Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Creating an address using the CLI

  1. Create an address to use to configure a firewall policy. Open the CLI with administrator credentials. Right-click the address and select Edit in CLI.
  2. Configure the filtering rule. This means the Fabric connector automatically populates and updates only instances belonging to the specified VPN that match this filtering condition. You can use the following keys:

    1. instanceId (e.g. instanceId=i-12345678)

    2. instanceType (e.g. instanceType=t2.micro)

    3. imageId (e.g. imageId=ami-123456)

    4. keyName (e.g. keyName=aws-key-name)

    5. architecture (e.g. architecture=x86)

    6. subnetId (e.g. subnetId=sub-123456)

    7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-la)

    8. placement.groupname (e.g. placement.groupname=group-name)

    9. placement.tenancy (e.g. placement.tenancy=tenancy-name)

    10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)

    11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)

    12. tag.Name AWSinstance tag called "Name" (e.g. tagName=Value, maximum of 8 tags are supported.)

  3. For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above 6. subnetID. First, check the subnet ID in the AWS management portal.

  4. Enter set filter "subnetId=subnet-fb2506a0". In this example, the subnet is 10.0.2.0/24. At this point, show shows the following:

    Three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, Fabric connector found them through APIs FortiGate called to AWS.

Resources

Creating an address using the CLI

  1. Create an address to use to configure a firewall policy. Open the CLI with administrator credentials. Right-click the address and select Edit in CLI.
  2. Configure the filtering rule. This means the Fabric connector automatically populates and updates only instances belonging to the specified VPN that match this filtering condition. You can use the following keys:

    1. instanceId (e.g. instanceId=i-12345678)

    2. instanceType (e.g. instanceType=t2.micro)

    3. imageId (e.g. imageId=ami-123456)

    4. keyName (e.g. keyName=aws-key-name)

    5. architecture (e.g. architecture=x86)

    6. subnetId (e.g. subnetId=sub-123456)

    7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-la)

    8. placement.groupname (e.g. placement.groupname=group-name)

    9. placement.tenancy (e.g. placement.tenancy=tenancy-name)

    10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)

    11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)

    12. tag.Name AWSinstance tag called "Name" (e.g. tagName=Value, maximum of 8 tags are supported.)

  3. For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above 6. subnetID. First, check the subnet ID in the AWS management portal.

  4. Enter set filter "subnetId=subnet-fb2506a0". In this example, the subnet is 10.0.2.0/24. At this point, show shows the following:

    Three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, Fabric connector found them through APIs FortiGate called to AWS.