Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

Resources

Upgrade Path Tool

AWS Cookbook

6.2.0
Download PDF
Copy Link

Deploying FortiGate-VM from AWS marketplace

To deploy the FortiGate-VM from the AWS marketplace:
  1. On the AWS marketplace, find a FortiGate-VM listing and version available for selection. This example uses FortiGate-VM On-Demand 6.2.1, ami-0439b030915c59e67, on c5.xlarge instances. Available versions may change.
    Note

    Deploying a high availability (HA) pair requires four network interfaces. Instances smaller than x.large do not support four network interfaces and do not work for this deployment type.

  2. Launch the FortiGate-VM through Elastic Compute Cloud.

  3. Deploy the VM with only one network interface with public IP address assignment enabled.
  4. Repeat the steps for the second VM instance in a second availability zone.
  5. To enable management access to the FortiGate-VMs and HA traffic flow, open the security group attached to the FortiGate-VMs:
    1. In the AWS console, select Security Groups.
    2. Click the Create Security Group button.
    3. Add a rule with a source of 0.0.0.0/0 for all traffic types.
    4. Assign the rule to all interfaces on both FortiGate-VMs. The next step in the process, Adding network interfaces and elastic IP addresses to the FortiGate-VMs, explains creating additional network interfaces. You can tighten the security group later.

Resources

Deploying FortiGate-VM from AWS marketplace

To deploy the FortiGate-VM from the AWS marketplace:
  1. On the AWS marketplace, find a FortiGate-VM listing and version available for selection. This example uses FortiGate-VM On-Demand 6.2.1, ami-0439b030915c59e67, on c5.xlarge instances. Available versions may change.
    Note

    Deploying a high availability (HA) pair requires four network interfaces. Instances smaller than x.large do not support four network interfaces and do not work for this deployment type.

  2. Launch the FortiGate-VM through Elastic Compute Cloud.

  3. Deploy the VM with only one network interface with public IP address assignment enabled.
  4. Repeat the steps for the second VM instance in a second availability zone.
  5. To enable management access to the FortiGate-VMs and HA traffic flow, open the security group attached to the FortiGate-VMs:
    1. In the AWS console, select Security Groups.
    2. Click the Create Security Group button.
    3. Add a rule with a source of 0.0.0.0/0 for all traffic types.
    4. Assign the rule to all interfaces on both FortiGate-VMs. The next step in the process, Adding network interfaces and elastic IP addresses to the FortiGate-VMs, explains creating additional network interfaces. You can tighten the security group later.