Description
A FortiGate-VM deployed on AWS can create a dynamic address based on an AWS Fabric connector and use an auto scaling group (ASG) filter to obtain ASG members' primary IP addresses or NICs.
This article describes this feature.
Solution
You can use this feature for load balancing to optimize network efficiency.
To create an address with an ASG filter from GUI.
1) In FortiOS, go to Policy & Objects -> Addresses.
2) Select 'Create New', then select 'Address'.
3) Enter the address name. From the Type dropdown list, select 'Dynamic'.
4) From the Sub Type dropdown list, select' Fabric Connector Address'.
5) From the SDN Connector dropdown list, select the 'AWS Fabric connector'.
6) In the Filter fields, enter the desired filter. In this example, enter AutoScaleGroup=<ASG ID> in the Filter field.
7) From the Interface dropdown list, select an interface where the fabric connector covers where relevant.
8) Select 'OK'. Once saved, FortiOS lists the address under Policy & Objects -> Addresses.
A FortiGate-VM deployed on AWS can create a dynamic address based on an AWS Fabric connector and use an auto scaling group (ASG) filter to obtain ASG members' primary IP addresses or NICs.
This article describes this feature.
Solution
You can use this feature for load balancing to optimize network efficiency.
To create an address with an ASG filter from GUI.
1) In FortiOS, go to Policy & Objects -> Addresses.
2) Select 'Create New', then select 'Address'.
3) Enter the address name. From the Type dropdown list, select 'Dynamic'.
4) From the Sub Type dropdown list, select' Fabric Connector Address'.
5) From the SDN Connector dropdown list, select the 'AWS Fabric connector'.
6) In the Filter fields, enter the desired filter. In this example, enter AutoScaleGroup=<ASG ID> in the Filter field.
7) From the Interface dropdown list, select an interface where the fabric connector covers where relevant.
8) Select 'OK'. Once saved, FortiOS lists the address under Policy & Objects -> Addresses.
To create an address with an ASG filter from CLI:
https://docs.fortinet.com/document/fortigate/6.4.0/new-features/805767/support-filtering-on-aws-auto...
# config firewall addressReference document:
edit "aws-asg-addr1"
set uuid 82e26cea-756e-51ea-d322-4259d3db301b
set type dynamic
set sdn "aws-sdn"
set filter "AutoScaleGroup=10703c-4f731e90-fortigate-payg-auto-scaling-group"
# config list
edit "192.168.0.137"
next
edit "192.168.1.218"
next
end
next
end
https://docs.fortinet.com/document/fortigate/6.4.0/new-features/805767/support-filtering-on-aws-auto...
