Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Creating an Address using the GUI

  1. In FortiOS, navigate to Policy & Objects > Addresses. Click Create New, then select Address.

  2. Enter the Address name. In the Type dropdown list, select Fabric Connector Address.
  3. In the Fabric Connector Type dropdown list, select Amazon Web Services (AWS). Enter the filter. This means the SDN Connector automatically populates and updates only instances belonging to the specified VPN that match this filtering condition. The following keys can be used:

    1. instanceId (e.g. instanceId=i-12345678)

    2. instanceType (e.g. instanceType=t2.micro)

    3. imageId (e.g. imageId=ami-123456)

    4. keyName (e.g. keyName=aws-key-name)

    5. architecture (e.g. architecture=x86)

    6. subnetId (e.g. subnetId=sub-123456)

    7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-1a)

    8. placement.groupname (e.g. placement.groupname=group-name)

    9. placement.tenancy (e.g. placement.tenancy=tenancy-name)

    10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)

    11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)

    12. tag.Name AWS instance tag called “Name” (e.g. tag.Name=Value, maximum of 8 tags are supported.)

  4. For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above 6. subnetID. First, check the subnet ID in the AWS management portal.

  5. Enter subnetId=subnet-fb2506a0 in the Filter field.
  6. In the Interface dropdown list, select an interface where the SDN Connector covers where relevant.

    The filtering condition can be set using multiple entries with AND (“&”) or OR (“|”). When both AND and OR are used, AND is interpreted before OR. For example, you can enter subnetId=subnet-fb2506a0 & tag.Name=abc123. In this case, an IP address of the instance that matches both the subnet ID and the tag “Name” shows up. Note wildcards are not allowed in values.

  7. Click OK. Once saved, the Address is listed under Policy & Objects > Addresses.

  8. Proceed to Creating a firewall policy.

Resources

Creating an Address using the GUI

  1. In FortiOS, navigate to Policy & Objects > Addresses. Click Create New, then select Address.

  2. Enter the Address name. In the Type dropdown list, select Fabric Connector Address.
  3. In the Fabric Connector Type dropdown list, select Amazon Web Services (AWS). Enter the filter. This means the SDN Connector automatically populates and updates only instances belonging to the specified VPN that match this filtering condition. The following keys can be used:

    1. instanceId (e.g. instanceId=i-12345678)

    2. instanceType (e.g. instanceType=t2.micro)

    3. imageId (e.g. imageId=ami-123456)

    4. keyName (e.g. keyName=aws-key-name)

    5. architecture (e.g. architecture=x86)

    6. subnetId (e.g. subnetId=sub-123456)

    7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-1a)

    8. placement.groupname (e.g. placement.groupname=group-name)

    9. placement.tenancy (e.g. placement.tenancy=tenancy-name)

    10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)

    11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)

    12. tag.Name AWS instance tag called “Name” (e.g. tag.Name=Value, maximum of 8 tags are supported.)

  4. For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above 6. subnetID. First, check the subnet ID in the AWS management portal.

  5. Enter subnetId=subnet-fb2506a0 in the Filter field.
  6. In the Interface dropdown list, select an interface where the SDN Connector covers where relevant.

    The filtering condition can be set using multiple entries with AND (“&”) or OR (“|”). When both AND and OR are used, AND is interpreted before OR. For example, you can enter subnetId=subnet-fb2506a0 & tag.Name=abc123. In this case, an IP address of the instance that matches both the subnet ID and the tag “Name” shows up. Note wildcards are not allowed in values.

  7. Click OK. Once saved, the Address is listed under Policy & Objects > Addresses.

  8. Proceed to Creating a firewall policy.