This deployment requires familiarity with the configuration of a FortiGate using the CLI as well as with the following AWS services:
- Amazon Elastic Cloud Compute (Amazon EC2)
- Amazon EC2 Auto Scaling
- Amazon VPC
- AWS CloudFormation
- AWS Lambda
- Amazon DynamoDB
- Amazon API Gateway
- Amazon CloudWatch
- Amazon S3
If deploying with Transit Gateway integration, knowledge of the following is also required:
- AWS Transit Gateway
- Border Gateway Protocol (BGP)
- Equal-cost multi-path (ECMP)
It is expected that FortiGate Autoscale for AWS will be deployed by DevOps engineers or advanced system administrators who are familiar with the above.
To start the deployment, you must have an AWS account. If you do not already have one, create one by following the on-screen instructions.
Log into your AWS account and verify the following:
- IAM permissions. Ensure that the AWS user deploying the template has sufficient permissions to perform the required service actions on resources. At a minimum, the following are required: Service: IAM; Actions:CreateRole; Resource: *.
Region. Use the region selector in the navigation bar to choose the AWS region where you want to deploy FortiGate Autoscale for AWS.
This deployment includes AWS Auto Scaling, which isn’t currently supported in all AWS Regions. For a current list of supported Regions, refer to the AWS documentation Service Endpoints and Quotas.
- Instance Type. This deployment offers a range of instance types, some of which are not currently supported in all AWS Regions. Ensure that your desired instance type is available in your region by checking the Instance types page for your region.
FortiGate subscription(s). Confirm that you have a valid subscription to the On-Demand FortiGate and/or BYOL FortiGate marketplace listings, as required for your deployment.
- If you are not subscribed, open the subscription page and click Continue to Subscribe.
- Review the terms and conditions for software usage, and then choose Accept Terms. A confirmation page loads, and an email confirmation is sent to the account owner.
- Exit out of AWS Marketplace without further action. Do not provision the software from AWS Marketplace.
- Key pair. Ensure at least one Amazon EC2 key pair exists in your AWS account in the region where you plan to deploy FortiGate Autoscale for AWS. Make note of the key pair name.
- Resources. If necessary, request service quota increases. This is necessary when you might exceed the default quotas with this deployment. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, see the AWSdocumentation. The default instance type is c5.large.
- FortiGate licenses. Ensure you have a license for each FortiGate BYOL instance you might use. Licenses can be purchased from FortiCare. In the section BYOL license files , you will place the license files in an S3 bucket for use by the deployment.