Currently we have an AWS powered FortiGate VM in the cloud with BYOL licensing.
Due to our IPSec Tunnels and overall design we cannot allow major outages when performing upgrades so in order to minimize the downtime I would like to spin up another EC2 backed FortiGate VM (also BYOL) that runs the desired FortiOS version.
Once the new instance is up I would like to apply the original instance's configuration so see if the new OS works as expected. During this testing period (while I confirm if the system is up & running) both VMs with the same license would be running in parallel. Once the new VM is confirmed to be ready to take over (IPSec Tunnels come up, SSL VPN works) I would route the traffic to the new instance and terminate the old FortiGate instance.
Basically I want to avoid the situation of having my initial FortiGate blocked due to having multiple instance running the same license.
My questions are the following:
1) Would it be possible to run both instances with the same BYOL license in parallel for the testing period?
(It would take maximum an hour)
2) Would it be possible to spin up the new instance with BYOL licensing model, configure it, verify its operation & add the license ONLY if everything is working as expected?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.