FortiGate-VM on AWS Discussions & Onboarding Information
Hannah_M
Community Manager
Community Manager

Start Here: Deploying FortiGate-VM from AWS Marketplace

 

Right-size Your Deployment

Before you subscribe, we recommend reviewing the FortiGate-VM on AWS datasheet, pages 6 and 7, to learn about the bandwidth, throughput, and specifications of each instance type and ensure the deployment fulfills your needs. 

 

You might also consider deploying with an Amazon Graviton-based EC2 instance for potential compute cost optimization.

 

Subscribe, Deploy, and Configure from AWS Marketplace

This 11-minute video walks you through how to subscribe, deploy, and configure FortiGate-VM from AWS Marketplace, with information on creating VPCs, subnets, routing tables, and connecting to the FortiGate-VM.  

 

 

Follow our QuickStart Workshop

You may also want to take our free, hands-on QuickStart Workshop, where an example corporation is migrating on premise apps and workloads to AWS.

 

It covers foundational AWS networking concepts such as symmetrical routing traffic in and out of VPCs for various traffic flows, how to use FortiGate instances in AWS to secure inbound, outbound, and East/West traffic flows, and how FortiGate resolves concerns and requirements when migrating applications & workloads to public cloud. 

 

 

AWS CloudFormation Templates, Terraform Templates, and more

Note: You must first be subscribed to FortiGate-VM via AWS Marketplace. These deployment templates will not automatically subscribe users. 

 

AWS CloudFormation Templates, Terraform Templates, scripts and other content are available on GitHub to help you get started with Fortinet Solutions in AWS: https://github.com/FortinetCloudCSE/.github/tree/main/profile/AWS 

 

These include:

  • FortiGate Standalone

  • FortiGate FGCP HA Dual AZ (use cases)

  • FortiGate FGCP HA Single AZ 

  • FortiGate & Gateway Load Balancer (use cases)

  • FortiGate Active-Active & Transit Gateway Connect

  • FortiGate FGCP HA Dual AZ & Transit Gateway Connect

  • FortiGate Auto Scale

 

Complete Documentation 

The AWS Administration Guide offers complete step-by-step documentation and information for the latest versions, and can be found here:

https://docs.fortinet.com/document/fortigate-public-cloud/7.4.0/aws-administration-guide/706955/depl... 

 

You can view guides for your current FortiOS deployment by choosing from the dropdown menu: Screenshot 2024-03-14 at 10.26.18 AM.png

 

You can also find our complete AWS Cloud Security documentation library here: https://docs.fortinet.com/cloud-solutions/aws 

 

 

Setting up a Support Account 

We also encourage you to register your on-demand instances with FortiCloud so that you can create a support account. Details are available here: 
https://docs.fortinet.com/document/fortigate-public-cloud/7.4.0/aws-administration-guide/315515/on-d... 

 

 

Additional Information

You may next want to explore the following:

  1.  Optimizing your compute costs by using AWS Graviton-based instances: https://community.fortinet.com/t5/FortiGate-VM-on-AWS-Onboarding/Optimizing-Your-Compute-Costs-with-... 
  2. Streamlining your licensing and provisioning with FortiFlex: https://community.fortinet.com/t5/FortiGate-VM-on-AWS-Onboarding/Utilizing-FortiFlex-with-AWS/td-p/3... 
  3. View our Technical Learning hub for more information on topics like AWS integrations, SD-WAN, and more: https://community.fortinet.com/t5/FortiGate-VM-on-AWS-Technical/bg-p/fortigate-vm-on-awsblog-board 
5 REPLIES 5
Happii
New Contributor II

The datasheet (page 6-7) provides the specifications of model VM01, VM02.... But on the pricing page on the AWS listing with its EC2 model. How can map these items accordingly? Or enterprise has to pay both: the AWS and to Fortinet Reseller?

Gallego

Hi Happii, in datasheet you will see the performance based on C6in family. You have two main options on using FortiGate: BYOL or PAYG.

BYOL: is used when you already have a FortiGate VM license bought from a reseller or using FortiFlex. In this case you dont need to pay for license in AWS, you will only pay for AWS EC2 instance usage. This is the marketplace page https://aws.amazon.com/marketplace/pp/prodview-lvfwuztjwe5b2?sr=0-1&ref_=beagle&applicationId=AWSMPC...

PAYG: is used when you dont have a FortiGate VM license already bought. So you pay for AWS EC2 instance usage and FortiGate licensing. This is the page https://aws.amazon.com/marketplace/pp/prodview-wory773oau6wq?sr=0-1&ref_=beagle&applicationId=AWSMPC...


In both cases, the performance, mentioned on datasheet is the same.

Happii
New Contributor II

Thank you Gallego!

Happii
New Contributor II

Hi Gallego,

One more question. I would like to host a Fortigate on AWS using BOYL. How many vCPU and vCPU type should be chosen to make a similar capability like the Fortigate 101F ?

thanks,

Gallego

You can compare both datasheets to give you a direction. For example, NGFW throughput is similar to VM04. However, these are "standard" values and probably your traffic will be somehow different. I'd go with the data you will use in AWS and the security features enabled to size it correctly.

 

Physical devices are very different from VMs, due to ASIC processors. If you are going to use BYOL, your Fortinet partner can also help you with these questions.

Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Top Kudoed Authors