fortinet/fortigate-autoscale-aws

Autoscale instances standalone instead of HA

Malakii opened this issue · 3 comments

Instances deployed via the Autoscale group seem to be in a standalone configuration, not in an HA setup as expected.

  1. There is no "AutoscaleRole" tag available to determine which instance is primary
  2. The admin password once changed on one server, doesn't propagate the change to the other server
  3. After connecting to one of the instances, going to System -> HA shows the instance in Standalone mode

The PrimaryElection DynamoDB table doesn't have any items either.

Hi @Malakii could you please provide information about the deployment parameter you used?

Thanks for the reply @JaydenLiang, below are the parameters used with the Cloudformation template for a PAYG-only model. Instances were set to 1 for testing, but the ASG was later upped to 2 for desired capacity, min, and max. This deployment was in GovCloud if that's relevant.

Let me know if there's any other info or logs I can provide! Thanks for the help!

Key | Value | Resolved value
AutoscaleNotificationSubscriberEmail | ******* | -
CustomAssetContainer | - | -
CustomAssetDirectory | - | -
CustomIdentifier | fgtASG | -
FgtAsgCooldown | 300 | -
FgtAsgDesiredCapacityByol | 0 | -
FgtAsgDesiredCapacityPayg | 1 | -
FgtAsgHealthCheckGracePeriod | 300 | -
FgtAsgMaxSizeByol | 0 | -
FgtAsgMaxSizePayg | 1 | -
FgtAsgMinSizeByol | 0 | -
FgtAsgMinSizePayg | 1 | -
FgtAsgScaleInThreshold | 25 | -
FgtAsgScaleOutThreshold | 80 | -
FortiAnalyzerAutoscaleAdminPassword | **** | -
FortiAnalyzerAutoscaleAdminUsername | - | -
FortiAnalyzerCustomPrivateIpAddress | - | -
FortiAnalyzerInstanceType | t2.medium | -
FortiAnalyzerIntegrationOptions | no | -
FortiAnalyzerVersion | 6.4.7 | -
FortiGateAdminCidr | ******* | -
FortiGateAdminPort | 8443 | -
FortiGateInstanceType | t2.small | -
FortiGatePskSecret | **** | -
FortiOSVersion | 7.0.3 | -
GetLicenseGracePeriod | 600 | -
HeartBeatDelayAllowance | 2 | -
HeartBeatInterval | 30 | -
HeartBeatLossCount | 10 | -
InternalLoadBalancerDnsName | - | -
InternalLoadBalancingOptions | add a new internal load balancer | -
InternalTargetGroupHealthCheckPath | / | -
KeyPairName | ******* | -
LifecycleHookTimeout | 480 | -
LoadBalancingHealthCheckThreshold | 3 | -
LoadBalancingTrafficPort | 443 | -
LoadBalancingTrafficProtocol | HTTPS | -
PrimaryElectionTimeout | 300 | -
PrivateSubnet1 | subnet-********* | -
PrivateSubnet2 | subnet-********* | -
PrivateSubnetRouteTable | - | -
PublicSubnet1 | subnet-******* | -
PublicSubnet2 | subnet-******* | -
ResourceTagPrefix | fgtASG | -
S3BucketName | *********** | -
S3KeyPrefix | deployment-package/ | -
SyncRecoveryCount | 3 | -
TerminateUnhealthyVm | no | -
UseCustomAssetLocation | no | -
VpcCidr | ********** | -
VpcEndpointId | vpce-0935f1a52cf6e6d5c | -
VpcId | vpc-*********