Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

(Connectivity test) Add an EC2 to test automatic population

  1. Assume you want to boot up another instance with IPaddress 10.0.2.113, which is currently stopped. In the AWSmanagement portal, start the instance.

  2. Verify the instance is running.

  3. At this point, running show again shows the SDNConnector has automatically populated and added the 10.0.2.113 instance.

    Therefore, administrators do not need to add this instance to the Address manually. When a firewall policy is applied to this Address, 10.0.2.113 is automatically covered. The filtering condition can be set using multiple entries with AND ("&") or OR ("|"). When both ANDand OR are used, ANDis interpreted before OR. Check the syntax by entering set filter ?.

    For example, you can enter subnetID=subnet-fb2506a0 & tag.Name=abc123. In this case, an IP address of the instance that matches both the subnet ID and the tag "Name" shows up. Note wildcards are not allowed in values.

Resources

(Connectivity test) Add an EC2 to test automatic population

  1. Assume you want to boot up another instance with IPaddress 10.0.2.113, which is currently stopped. In the AWSmanagement portal, start the instance.

  2. Verify the instance is running.

  3. At this point, running show again shows the SDNConnector has automatically populated and added the 10.0.2.113 instance.

    Therefore, administrators do not need to add this instance to the Address manually. When a firewall policy is applied to this Address, 10.0.2.113 is automatically covered. The filtering condition can be set using multiple entries with AND ("&") or OR ("|"). When both ANDand OR are used, ANDis interpreted before OR. Check the syntax by entering set filter ?.

    For example, you can enter subnetID=subnet-fb2506a0 & tag.Name=abc123. In this case, an IP address of the instance that matches both the subnet ID and the tag "Name" shows up. Note wildcards are not allowed in values.