Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

Resources

Upgrade Path Tool

AWS Cookbook

6.4.0
Download PDF
Copy Link

Verifying the deployment

FortiGate Autoscale for AWS with Transit Gateway integration creates an Auto Scaling group with lifecycle events attached to the group. This VPC is attached to a Transit Gateway. Verify the following components:

To verify the Auto Scaling group:
  1. In the AWS console, select the Services > Compute > EC2.
  2. In the left navigation tree, click INSTANCES > Instances.
  3. Click the filter box and select Tag Keys > ResourceGroup.
  4. Select your ResourceTagPrefix from the list of Tag Keys.
  5. Instances will be listed along with a status. Confirm that the Instance Status for each instance is running.

    Instances

  6. In the left navigation tree, click AUTO SCALING > Auto Scaling Groups.
  7. Click the filter box and look up the Auto Scaling group using the ResourceTagPrefix.

    Auto Scaling group

  8. The Auto Scaling group will be listed. Confirm that the number in the Instances column is equal to or greater than the Desired Capacity you specified.
  9. In the lower pane, click on the Instances tab and confirm that the Lifecycle of each instance is InService.
To verify the master election:
  1. Locate the instances as described in steps 1 - 4 of the section To verify the Auto Scaling group:.
  2. Select one of the instances.
  3. In the lower pane, click the Tags tab and look for the Key AutoScaleRole. This tag only appears on the master FortiGate-VM instance. If you find it, it should be set to master. If it is not present, try another instance until you find it.
Note

 

To display the AutoScaleRole column in the upper section, click Show Column.

Make note of the instanceID of the master instance, as you will need it to connect to the FortiGate-VM in the section Connecting to the master FortiGate-VM instance.

To verify the Transit Gateway:
  1. In the AWS console, select the Services > Network & Content Delivery > VPC.
  2. In the left navigation tree, click Transit Gateways > Transit Gateways.
  3. Filter by the Tag Key ResourceGroup. There should be one result.

    Filtered Transit Gateways

  4. In the left navigation tree, click Virtual Private Network (VPN) > Customer Gateways.
  5. Filter by the Tag Key ResourceGroup. There should be one customer gateway per running FortiGate-VM instance (2 at the start).

    Filtered Customer Gateways

  6. In the left navigation tree, click Virtual Private Network (VPN) > Site-to-Site VPN Connections.
  7. Filter by the Tag Key ResourceGroup. There should be two items, 1 per FortiGate-VM instance, each with a corresponding Transit Gateway attachment.

    Filtered Site-to-Site VPN Connections

  8. In the left navigation tree, click Transit Gateways > Transit Gateway Attachments.
  9. Filter by the Tag Key ResourceGroup. There should be one VPC, and one VPN per running FortiGate-VM instance in the Auto Scaling group. (2 at the start, one master and one slave). The VPN name will contain the public IP address of the VPN.

    Filtered Transit Gateway Attachments

  10. In the left navigation tree, click Transit Gateway > Transit Gateway Route Tables.
  11. Filter by the Tag Key ResourceGroup. There should be two items, one for inbound and one for outbound. For diagrams, refer to the Appendix.

    Filtered Transit Gateway Route Tables

Resources

Verifying the deployment

FortiGate Autoscale for AWS with Transit Gateway integration creates an Auto Scaling group with lifecycle events attached to the group. This VPC is attached to a Transit Gateway. Verify the following components:

To verify the Auto Scaling group:
  1. In the AWS console, select the Services > Compute > EC2.
  2. In the left navigation tree, click INSTANCES > Instances.
  3. Click the filter box and select Tag Keys > ResourceGroup.
  4. Select your ResourceTagPrefix from the list of Tag Keys.
  5. Instances will be listed along with a status. Confirm that the Instance Status for each instance is running.

    Instances

  6. In the left navigation tree, click AUTO SCALING > Auto Scaling Groups.
  7. Click the filter box and look up the Auto Scaling group using the ResourceTagPrefix.

    Auto Scaling group

  8. The Auto Scaling group will be listed. Confirm that the number in the Instances column is equal to or greater than the Desired Capacity you specified.
  9. In the lower pane, click on the Instances tab and confirm that the Lifecycle of each instance is InService.
To verify the master election:
  1. Locate the instances as described in steps 1 - 4 of the section To verify the Auto Scaling group:.
  2. Select one of the instances.
  3. In the lower pane, click the Tags tab and look for the Key AutoScaleRole. This tag only appears on the master FortiGate-VM instance. If you find it, it should be set to master. If it is not present, try another instance until you find it.
Note

 

To display the AutoScaleRole column in the upper section, click Show Column.

Make note of the instanceID of the master instance, as you will need it to connect to the FortiGate-VM in the section Connecting to the master FortiGate-VM instance.

To verify the Transit Gateway:
  1. In the AWS console, select the Services > Network & Content Delivery > VPC.
  2. In the left navigation tree, click Transit Gateways > Transit Gateways.
  3. Filter by the Tag Key ResourceGroup. There should be one result.

    Filtered Transit Gateways

  4. In the left navigation tree, click Virtual Private Network (VPN) > Customer Gateways.
  5. Filter by the Tag Key ResourceGroup. There should be one customer gateway per running FortiGate-VM instance (2 at the start).

    Filtered Customer Gateways

  6. In the left navigation tree, click Virtual Private Network (VPN) > Site-to-Site VPN Connections.
  7. Filter by the Tag Key ResourceGroup. There should be two items, 1 per FortiGate-VM instance, each with a corresponding Transit Gateway attachment.

    Filtered Site-to-Site VPN Connections

  8. In the left navigation tree, click Transit Gateways > Transit Gateway Attachments.
  9. Filter by the Tag Key ResourceGroup. There should be one VPC, and one VPN per running FortiGate-VM instance in the Auto Scaling group. (2 at the start, one master and one slave). The VPN name will contain the public IP address of the VPN.

    Filtered Transit Gateway Attachments

  10. In the left navigation tree, click Transit Gateway > Transit Gateway Route Tables.
  11. Filter by the Tag Key ResourceGroup. There should be two items, one for inbound and one for outbound. For diagrams, refer to the Appendix.

    Filtered Transit Gateway Route Tables