Fortinet Document Library
Version:
6.4.0
6.2.0
FortiGate / FortiOS
Table of Contents
AWS Cookbook
About FortiGate-VM for AWS
Instance type support
Region support
Models
Licensing
Order types
Creating a support account
FortiCare-generated license adoption for AWS on-demand variant
Migrating a FortiGate-VM instance between license types
Deploying FortiGate-VM on AWS
Launching FortiGate-VM on AWS
Security best practices
Opening ports in the security group
Administrative access
IAM roles
Login credentials
AWS services and components
Bootstrapping the FortiGate-VM at initial bootup using user data
Setting up IAM roles
Creating S3 buckets with license and firewall configurations
Launching the instance using roles and user data
Deploying from BYOL AMI
Deploying on AWS China
Creating a VPC and subnets
Attaching the new VPC Internet gateway
Launching the instance with shared FortiGate-VM AMI
Connecting to the FortiGate-VM
Upgrading the FortiGate-VM
Backing up and restoring configuration
Deploying auto scaling on AWS
Planning
Obtaining the deployment package
Deploying the CloudFormation templates
CFT parameters
Configuring optional settings
Locating deployed resources
Verifying the deployment
Connecting to the primary FortiGate
Attaching a VPC to the Transit Gateway
Troubleshooting
Appendix
FortiGate Autoscale for AWS features
Deployment templates
Cloud-init
Architectural diagrams
Document history
Single FortiGate-VM deployment
Determining your licensing model
Creating a VPC and subnets
Attaching the new VPC Internet gateway
Subscribing to the FortiGate
Creating routing tables and associate subnets
Connecting to the FortiGate-VM
Setting up a Windows Server in the protected network
HA for FortiGate-VM on AWS
Deploying and configuring FortiGate-VM active-active HA
Deploying and configuring ELB-based HA/load balancing
Creating two subnets on your Amazon VPC
Creating a security group for the FortiGate-VM
Allocating EIPs for the FortiGate-VM and for public access
Deploying the FortiGate-VM
Assigning an IP address to the FortiGate-VM
Creating a default route
Configuring the FortiGate-VM
Deploying the Windows Server
Creating a second subnet and deploying a second FortiGate-VM
Creating an ELB between the FortiGate-VMs
Results
Deploying FortiGate-VM active-passive HA on AWS within one zone
Deploying FortiGate-VM active-passive HA AWS between multiple zones
Deploying FortiGate-VM active-passive HA AWS between multiple zones manually with Transit Gateway integration
Creating VPCs and subnets
Creating a Transit Gateway and related resources
Creating an Internet gateway
Creating VPC route tables
Deploying FortiGate-VM from AWS marketplace
Adding network interfaces and elastic IP addresses to the FortiGate-VMs
Configuring the FortiGate-VMs
Updating the route table and adding an IAM policy
Testing FortiGate-VM HA failover
Deploying FortiGate-VM using Terraform
SDN connector integration with AWS
Certificate-based SDN connector integration
Configuring an AWS SDN connector using IAM roles
AWS Kubernetes (EKS) SDN connector
Populating threat feeds with GuardDuty
Security implications
Parameters
Installation
Prerequisites
Preparing the deployment package
Setting up the S3 bucket
Setting up the DynamoDB table
Setting up the IAM role and policies
Creating the Lambda function
Setting up the DynamoDB stream trigger
Setting up CloudWatch
Testing the setup
(Optional) Generating sample findings in GuardDuty
Setting up the FortiGate(s)
Cleanup
Pipelined automation using AWS Lambda
Creating an automation stitch
Configuring an example automation stitch
Configuring FortiGate-VM load balancer using dynamic address objects
Accessing a cloud server using an SDN connector via VPN
VPN for FortiGate-VM on AWS
Connecting a local FortiGate to an AWS VPC VPN
Connecting a local FortiGate to an AWS FortiGate via site-to-site VPN
SD-WAN cloud on-ramp
Security inspection with Gateway Load Balancer integration
North-south security inspection to customer VPC
Creating the GWLB and registering targets
Creating the LB endpoint
VPC route tables
Post-deployment configuration
Validating the configuration
East-west security inspection between two customer VPCs
Creating the GWLB and registering targets
Creating the LB endpoint
Creating the transit gateway
Route tables
East-west egress route table
Configuring TGW route tables
Post-deployment configuration
Validating the configuration
Resources
Upgrade Path Tool
Home
Amazon Web Service
FortiGate / FortiOS
Select version:
6.4
6.2
6.0
Select version
6.4
6.2
6.0
AWS Cookbook
About FortiGate-VM for AWS
Instance type support
Region support
Models
Licensing
Order types
Creating a support account
