInThreshold)

25

The threshold (in percentage) for the FortiGate Auto Scaling group to scale in (remove) 1 instance.

Minimum is 1. Maximum is 100.

Primary election timeout (PrimaryElectionTimeout)

300

The maximum time (in seconds) to wait for the election of the primary instance to complete.

Minimum is 30. Maximum is 3600.

Get license grace period (GetLicenseGracePeriod)

600

The minimum time (in seconds) permitted before a distributed license can be revoked from a non-responsive FortiGate and re-distributed.

Minimum is 300.

Health check grace period (FgtAsgHealthCheckGracePeriod)

300

The length of time (in seconds) that Auto Scaling waits before checking an instance's health status.

Minimum is 60.

Scaling cooldown period (FgtAsgCooldown)

300

The Auto Scaling group waits for the cooldown period (in seconds) to complete before resuming scaling activities.

Minimum is 60. Maximum is 3600.

Instance lifecycle timeout (LifecycleHookTimeout)

480

The amount of time (in seconds) that can elapse before the FortiGate Autoscale lifecycle hook times out.

Minimum is 60. Maximum is 3600.

Transit Gateway configuration (Transit Gateway integration)

Parameter label (name)

Default

Description

Transit Gateway support (TransitGatewaySupportOptions)

create one

Create a Transit Gateway for the FortiGate Autoscale VPC to attach to, or specify to use an existing one.

Transit Gateway ID (TransitGatewayId)

Conditionally requires input

Required when Transit Gateway support is set to "use an existing one". It is the ID of the Transit Gateway that the FortiGate Autoscale VPC will be attached to.

Load balancing configuration (no Transit Gateway integration)

Parameter label (name)

Default

Description

Traffic protocol (LoadBalancingTrafficProtocol)

HTTPS

The protocol used to load balance traffic.

Traffic port (LoadBalancingTrafficPort)

443

The port number used to balance web service traffic if the internal web service load balancer is enabled.

Minimum is 1. Maximum is 65535.

Health check threshold (LoadBalancingHealthCheckThreshold)

3

The number of consecutive health check failures required before considering a FortiGate instance unhealthy.

Minimum 3.

Internal ELB options (InternalLoadBalancingOptions)

add a new internal load balancer

(Optional) Add a predefined Elastic Load Balancer (ELB) to route traffic to web service in the private subnets. You can optionally use your own one or decide to not need one.

Health check path (InternalTargetGroupHealthCheckPath)

/

(Optional) The destination path for health checks. This path must begin with a '/' character, and can be at most 1024 characters in length.

Internal ELB DNS name (InternalLoadBalancerDnsName)

Requires input

(Optional) Specify the DNS Name of an existing internal load balancer used to route traffic from a FortiGate to targets in a specified target group. Leave it blank if you don't use an existing load balancer.

Failover management configuration

Parameter label (name)

Default

Description

Heart beat interval (HeartBeatInterval)

30

The length of time (in seconds) that a FortiGate instance waits between sending heartbeat requests to the Autoscale handler.

Minimum is 30. Maximum is 90.

Heart beat loss count (HeartBeatLossCount)

3

Number of consecutively lost heartbeats. When the Heartbeat loss count has been reached, the FortiGate is deemed unhealthy and failover activities will commence.

Heart beat delay allowance (HeartBeatDelayAllowance)

2

The maximum amount of time (in seconds) allowed for network latency of the FortiGate heartbeat arriving at the Autoscale handler.

Minimum is 0.

Custom asset location configuration

Parameter label (name)

Default

Description

Use custom asset location (UseCustomAssetLocation)

no

Set to yes to use a custom S3 location for custom assets such as licenses and customized configsets.

Custom asset S3 bucket (CustomAssetContainer)

Requires input

Name of the S3 bucket that contains your custom assets. Required if 'Use custom asset location' is set to 'yes'. Can only contain numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)."

Custom asset folder (CustomAssetDirectory)

Requires input

The sub path within the 'custom asset container' that serves as the top level directory of all your custom assets. If 'Use custom asset location' is set to 'yes', and this value is left empty, the 'custom asset container' will serve as the top level directory. Can only contain numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). If provided, it must end with a forward slash (/).

Deployment resources configuration

Parameter label (name)

Default

Description

S3 bucket name (S3BucketName)

Requires input

Name of the S3 bucket (created in step 4 of Obtaining the deployment package) that contains the FortiGate Autoscale deployment package. Can only contain numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

S3 resource folder (S3KeyPrefix)

Requires input

Name of the S3 folder (created in step 5 of Obtaining the deployment package) that stores the FortiGate Autoscale deployment resources. Can only contain numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). If provided, it must end with a forward slash (/).

