Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Creating an Address using the CLI

  1. Create an Address to use to configure a firewall policy. Open the CLI with administrator credentials. Right-click the Address and select Edit in CLI.

  2. Configure the filtering rule. This means the SDNConnector will automatically populate and update only instances belonging to the specified VPN that match this filtering condition. The following keys can be used:

    1. instanceId (e.g. instanceId=i-12345678)

    2. instanceType (e.g. instanceType=t2.micro)

    3. imageId (e.g. imageId=ami-123456)

    4. keyName (e.g. keyName=aws-key-name)

    5. architecture (e.g. architecture=x86)

    6. subnetId (e.g. subnetId=sub-123456)

    7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-la)

    8. placement.groupname (e.g. placement.groupname=group-name)

    9. placement.tenancy (e.g. placement.tenancy=tenancy-name)

    10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)

    11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)

    12. tag.Name AWSinstance tag called "Name" (e.g. tagName=Value, maximum of 8 tags are supported.)

  3. For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above 6. subnetID. First, check the subnet ID in the AWSmanagement portal.

  4. Enter set filter "subnetId=subnet-fb2506a0". In this example, the subnet is 10.0.2.0/24. At this point, show shows the following:

    Note three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, SDN Connector found them through APIs FortiGate called to AWS.

Resources

Creating an Address using the CLI

  1. Create an Address to use to configure a firewall policy. Open the CLI with administrator credentials. Right-click the Address and select Edit in CLI.

  2. Configure the filtering rule. This means the SDNConnector will automatically populate and update only instances belonging to the specified VPN that match this filtering condition. The following keys can be used:

    1. instanceId (e.g. instanceId=i-12345678)

    2. instanceType (e.g. instanceType=t2.micro)

    3. imageId (e.g. imageId=ami-123456)

    4. keyName (e.g. keyName=aws-key-name)

    5. architecture (e.g. architecture=x86)

    6. subnetId (e.g. subnetId=sub-123456)

    7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-la)

    8. placement.groupname (e.g. placement.groupname=group-name)

    9. placement.tenancy (e.g. placement.tenancy=tenancy-name)

    10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)

    11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)

    12. tag.Name AWSinstance tag called "Name" (e.g. tagName=Value, maximum of 8 tags are supported.)

  3. For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above 6. subnetID. First, check the subnet ID in the AWSmanagement portal.

  4. Enter set filter "subnetId=subnet-fb2506a0". In this example, the subnet is 10.0.2.0/24. At this point, show shows the following:

    Note three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, SDN Connector found them through APIs FortiGate called to AWS.