Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mrashidi
Staff
Staff

Created on ‎10-17-2023 09:31 PM Edited on ‎10-24-2024 02:10 AM By Community Manager

Article Id 279476

Technical Tip: Resizing an AWS FortiGate-VM Active-Passive HA cluster with BYOL

Description 

 

This article describes how to safely resize an AWS Cloud FortiGate-VM Active-Passive HA cluster for the BYOL image, emphasizing the necessary prerequisites and step-by-step processes. The process is mostly the same in the other Cloud environments.

 

Scope          

 

AWS-FortiGate, FortiGate v7.0.x, v7.2.x, v7.4.x, v7.6.x.

 

Solution           

 

The resizing process is typically straightforward and efficient, but it is important to follow a few prerequisites:

  1.  Back up the FortiGate (FGT) configuration before making any changes.
  2.  Ensure that the FortiGate version is officially supported with the desired instance type.
  3.  Consider the licensing implications:
    • If using 'pay-as-you-go', the license will be automatically resized.
    • If using 'Bring the Own License (BYOL)', check the CPU limit.

Refer to the 'FortiGate Public Cloud > AWS Admin Guide' documentation page for each version.

 

Process:

  1. Back up the device configuration.
  2. Verify the HA settings and make sure the traffic still passing when failover happens.
  3. Make sure the new licenses support the number of vCPUs of the new instance type.
    1. Note: (It is still possible to install the new license either before or after changing the instance type).
  4. Power off the secondary FortiGate instance (FGT-B) from the AWS console and wait for the VM status to change to 'Stopped'.
    1. From Action Menu-> Instance settings, select Change instance type, select the desired new size for the VM, and select Apply.
    2. Now, Start the VM instance and make sure it's up and running. 
  5. On the secondary FortiGate (FGT-B) GUI, navigate to System -> FortiGuard and Select FortiGate VM License.
    1. Upload (Install) the new license file; It will reboot the FortiGate.
  6. Power off the primary FortiGate (FGT-A) from the AWS console, and wait for the VM status to change to 'Stopped'.
    1. Note: Failover will occur and the service may go down for a few seconds, 2 or 3 request time out.
    2. From Action Menu -> Instance settings select Change instance type, select the desired new size for the VM, and select Apply.
    3. Start the VM instance and make sure it's up and running.
  7. On the old primary FortiGate (FGT-A) GUI, navigate to System -> FortiGuard and Select FortiGate VM License.
    1. Upload (Install) the new license file; It will reboot the FortiGate.

Note:

At the end of the process, the FGT-B would be the primary.

 

Related documents:

FortiGate-VM AWS Datasheet

AWS | Change the instance type (size)

GitHub | FortiGate-VM Terraform Deploy Code on AWS

 

Related article:

Technical Tip: Resizing an Azure FortiGate VM instance

1388
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.