reference deployment

Fortinet FortiGate Auto Scaling Baseline on AWS

Mid-range next-generation firewalls for multi-layered advanced security

This Quick Start automatically deploys Fortinet FortiGate Auto Scaling Baseline into a new or existing virtual private cloud (VPC) on the Amazon Web Services (AWS) Cloud in about 15 minutes.

FortiGate Next-Generation Firewall technology delivers content and network protection by combining stateful inspection with a comprehensive suite of powerful security features. Application control, antivirus, intrusion prevention system (IPS) technology, web filtering, and virtual private network (VPN) along with advanced features such as an extreme threat database, vulnerability management, and flow-based inspection work in concert to identify and mitigate complex security threats. The security-hardened FortiOS operating system is purpose-built for inspection and identification of malware and supports direct Single Root I/O Virtualization (SR-IOV) for higher and more consistent performance.

This Quick Start is intended to be a baseline for IT infrastructure architects, administrators, and DevOps professionals who plan to implement or extend Fortinet’s Security Fabric workloads on the AWS Cloud.

cisco logo

This Quick Start was developed by Fortinet, Inc. in collaboration with AWS. Fortinet, Inc. is an
APN Partner.

  •  What you'll build
  •  How to deploy
  •  Cost and licenses
  •  What you'll build
  • The Quick Start sets up the following:

    • A highly available architecture that spans two Availability Zones.*
    • A VPC configured with public and private subnets, according to AWS best practices, to provide you with your own virtual network on AWS.*
    • An internet gateway to allow access to the internet.*
    • In the public subnets, FortiGates that act as NAT gateways, allowing outbound internet access for resources in the private subnets.*
    • In the public subnets, a FortiGate host in an Auto Scaling group complements AWS security groups to provide intrusion protection, web filtering, and threat detection to help protect your services from cyber attacks. It also allows VPN access by authorized users.
    • An externally facing Network Load Balancer. An internally facing Network Load Balancer is optional.
    • Amazon API Gateway, which acts as a front door by providing a callback URL for the FortiGate Auto Scaling group.
    • AWS Lambda, which allows you to run certain scripts and code without provisioning servers.
    • An Amazon DynamoDB database that uses Fortinet-provided scripts to store information about Auto Scaling condition states.

    * The template that deploys the Quick Start into an existing VPC skips the tasks marked by asterisks and prompts you for your existing VPC configuration.

  •  How to deploy
  • To deploy Fortinet FortiGate Auto Scaling Baseline on AWS, follow the instructions in the deployment guide. The deployment process includes these steps:

    1. If you don't already have an AWS account, sign up at https://aws.amazon.com.
    2. Subscribe to Fortinet FortiGate Next-Generation Firewall in AWS Marketplace.
    3. Launch the Quick Start. You can choose from two options:
    4. Test the deployment.
  •  Cost and licenses
  • You are responsible for the cost of the AWS services used while running this Quick Start reference deployment. There is no additional cost for using this Quick Start.

    The AWS CloudFormation template for this Quick Start includes configuration parameters that you can customize. Some of these settings, such as instance type, will affect the cost of deployment. For cost estimates, see the pricing pages for each AWS service you will be using. Prices are subject to change.

    Tip     After you deploy the Quick Start, we recommend that you enable the AWS Cost and Usage Report to track costs associated with the Quick Start. This report delivers billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. It provides cost estimates based on usage throughout each month, and finalizes the data at the end of the month. For more information about the report, see the AWS documentation.

    This Quick Start requires a subscription to the Amazon Machine Image (AMI) for Fortinet FortiGate Next-Generation Firewall, which is available with per-hour pricing from AWS Marketplace.