Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Francesko
Staff
Staff

Created on ‎01-28-2025 05:36 AM Edited on ‎01-28-2025 05:40 AM By Moderator

Article Id 373128

Technical Tip: Enabling EBS volume encryption of a FortiGate VM on AWS

Description The article describes how to enable EBS volume encryption in an existing FortiGate VM deployment on AWS.
Scope FortiGate VM on AWS.
Solution

AWS EBS disk encryption is a host-based feature, meaning it operates transparently to the FortiGate-VM OS. However, it is important to ensure that the necessary permissions and access to the KMS or other encryption keys are in place when enabling encryption.

 

In an existing FortiGate VM on AWS, additional steps should be followed to enable encryption of the EBS volume after the initial deployment:

 

  1. Take a backup of the configuration file and take a snapshot of the existing, not encrypted EBS volume.

1.png

 

  1. Create an encrypted copy from the taken snapshot of the EBS volume.

2.png

 

3.png

 

  1. Create a new volume from the encrypted snapshot copy.

Note: The availability zone of the new volume should be the same as the instance availability zone.

 

4.png

 

  1. Shutdown the FortiGate VM from the CLI and stop the instance from the AWS Portal.

5.png

 

  1. Detach the unencrypted EBS volume and attach the newly created volume.

6.png

 

  1. Turn the FortiGate instance back on.

 

7.png

 

Related documents:
228
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.