Skip to content

Latest commit

 

History

History
68 lines (57 loc) · 2.42 KB

README.md

File metadata and controls

68 lines (57 loc) · 2.42 KB

Deployment of FortiGate-VM (PAYG/BYOL) Cluster on the AWS

Introduction

A Terraform script to deploy a FortiGate-VM Cluster on AWS for Cross-AZ deployment

Requirements

  • Terraform >= 1.0
  • Terraform Provider AWS 3.63.0
  • Terraform Provider Template 2.2.0

Deployment overview

Terraform deploys the following components:

  • A AWS VPC with 8 subnets. 4 subnets in one AZ. 4 subnets in second AZ.
  • Two FortiGate-VM (PAYG) instances with four NICs.
  • Two Network Security Group rules: one for external, one for internal.
  • Two Route tables: one for internal subnet and one for external subnet.

ha-architecture

Deployment

To deploy the FortiGate-VM to AWS:

  1. Clone the repository.
  2. Customize variables in the terraform.tfvars.example and variables.tf file as needed. And rename terraform.tfvars.example to terraform.tfvars.

Note

In the license_format variable, there are two different choices.
Either token or file. Token is FortiFlex token, and file is FortiGate-VM license file.

  1. Initialize the providers and modules:
    $ cd XXXXX
    $ terraform init
  2. Submit the Terraform plan:
    $ terraform plan
  3. Verify output.
  4. Confirm and apply the plan:
    $ terraform apply
  5. If output is satisfactory, type yes.

Output will include the information necessary to log in to the FortiGate-VM instances:

Outputs:

FGTActiveMGMTPublicIP = <Active FGT Management Public IP>
FGTClusterPublicFQDN = <Cluster Public FQDN>
FGTClusterPublicIP = <Cluster Public IP>
FGTPassiveMGMTPublicIP = <Passive FGT Management Public IP>
Password = <FGT Password>
Username = <FGT admin>

Destroy the instance

To destroy the instance, use the command:

$ terraform destroy

Support

Fortinet-provided scripts in this and other GitHub projects do not fall under the regular Fortinet technical support scope and are not supported by FortiCare Support Services. For direct issues, please refer to the Issues tab of this GitHub project. For other questions related to this project, contact [email protected].

License

License © Fortinet Technologies. All rights reserved.