Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

Resources

Upgrade Path Tool

AWS Cookbook

6.4.0
Download PDF
Copy Link

Deploying the CloudFormation templates

Note

The deployment will fail:

  • if you do not have the required subscription for the On-Demand marketplace listing for FortiGate.
  • if the AWS user deploying the template does not have the AWS permissions to perform the required service actions on resources. At a minimum, the following are required:
    • Service: IAM; Actions:CreateRole; Resource: *.

FortiGate Autoscale for AWS with Transit Gateway integration provides two deployment options:

  • Deployment with a new Transit Gateway.
  • Deployment with an existing Transit Gateway.

Both options will build a new AWS environment consisting of the VPC, subnets, FortiGate-VMs, security groups, and other infrastructure components. During configuration you can specify Classless Inter-Domain Routing (CIDR) blocks, instance types, and FortiGate settings. One inbound route domain and one outbound route domain will be created for the new or existing Transit Gateway. FortiGate Autoscale for AWS will then be deployed and attached to the Transit Gateway.

To deploy the CloudFormation templates:
  1. Navigate to the S3 folder you uploaded files to in the previous section. In the example below, we navigate to Amazon S3 > fortigate-autoscale > transit-gateway.
  2. Click templates and select the entry template workload-master.template.

    Select Template

  3. Copy the Object URL.
    Copy the Object URL
  4. Click Services, and then Management & Governance > CloudFormation.
    AWS Console CloudFormation
  5. Confirm the region you are in and then click Create Stack.
    Create Stack
  6. Paste the Object URL from step 3 into the Amazon S3 URL field as shown below.
    Paste Object URL
  7. Click Next.

 

 

 

 

 

 

 

 

 

 

Resources

Deploying the CloudFormation templates

Note

The deployment will fail:

  • if you do not have the required subscription for the On-Demand marketplace listing for FortiGate.
  • if the AWS user deploying the template does not have the AWS permissions to perform the required service actions on resources. At a minimum, the following are required:
    • Service: IAM; Actions:CreateRole; Resource: *.

FortiGate Autoscale for AWS with Transit Gateway integration provides two deployment options:

  • Deployment with a new Transit Gateway.
  • Deployment with an existing Transit Gateway.

Both options will build a new AWS environment consisting of the VPC, subnets, FortiGate-VMs, security groups, and other infrastructure components. During configuration you can specify Classless Inter-Domain Routing (CIDR) blocks, instance types, and FortiGate settings. One inbound route domain and one outbound route domain will be created for the new or existing Transit Gateway. FortiGate Autoscale for AWS will then be deployed and attached to the Transit Gateway.

To deploy the CloudFormation templates:
  1. Navigate to the S3 folder you uploaded files to in the previous section. In the example below, we navigate to Amazon S3 > fortigate-autoscale > transit-gateway.
  2. Click templates and select the entry template workload-master.template.

    Select Template

  3. Copy the Object URL.
    Copy the Object URL
  4. Click Services, and then Management & Governance > CloudFormation.
    AWS Console CloudFormation
  5. Confirm the region you are in and then click Create Stack.
    Create Stack
  6. Paste the Object URL from step 3 into the Amazon S3 URL field as shown below.
    Paste Object URL
  7. Click Next.