Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Vbharath_FTNT
Staff
Staff

Created on ‎01-13-2017 04:08 AM

Article Id 189962

Technical Note: FortiGate instance on Amazon AWS EC2 is repeatedly rebooting

Description
FortiGate instance on Amazon AWS can go in to a reboot loop with specific design/configuration.

Scope
FortiGate, Amazon AWS EC2

Solution
In some cases this may be due to the instance being placed behind a load balancer or another Layer 3 device which would point the default route to an IP address different from the AWS router.  This may lead to the instance going into a reboot loop.

The FortiGate instance on Amazon AWS should be reachable to any of the intrinsic router in AWS VPC subnets configured.

The intrinsic router is the first useable IP address of a VPC subnet.

To fix this issue:
Configure at least one default route on the FortiGate instance pointing to AWS router.

Or

Configure a static route "169.254.169.254" on any configured interface with gateway set to AWS router.
169.254.169.254 is the Amazon EC2 internal IP, the instances use this IP to access various metadata.

Configuration CLI
config router static
edit <id>
set dst 169.254.169.254 255.255.255.255
set gateway x.x.x.x       ----> AWS router IP
set device <interface name>
end

1565
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.