Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

Resources

Upgrade Path Tool

AWS Cookbook

6.2.0
Download PDF
Copy Link

Planning

This deployment requires familiarity with the configuration of a FortiGate using the CLI as well as with the following AWS services:

If deploying with Transit Gateway integration, knowledge of the following is also required:

If you are new to AWS, visit the Getting Started Resource Center and the AWS Training and Certification website.

It is expected that FortiGate Autoscale for AWS will be deployed by DevOps engineers or advanced system administrators who are familiar with the above.

Technical requirements

To start the deployment, you must have an AWS account. If you do not already have one, create one by following the on-screen instructions.

Log into your AWS account and verify the following:

  • IAM permissions. Ensure that the AWS user deploying the template has sufficient permissions to perform the required service actions on resources. At a minimum, the following are required: Service: IAM; Actions:CreateRole; Resource: *.
  • Region. Use the region selector in the navigation bar to choose the AWS region where you want to deploy FortiGate Autoscale for AWS.
    Note

    This deployment includes AWS Auto Scaling, which isn’t currently supported in all AWS Regions. For a current list of supported Regions, refer to the AWS documentation Service Endpoints and Quotas.

  • Instance Type. This deployment offers a range of instance types, some of which are not currently supported in all AWS Regions. Ensure that your desired instance type is available in your region by checking the Instance types page for your region.
  • FortiGate subscription(s). Confirm that you have a valid subscription to the On-Demand FortiGate and/or BYOL FortiGate marketplace listings, as required for your deployment.
    • If you are not subscribed, open the subscription page and click Continue to Subscribe.
    • Review the terms and conditions for software usage, and then choose Accept Terms. A confirmation page loads, and an email confirmation is sent to the account owner.
    • Exit out of AWS Marketplace without further action. Do not provision the software from AWS Marketplace.
  • Key pair. Ensure at least one Amazon EC2 key pair exists in your AWS account in the region where you plan to deploy FortiGate Autoscale for AWS. Make note of the key pair name.
  • Resources. If necessary, request service quota increases. This is necessary when you might exceed the default quotas with this deployment. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, see the AWSdocumentation. The default instance type is c5.large.
  • FortiGate licenses. Ensure you have a license for each FortiGate BYOL instance you might use. Licenses can be purchased from FortiCare. In the section BYOL license files , you will place the license files in an S3 bucket for use by the deployment.

Resources

Planning

This deployment requires familiarity with the configuration of a FortiGate using the CLI as well as with the following AWS services:

If deploying with Transit Gateway integration, knowledge of the following is also required:

If you are new to AWS, visit the Getting Started Resource Center and the AWS Training and Certification website.

It is expected that FortiGate Autoscale for AWS will be deployed by DevOps engineers or advanced system administrators who are familiar with the above.

Technical requirements

To start the deployment, you must have an AWS account. If you do not already have one, create one by following the on-screen instructions.

Log into your AWS account and verify the following:

  • IAM permissions. Ensure that the AWS user deploying the template has sufficient permissions to perform the required service actions on resources. At a minimum, the following are required: Service: IAM; Actions:CreateRole; Resource: *.
  • Region. Use the region selector in the navigation bar to choose the AWS region where you want to deploy FortiGate Autoscale for AWS.
    Note

    This deployment includes AWS Auto Scaling, which isn’t currently supported in all AWS Regions. For a current list of supported Regions, refer to the AWS documentation Service Endpoints and Quotas.

  • Instance Type. This deployment offers a range of instance types, some of which are not currently supported in all AWS Regions. Ensure that your desired instance type is available in your region by checking the Instance types page for your region.
  • FortiGate subscription(s). Confirm that you have a valid subscription to the On-Demand FortiGate and/or BYOL FortiGate marketplace listings, as required for your deployment.
    • If you are not subscribed, open the subscription page and click Continue to Subscribe.
    • Review the terms and conditions for software usage, and then choose Accept Terms. A confirmation page loads, and an email confirmation is sent to the account owner.
    • Exit out of AWS Marketplace without further action. Do not provision the software from AWS Marketplace.
  • Key pair. Ensure at least one Amazon EC2 key pair exists in your AWS account in the region where you plan to deploy FortiGate Autoscale for AWS. Make note of the key pair name.
  • Resources. If necessary, request service quota increases. This is necessary when you might exceed the default quotas with this deployment. The Service Quotas console displays your usage and quotas for some aspects of some services. For more information, see the AWSdocumentation. The default instance type is c5.large.
  • FortiGate licenses. Ensure you have a license for each FortiGate BYOL instance you might use. Licenses can be purchased from FortiCare. In the section BYOL license files , you will place the license files in an S3 bucket for use by the deployment.