After entering all required parameters, click Next.

Resources

Upgrade Path Tool

CFT parameters

On the Specify stack details page, enter the stack name and CFT parameters.

CFT parameters

The following sections provide descriptions of the available parameters. Some parameters are specific to certain templates, and are only displayed when that template is selected.

Resource tagging configuration

Parameter label (name)

Default

Description

Resource tag prefix (ResourceTagPrefix)

Requires input

The ResourceGroup Tag Key used on all resources and as the name prefix of all applicable resources. Can only contain uppercase letters, lowercase letters, and numbers, ampersat(@), hyphens (-), period (.), and hash (#).

Maximum length is 50.

Resource name prefix (CustomIdentifier)

fgtASG

An alternative name prefix to be used on a resource that the Resource tag prefix cannot apply to. Can only contain uppercase letters, lowercase letters, and numbers.

Maximum length is 10.

Network configuration (New VPC, no Transit Gateway)

Parameter label (name)

Default

Description

Availability Zones (AvailabilityZones)

Requires input

The list of Availability Zones to use for the subnets in the VPC. The FortiGate Autoscale solution uses two Availability Zones from your list and preserves the logical order you specify.

VPC CIDR (VPCCIDR)

192.168.0.0/16

The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC.

Autoscale subnet 1 CIDR (PublicSubnet1CIDR)

192.168.0.0/24

The CIDR block for the subnet located in Availability Zone 1 where FortiGate Autoscale instances will be deployed to.

Autoscale subnet 2 CIDR (PublicSubnet2CIDR)

192.168.1.0/24

The CIDR block for the subnet located in Availability Zone 2 where FortiGate Autoscale instances will be deployed to.

Protected subnet 1 CIDR (PrivateSubnet1CIDR)

192.168.2.0/24

The CIDR block for the private subnet located in Availability Zone 1 where it is protected by the FortiGates in the public subnet of the same Availability Zone.

Protected subnet 2 CIDR (PrivateSubnet2CIDR)

192.168.3.0/24

The CIDR block for the private subnet located in Availability Zone 2 where it is protected by the FortiGates in the public subnet of the same Availability Zone.

Network configuration (Existing VPC, no Transit Gateway)

Parameter label (name)

Default

Description

VPC ID (VPCID)

Requires input

The ID of the existing VPC where FortiGate Autoscale will be deployed. The VPC must have the option DNS hostnames enabled and each of the two Availability Zones in the VPC must have at least 1 public subnet and at least 1 private subnet.

VPC CIDR (VPCCIDR)

Requires input

The CIDR block of the selected existing VPC. This can be found in parentheses in the VPC ID parameter selection.

Autoscale subnet 1 ID (PublicSubnet1)

Requires input

The ID of the public subnet 1 located in Availability Zone 1 of the selected existing VPC.

Autoscale subnet 2 ID (PublicSubnet2)

Requires input

The ID of the public subnet 2 located in Availability Zone 2 of the selected existing VPC.

Private subnet 1 (PrivateSubnet1)

Requires input

The ID of the private subnet 1 located in Availability Zone 1 of the selected existing VPC. This subnet will be protected by the FortiGates in the public subnet of the same Availability Zone.

Private subnet 2 (PrivateSubnet2)

Requires input

The ID of the private subnet 2 located in Availability Zone 2 of the selected existing VPC. This subnet will be protected by the FortiGates in the public subnet of the same Availability Zone.

Private subnet route table (PrivateSubnetRouteTable)

Requires input

Route table ID associated with the two private subnets.

Network configuration (Transit Gateway integration)

Parameter label (name)

Default

Description

Availability Zones (AvailabilityZones)

Requires input

The list of Availability Zones to use for the subnets in the VPC. The FortiGate Autoscale solution uses two Availability Zones from your list and preserves the logical order you specify.

VPC CIDR (VPCCIDR)

192.168.0.0/16

The Classless Inter-Domain Routing (CIDR) block for the FortiGate Autoscale VPC.

Autoscale subnet 1 CIDR (PublicSubnet1CIDR)

192.168.0.0/24

The CIDR block for the subnet located in Availability Zone 1 where FortiGate Autoscale instances will be deployed to.

Autoscale subnet 2 CIDR (PublicSubnet2CIDR)

192.168.1.0/24

The CIDR block for the subnet located in Availability Zone 2 where FortiGate Autoscale instances will be deployed to.

