Verifying the deployment
FortiGate Autoscale for AWS without Transit Gateway integration creates an Auto Scaling group with lifecycle events attached to the group. Verify the following components:
- In the AWS console, select the Services > Compute > EC2.
- In the left navigation tree, click INSTANCES > Instances.
- Click the filter box and select Tag Keys > ResourceGroup.
- Select your ResourceTagPrefix from the list of Tag Keys.
- Instances will be listed along with a status. Confirm that the Instance Status for each instance is running.
- In the left navigation tree, click AUTO SCALING > Auto Scaling Groups.
- Click the filter box and look up the Auto Scaling group using the ResourceTagPrefix.
- The number of Auto Scaling groups listed is based on your implementation. The image below shows two Auto Scaling groups, one for BYOL instances, and one for On-Demand instances. Confirm that the number in the Instances column is equal to or greater than the Desired Capacity you specified.
- For each Auto Scaling group, select the check box to left of the Name, and then click the Instances tab in the lower pane and confirm that the Lifecycle of each instance is InService.
- Look up the DynamoDB table <ResourceTagPrefix>-FortiGateMasterElection as described in the section Locating deployed resources.
- Select the <ResourceTagPrefix>-FortiGateMasterElection table.
- In the right hand pane, select the Items tab.
- The master record will be the only item listed. Click the master record.
In the master record,
- instanceId is the instance ID of the master instance.
- ip refers to its primary private IP address.
- subnetId is the ID of the subnet in which the master FortiGate-VM is located.
voteState is the state of the voting process.
- pending: election of the master instance is still in progress.
- done: the master election process is done.
- vpcId is the ID of the VPC in which the master FortiGate-VM instance is located.
The master record will look as follows:
The master election has been completed when the voteState is done.
Make note of the instanceID, as you will need it to connect to the FortiGate-VM in the section Connecting to the master FortiGate-VM instance.
If you have both BYOL and On-Demand instances, you will also need the scalingGroupName to locate the master instance.