Technical Tip: How to change HA AutoScale PSK Secret when deployed from AWS CloudFormation

Description

This article describes how to change PSK Secret on AWS HA auto-scale FortiGate setup. This was initially deployed with AWS Cloud Formation. 

Scope

FortiGate VM on AWS.

Solution

1. FortiGate auto scale is deployed using CloudFormation: Deploy FortiGate VM with auto-scale.
   
   
2. Change HA auto-scale PSK Secret on FortiGate auto-scale Primary.

config system auto-scale

(auto-scale) #

(auto-scale) # set psksecret fortinetnew

end

3. Change it on Dynamo DB via AWS Management Console. If this is not updated, the new FortiGate instance will not be synced when scale-out will be triggered.

    

   Dynamo DB -> Explore Items -> Select *-Settings -> Scroll down -> Select fortigate-psk-secret -> Enter new password -> Save and Close.

    

   

    

   

    

   

    

    

4. Verify the auto-scale HA by terminating the Secondary FortiGate instance. A new FortiGate instance will be launched and will be synced with the Primary auto-scale FortiGate.