FortiGate configuration

Parameter label (name)

Default

Description

Instance type (FortiGateInstanceType)

c5.large

Instance type for the FortiGates in the Auto Scaling group. There are t2.small and compute-optimized instances such as c4 and c5 available with different vCPU sizes and bandwidths. For more information about instance types, see Instance Types.

FortiOS version (FortiOSVersion)

6.2.3

FortiOS version supported by FortiGate Autoscale for AWS.

FortiGate PSK secret (FortiGatePskSecret)

Requires input

A secret key for the FortiGate instances to securely communicate with each other. Must contain numbers and letters and may contain special characters.

Maximum length is 128.

Note

Changes to the PSK secret after FortiGate Autoscale for AWS has been deployed are not reflected here. For new instances to be spawned with the changed PSK secret, this environment variable will need to be manually updated.

Admin port (FortiGateAdminPort)

8443

A port number for FortiGate administration.

Minimum is 1. Maximum is 65535.

Do not use the FortiGate reserved ports 443, 541, 514, or 703.

Admin CIDR block (FortiGateAdminCidr)

Requires input

CIDR block for external admin management access.

Warning

0.0.0.0/0 accepts connections from any IP address. We recommend that you use a constrained CIDR range to reduce the potential of inbound attacks from unknown IP addresses.

Key pair name (KeyPairName)

Requires input

Amazon EC2 Key Pair for admin access.

BGP ASN (BgpAsn)

65000

The Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the Customer Gateway of each FortiGate instance in the Auto Scaling group. This value ranges from 64512 to 65534.

Note

Only for deployments with Transit Gateway integration.

FortiGate Auto Scaling group configuration

Parameter label (name)

Default

Description

Desired capacity (BYOL) (FgtAsgDesiredCapacityByol)

2

The number of FortiGate instances the BYOL Auto Scaling group should have at any time.

For High Availability in BYOL-only and Hybrid use cases, ensure at least 2 FortiGates are in the group.

For specific use cases, set to 0 for On-Demand-only, and >= 2 for BYOL-only or hybrid licensing.

Minimum group size (BYOL) (FgtAsgMinSizeByol)

2

Minimum number of FortiGate instances in the BYOL Auto Scaling group.

For specific use cases, set to 0 for On-Demand-only, and >= 2 for BYOL-only or hybrid licensing.

Note

For BYOL-only and hybrid licensing deployments, this parameter must be at least 2. If it is set to 1 and the instance fails to work, the current FortiGate configuration will be lost.

Maximum group size (BYOL) (FgtAsgMaxSizeByol)

2

Maximum number of FortiGate instances in the BYOL Auto Scaling group.

For specific use cases, set to 0 for On-Demand-only, and >= 2 for BYOL-only or hybrid licensing. This number must be greater than or equal to the Minimum group size (BYOL).

Desired capacity (On-Demand instances) (FgtAsgDesiredCapacityPayg)

0

The number of FortiGate instances the On-Demand-only Auto Scaling group should have at any time.

For High Availability in an On-Demand-only use case, ensure at least 2 FortiGates are in the group.

For specific use cases, set to 0 for BYOL-only, >= 2 for On-Demand-only, and >= 0 for hybrid licensing.

Minimum group size (On-Demand instances) (FgtAsgMinSizePayg)

0

Minimum number of FortiGate instances in the On-Demand-only Auto Scaling group.

For specific use cases, set to 0 for BYOL-only, >= 2 for On-Demand-only, and >= 0 for hybrid licensing.

Note

For On-Demand-only deployments, this parameter must be at least 2. If it is set to 1 and the instance fails to work, the current FortiGate configuration will be lost.

Maximum group size (On-Demand instances) (FgtAsgMaxSizePayg)

0

Maximum number of FortiGate instances in the On-Demand-only Auto Scaling group.

For specific use cases, set to 0 for BYOL-only, >= 2 for On-Demand-only, and >= 0 for hybrid licensing. This number must be greater than or equal to the Minimum group size (On-Demand-only instances).

Scale-out threshold (FgtAsgScaleOutThreshold)

80

The threshold (in percentage) for the FortiGate Auto Scaling group to scale out (add) 1 instance.

Minimum is 1. Maximum is 100.

Scale-in threshold (FgtAsgScaleInThreshold)

25

The threshold (in percentage) for the FortiGate Auto Scaling group to scale in (remove) 1 instance.

Minimum is 1. Maximum is 100.

Primary election timeout (PrimaryElectionTimeout)

300

The maximum time (in seconds) to wait for the election of the primary instance to complete.

Minimum is 30. Maximum is 3600.

