Fortinet Document Library

Version:

6.0.0
5.6.0
FortiGate / FortiOS FortiAnalyzer FortiManager FortiWeb FortiTester FortiAuthenticator FortiVoice Enterprise FortiSandbox FortiWeb Manager

Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
Home Amazon Web Service FortiGate / FortiOS
6.2 6.0 5.6

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

6.0.0
6.0.0
5.6.0
Copy Link

Launching FortiGate on AWS

See Single FortiGate Deployment.

The most basic deployment consists of one FortiGate with two ENIs facing a public subnet and private subnet, with FortiGate deployed inline between the two subnets. A single FortiGate protects a single VPC with a single availability zone. The public subnet's default gateway is an AWS Internet gateway, and FortiGate's private subnet-facing ENI is the private subnet's default gateway. Protected EC2 instances such as web servers, database servers, or other endpoints are assumed to exist in the private subnet. One elastic/public IP address or IPv4 DNS name must be allocated to the FortiGate in the public subnet for you to access FortiGate remotely via HTTPS or SSH over the Internet for initial configuration.

Resources

Upgrade Path Tool

Launching FortiGate on AWS

See Single FortiGate Deployment.

The most basic deployment consists of one FortiGate with two ENIs facing a public subnet and private subnet, with FortiGate deployed inline between the two subnets. A single FortiGate protects a single VPC with a single availability zone. The public subnet's default gateway is an AWS Internet gateway, and FortiGate's private subnet-facing ENI is the private subnet's default gateway. Protected EC2 instances such as web servers, database servers, or other endpoints are assumed to exist in the private subnet. One elastic/public IP address or IPv4 DNS name must be allocated to the FortiGate in the public subnet for you to access FortiGate remotely via HTTPS or SSH over the Internet for initial configuration.