Deploying auto scaling on AWS
You can deploy FortiGate virtual machines (VMs) to support Auto Scaling on AWS. Optionally, AWS Transit Gateway can be used to connect Amazon Virtual Private Clouds (Amazon VPCs) and their on-premises networks to a single gateway. This integration extends the FortiGate protection to all networks connected to the Transit Gateway. Both options require a manual deployment incorporating CloudFormation Templates (CFTs). Fortinet provides FortiGate Autoscale for AWS deployment packages to facilitate each deployment.
Multiple FortiGate-VM instances form an Auto Scaling group (ASG) to provide highly efficient clustering at times of high workloads. FortiGate-VM instances can be scaled out automatically according to predefined workload levels. When a spike in traffic occurs, a Lambda script is invoked to scale out the ASG by automatically adding FortiGate-VM instances. Auto Scaling is achieved by using FortiGate-native High Availability (HA) features such as
config-sync, which synchronizes operating system (OS) configurations across multiple FortiGate-VM instances at the time of scale-out events.
The following sections describe the deployment options:
Deploying auto scaling on AWS without Transit Gateway integration
- This option requires FortiOS 6.2.3 and supports any combination of On-Demand and Bring Your Own License (BYOL) instances.
Deploying auto scaling on AWS with Transit Gateway integration
- This option requires FortiOS 6.2.1 and only supports On-Demand instances.