Get license grace period (GetLicenseGracePeriod)

600

The minimum time (in seconds) permitted before a distributed license can be revoked from a non-responsive FortiGate and re-distributed.

Minimum is 300.

Health check grace period (FgtAsgHealthCheckGracePeriod)

300

The length of time (in seconds) that Auto Scaling waits before checking an instance's health status.

Minimum is 60.

Scaling cooldown period (FgtAsgCooldown)

300

The Auto Scaling group waits for the cooldown period (in seconds) to complete before resuming scaling activities.

Minimum is 60. Maximum is 3600.

Instance lifecycle timeout (LifecycleHookTimeout)

480

The amount of time (in seconds) that can elapse before the FortiGate Autoscale lifecycle hook times out.

Minimum is 60. Maximum is 3600.

Transit Gateway configuration (Transit Gateway integration)

Parameter label (name)

Default

Description

Transit Gateway support (TransitGatewaySupportOptions)

create one

Create a Transit Gateway for the FortiGate Autoscale VPC to attach to, or specify to use an existing one.

Transit Gateway ID (TransitGatewayId)

Conditionally requires input

Required when Transit Gateway support is set to "use an existing one". It is the ID of the Transit Gateway that the FortiGate Autoscale VPC will be attached to.

Load balancing configuration (no Transit Gateway integration)

Parameter label (name)

Default

Description

Traffic protocol (LoadBalancingTrafficProtocol)

HTTPS

The protocol used to load balance traffic.

Traffic port (LoadBalancingTrafficPort)

443

The port number used to balance web service traffic if the internal web service load balancer is enabled.

Minimum is 1. Maximum is 65535.

Health check threshold (LoadBalancingHealthCheckThreshold)

3

The number of consecutive health check failures required before considering a FortiGate instance unhealthy.

Minimum 3.

Internal ELB options (InternalLoadBalancingOptions)

add a new internal load balancer

(Optional) Add a predefined Elastic Load Balancer (ELB) to route traffic to web service in the private subnets. You can optionally use your own one or decide to not need one.

Health check path (InternalTargetGroupHealthCheckPath)

/

(Optional) The destination path for health checks. This path must begin with a '/' character, and can be at most 1024 characters in length.

Internal ELB DNS name (InternalLoadBalancerDnsName)

Requires input

(Optional) Specify the DNS Name of an existing internal load balancer used to route traffic from a FortiGate to targets in a specified target group. Leave it blank if you don't use an existing load balancer.

Failover management configuration

Parameter label (name)

Default

Description

Heart beat interval (HeartBeatInterval)

30

The length of time (in seconds) that a FortiGate instance waits between sending heartbeat requests to the Autoscale handler.

Minimum is 30. Maximum is 90.

Heart beat loss count (HeartBeatLossCount)

3

Number of consecutively lost heartbeats. When the Heartbeat loss count has been reached, the FortiGate is deemed unhealthy and failover activities will commence.

Heart beat delay allowance (HeartBeatDelayAllowance)

2

The maximum amount of time (in seconds) allowed for network latency of the FortiGate heartbeat arriving at the Autoscale handler.

Minimum is 0.

Custom asset location configuration

Parameter label (name)

Default

Description

Use custom asset location (UseCustomAssetLocation)

no

Set to yes to use a custom S3 location for custom assets such as licenses and customized configsets.

Custom asset S3 bucket (CustomAssetContainer)

Requires input

Name of the S3 bucket that contains your custom assets. Required if 'Use custom asset location' is set to 'yes'. Can only contain numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-)."

Custom asset folder (CustomAssetDirectory)

Requires input

The sub path within the 'custom asset container' that serves as the top level directory of all your custom assets. If 'Use custom asset location' is set to 'yes', and this value is left empty, the 'custom asset container' will serve as the top level directory. Can only contain numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). If provided, it must end with a forward slash (/).

Deployment resources configuration

Parameter label (name)

Default

Description

S3 bucket name (S3BucketName)

Requires input

Name of the S3 bucket (created in step 4 of Obtaining the deployment package) that contains the FortiGate Autoscale deployment package. Can only contain numbers, lowercase letters, uppercase letters, and hyphens (-). It cannot start or end with a hyphen (-).

S3 resource folder (S3KeyPrefix)

Requires input

Name of the S3 folder (created in step 5 of Obtaining the deployment package) that stores the FortiGate Autoscale deployment resources. Can only contain numbers, lowercase letters, uppercase letters, hyphens (-), and forward slashes (/). If provided, it must end with a forward slash (/).

After entering all required parameters, click Next.