FortiGate AutoScaling for New VPC with On-Demand Deployment


In this recipe, you will deploy FortiGate Autoscaling into a new VPC OnDemand license for Amazon Web Services (AWS).

If you are not using an existing VPC for your deployment and have not purchased BYOL licenses from Fortinet, you need to launch the a new cloud formation template. These templates can be found on GitHub.

In most cases, the defaults provided in the template should be sufficient. See AWS Documentation for the parameter types if you need to change from defaults.

1. Uploading the template

In the AWS Management Console, go to CloudFormation Service and select Create New Stack.

Under Choose a template, enable Upload a template to Amazon S3, then select your new template for upload.


2. Configuring Autoscaling

In Specify Details, set the Stack Name to a Region Unique name. Set ASQueue to an SQS Queue Name that is unique within the scope of your queues.

Set AZForFirewall1 and AZForFirewall2 to Availability Zones with the region you wish to place FortiGate 1 and FortiGate 2 respectively.


In VPC Configuration, select a CIDR block (if different from the defaults provided) that will hold the subnets specified for Public1, Private1, Public2, Private2 subnets. Provide unique subnet range for each of the public and private subnets.

In FortiGate Instance Configuration, select an Instance Type for initial FortiGates. Set CIDRForFortiGateAccess to define the Security Group for FortiGate Access and FortiGateKeyPair to allow SSH access to the FortiGate instances.
In ELB Configuration, if you need to change the default values, refer to AWS Documentation.  
In Worker Node Instance Configuration, set ASKeypair to allow SSH access to the FortiGate instances and CIDRForASAccess to define the Security Group for FortiGate Access.  
In Options, you can add additional Tags, Permissions, or Advanced Notification Options as desires. For more information, refer to AWS Documentation.  
Review your parameters and acknowledge the IAM resources notification. Select Create.  

3. Results

Verify that the stack’s Status is shown as CREATE_IN_PROGRESS.  
You can also monitor Stack Creation Events.  


Availabilty Zone may not support the instance size of the FortiGate instance. If you get a warning that a specific instance size is not supported, choose a different size or choose a different zone.