FortiGate AWS Deployment Guide

Leave a reply

Step 3.7 – Key Pair and Launch Instance

  • Choose proceed without a keypair and use the default FortiGate username / password.
  • Click Launch Instance to begin the provisioning.

 

Figure 15

 

 

Network Configuration

 

Step 4 – Configure AWS network settings

 

In this section you will be locating items such as the Network interface ENI on the

EC2 dashboard and making IP and routing updates on the VPC dashboard.                      

 

Step 4.1 – Associate a public “elastic” IP to the FG-VM public interface

  • On the EC2 Dashboard under the Network interface menu. o Locate the public interface ENI.
  • See step 4.3 figure 18 for a screenshot of this menu.
  • On the VPC Dashboard under the Elastic IPs menu. o If the Public IP is associated with a default instance you will need to disassociate the Public IP before you can proceed.

o Use the ENI of the public FortiGate interface as the object to associate the public IP.

 

Figure 16

 

 

Step 4.2 – Confirm the assigned Public address

  • Take note of the public IP address and DNS assigned. You will use these items in later steps.

 

Figure 17                                                                                                                                                                                                                  

 

 

 

 

Step 4.3 – Setting up the default route for the private network. 

  • On the EC2 Dashboard under the Network interface menu.
    • Locate the network interface ID (ENI-) of the private network and Copy the ID.
  • Change dashboards back to the VPC>Route Tables o Edit the default route (for the private subnet) to point to the FortiGate private network interface ID.
    • Demonstrated in figures 19-20

 

 

Figure 18

 

Figure 19

 

  • Associate the private subnet to the private routing entry you have been editing in the previous steps.

 

 

 

Step 4.4 – Disable Source / Destination check on the Private FG interface. 

  • On the EC2 Dashboard under the Network interface menu.
    • Right click and select Change Source/Dest Check o Select Disable and Save

 

 

Step 4.5 – Navigate to EC2 dash to review the Instance state

   Once confirming that the instance has finished provisioning and powering up check the following items.

o Public IP/DNS assigned o Confirm the correct security group is assigned.

 

 

 

 

 

 

 

 

Step 4.6 – Access the Virtual FortiGate

  • Open a HTTPS session to the public IP or DNS entry provided and login with the default username / password.
  • Upload license file for BYOL. (See figure 22)

Step 4.7 – SSH to the FortiGate

  • SSH to the device using the DNS hostname
  • Issue the following commands to test access o Ping 8.8.8.8 to test connectivity o Execute update-now o Execute formatlogdisk and reboot (Option step if you need disk logging)

 

 

FortiGate-VM64-AWS# Execute ping 8.8.8.8

FortiGate-VM64-AWS# Execute update-now

FortiGate-VM64-AWS# Execute formatlogdisk

 

Pages: 1 2 3 4 5 6 7 8 9 10 11 12
This entry was posted in FortiGate and tagged , , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.