Fortinet black logo

New Features

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Auto Scaling

Auto Scaling

This version supports auto scaling for Google Cloud environments.

Sample configuration

To set up auto scaling for a Google Cloud environment:

  1. Create an instance template with Google Cloud Platform console.
  2. Create an instance group with Google Cloud Platform console.
  3. Set the first FortiGate VM in the auto scaling group as the primary member.
  4. Scale out another FortiGate VM and set it as a secondary member; and then synchronize configuration from primary to secondary.
To create an instance template with Google Cloud Platform console:
  1. Go to Instance templates console and click CREATE INSTANCE TEMPLATE.

  2. Configure the instance template.
    • Enter the instance template Name, for example instance-template-demo.
    • Select the Machine type.
    • Change Boot disk to your FortiGate VM image.
    • In the Firewall section, select Allow HTTP traffic and Allow HTTPS traffic.
    • Click Create.

  3. Go to Instance templates console and check that your instance template is created.

To create an instance group with Google Cloud Platform console:
  1. Go to Instance groups console and click CREATE INSTANCE GROUP.

  2. Configure the instance group.
    • Enter the instance group Name, for example instance-group-demo.
    • Select the Instance template you created.
    • For Autoscaling, select On.

    • For Autoscaling policy, select CPU usage.
    • Enter the Target CPU usage percentage. For example, 60%.
    • Enter the Maximum number of instances that you want for this instance group.
    • If desired, enter the Minimum number of instances and Cool down period.

      The cool down period is the number of seconds auto scaling waits after a VM starts before collecting information from it. The time is typically the VM initialization time, when the collected usage is not reliable for auto scaling. The default cool down period is 60 seconds.

    • Click Create.

  3. Go to Instance groups console and check that your instance group is created.

  4. Wait a few moments and click the instance group to check if an instance was launched automatically, since the minimum number of instances is set to 1.

    In this example, the first FortiGate VM instance name is instance-group-demo-2kp9.

To set the first FortiGate VM in the auto scaling group as the primary member:
  1. Log into the FortiGate VM as administrator and the instance ID as the default password.
  2. Use the CLI to enable auto scaling and set the role to primary:
    config system auto-scale
    set status enable
    set role master
    set sync-interface "port1"
    set psksecret xxxxxx
end
  3. In the GUI, go to the Dashboard Virtual Machine widget to check that Auto Scaling is enabled and Role is Master.

To scale out another FortiGate VM and set it as a secondary member; and then synchronize configuration from primary to secondary:
  1. Generate test traffic on the FortiGate VM where the CPU rate is higher than the instance group target CPU usage.

    For test purpose, you can also change the target CPU usage to a small value.

    The instance group will trigger to scale out an new FortiGate VM.

    In this example, the second FortiGate VM instance name is instance-group-demo-mq3v.

  2. Log into the second FortiGate VM as administrator and the instance ID as the default password.

    Use the CLI to enable auto scaling and set the role to secondary.

    For the master-ip, use the IP of the primary member sync interface. The primary IP should be the primary side private IP address.

    Check that the configuration can be synced from the primary member to the secondary member.

    config system auto-scale
    set status enable
    set role slave
    set sync-interface "port1"
    set master-ip 10.128.0.41
    set psksecret xxxxxx
end
  3. Wait a few moments for the secondary member to sync with the primary member; and then the secondary member can sync the FortiGate configuration from the primary member.
    FortiGate-VM64-GCPON~AND # diag deb app hasync -1
slave's configuration is not in sync with master's, sequence:0
slave's configuration is not in sync with master's, sequence:1
slave's configuration is not in sync with master's, sequence:2
slave's configuration is not in sync with master's, sequence:3
slave's configuration is not in sync with master's, sequence:4
slave starts to sync with master
logout all admin users
Previous
Next

Auto Scaling

This version supports auto scaling for Google Cloud environments.

Sample configuration

To set up auto scaling for a Google Cloud environment:

  1. Create an instance template with Google Cloud Platform console.
  2. Create an instance group with Google Cloud Platform console.
  3. Set the first FortiGate VM in the auto scaling group as the primary member.
  4. Scale out another FortiGate VM and set it as a secondary member; and then synchronize configuration from primary to secondary.
To create an instance template with Google Cloud Platform console:
  1. Go to Instance templates console and click CREATE INSTANCE TEMPLATE.

  2. Configure the instance template.
    • Enter the instance template Name, for example instance-template-demo.
    • Select the Machine type.
    • Change Boot disk to your FortiGate VM image.
    • In the Firewall section, select Allow HTTP traffic and Allow HTTPS traffic.
    • Click Create.

  3. Go to Instance templates console and check that your instance template is created.

To create an instance group with Google Cloud Platform console:
  1. Go to Instance groups console and click CREATE INSTANCE GROUP.

  2. Configure the instance group.
    • Enter the instance group Name, for example instance-group-demo.
    • Select the Instance template you created.
    • For Autoscaling, select On.

    • For Autoscaling policy, select CPU usage.
    • Enter the Target CPU usage percentage. For example, 60%.
    • Enter the Maximum number of instances that you want for this instance group.
    • If desired, enter the Minimum number of instances and Cool down period.

      The cool down period is the number of seconds auto scaling waits after a VM starts before collecting information from it. The time is typically the VM initialization time, when the collected usage is not reliable for auto scaling. The default cool down period is 60 seconds.

    • Click Create.

  3. Go to Instance groups console and check that your instance group is created.

  4. Wait a few moments and click the instance group to check if an instance was launched automatically, since the minimum number of instances is set to 1.

    In this example, the first FortiGate VM instance name is instance-group-demo-2kp9.

To set the first FortiGate VM in the auto scaling group as the primary member:
  1. Log into the FortiGate VM as administrator and the instance ID as the default password.
  2. Use the CLI to enable auto scaling and set the role to primary:
    config system auto-scale
    set status enable
    set role master
    set sync-interface "port1"
    set psksecret xxxxxx
end
  3. In the GUI, go to the Dashboard Virtual Machine widget to check that Auto Scaling is enabled and Role is Master.

To scale out another FortiGate VM and set it as a secondary member; and then synchronize configuration from primary to secondary:
  1. Generate test traffic on the FortiGate VM where the CPU rate is higher than the instance group target CPU usage.

    For test purpose, you can also change the target CPU usage to a small value.

    The instance group will trigger to scale out an new FortiGate VM.

    In this example, the second FortiGate VM instance name is instance-group-demo-mq3v.

  2. Log into the second FortiGate VM as administrator and the instance ID as the default password.

    Use the CLI to enable auto scaling and set the role to secondary.

    For the master-ip, use the IP of the primary member sync interface. The primary IP should be the primary side private IP address.

    Check that the configuration can be synced from the primary member to the secondary member.

    config system auto-scale
    set status enable
    set role slave
    set sync-interface "port1"
    set master-ip 10.128.0.41
    set psksecret xxxxxx
end
  3. Wait a few moments for the secondary member to sync with the primary member; and then the secondary member can sync the FortiGate configuration from the primary member.
    FortiGate-VM64-GCPON~AND # diag deb app hasync -1
slave's configuration is not in sync with master's, sequence:0
slave's configuration is not in sync with master's, sequence:1
slave's configuration is not in sync with master's, sequence:2
slave's configuration is not in sync with master's, sequence:3
slave's configuration is not in sync with master's, sequence:4
slave starts to sync with master
logout all admin users
Previous
Next