FortiCare-generated license adoption for AWS on-demand variant
Migrating a FortiGate-VM instance between license types
Deploying FortiGate-VM on AWS
Launching FortiGate-VM on AWS
Security best practices
Opening ports in the security group
Administrative access
IAM roles
Login credentials
AWS services and components
Bootstrapping the FortiGate-VM at initial bootup using user data
Setting up IAM roles
Creating S3 buckets with license and firewall configurations
Launching the instance using roles and user data
Deploying from BYOL AMI
Deploying on AWS China
Creating a VPC and subnets
Attaching the new VPC Internet gateway
Launching the instance with shared FortiGate-VM AMI
Connecting to the FortiGate-VM
Upgrading the FortiGate-VM
Backing up and restoring configuration
Deploying auto scaling on AWS
Planning
Obtaining the deployment package
Deploying the CloudFormation templates
CFT parameters
Configuring optional settings
Locating deployed resources
Verifying the deployment
Connecting to the primary FortiGate
Attaching a VPC to the Transit Gateway
Troubleshooting
Appendix
FortiGate Autoscale for AWS features
Deployment templates
Cloud-init
Architectural diagrams
Document history
Single FortiGate-VM deployment
Determining your licensing model
Creating a VPC and subnets
Attaching the new VPC Internet gateway
Subscribing to the FortiGate
Creating routing tables and associate subnets
Connecting to the FortiGate-VM
Setting up a Windows Server in the protected network
HA for FortiGate-VM on AWS
Deploying and configuring FortiGate-VM active-active HA
Deploying and configuring ELB-based HA/load balancing
Creating two subnets on your Amazon VPC
Creating a security group for the FortiGate-VM
Allocating EIPs for the FortiGate-VM and for public access
Deploying the FortiGate-VM
Assigning an IP address to the FortiGate-VM
Creating a default route
Configuring the FortiGate-VM
Deploying the Windows Server
Creating a second subnet and deploying a second FortiGate-VM
Creating an ELB between the FortiGate-VMs
Results
Deploying FortiGate-VM active-passive HA on AWS within one zone
Deploying FortiGate-VM active-passive HA AWS between multiple zones
Deploying FortiGate-VM active-passive HA AWS between multiple zones manually with Transit Gateway integration
Creating VPCs and subnets
Creating a Transit Gateway and related resources
Creating an Internet gateway
Creating VPC route tables
Deploying FortiGate-VM from AWS marketplace
Adding network interfaces and elastic IP addresses to the FortiGate-VMs
Configuring the FortiGate-VMs
Updating the route table and adding an IAM policy
Testing FortiGate-VM HA failover
Deploying FortiGate-VM using Terraform
SDN connector integration with AWS
Certificate-based SDN connector integration
Configuring an AWS SDN connector using IAM roles
AWS Kubernetes (EKS) SDN connector
Populating threat feeds with GuardDuty
Security implications
Parameters
Installation
Prerequisites
Preparing the deployment package
Setting up the S3 bucket
Setting up the DynamoDB table
Setting up the IAM role and policies
Creating the Lambda function
Setting up the DynamoDB stream trigger
Setting up CloudWatch
Testing the setup
(Optional) Generating sample findings in GuardDuty
Setting up the FortiGate(s)
Cleanup
Pipelined automation using AWS Lambda
Creating an automation stitch
Configuring an example automation stitch
Configuring FortiGate-VM load balancer using dynamic address objects
Accessing a cloud server using an SDN connector via VPN
VPN for FortiGate-VM on AWS
Connecting a local FortiGate to an AWS VPC VPN
Connecting a local FortiGate to an AWS FortiGate via site-to-site VPN
SD-WAN cloud on-ramp
Security inspection with Gateway Load Balancer integration
North-south security inspection to customer VPC
Creating the GWLB and registering targets
Creating the LB endpoint
VPC route tables
Post-deployment configuration
Validating the configuration
East-west security inspection between two customer VPCs
Creating the GWLB and registering targets
Creating the LB endpoint
Creating the transit gateway
Route tables
East-west egress route table
Configuring TGW route tables
Post-deployment configuration
Validating the configuration
6.4.0
6.4.0
6.2.0
Download PDF
Copy Link
Licensing
You must have a license to deploy FortiGate-VM for
AWS
.
Order types
Creating a support account
FortiCare-generated license adoption for AWS on-demand variant
Migrating a FortiGate-VM instance between license types
Resources
Upgrade Path Tool
Licensing
You must have a license to deploy FortiGate-VM for
AWS
.
Order types
Creating a support account
FortiCare-generated license adoption for AWS on-demand variant
Migrating a FortiGate-VM instance between license types
Link
PDF
TOC
