1. aws https://www.fortinet.com/content/dam/fortinet/assets/solutions/aws/FortiGate-AWS-Engineering-Reference-Document-Q4-2015.pdf 

2. https://geekdudes.wordpress.com/2018/07/18/install-fortigate-amazon-ec2-instance/ 

3. https://geekdudes.wordpress.com/2018/08/19/creating-static-route-in-aws-ec2-fortigate-instance/ 

Many documents forget SG(security group) 

1. FortiGate VM SG need Inbound rules:

All traffic All All 10.0.0.0/16

2. Private VM SG need  Inbound rules:

All traffic All All 10.0.0.0/16

Setting finish.

First fortigate cmd:

execute ping Private VM private ip. Need success.

Second in private vm cmd:

ping FortiGate Lan ip. Need success. Don’t forgate Check “Ping” option.

ping 10.0.1.1. Need success.

Now 

ping 8.8.8.8  Must success.

=============

FortiGate 6.x 

Network/Interfaces

port 1 (alias: WAN) 10.0.0.xxx  “Role” Not Import.

port 2 (alias: LAN)  10.0.1.xxx  “Role” Not Import. And “Retrieve default gateway from server"Not Import. Need Check “Ping” option.

Static Routes

Subnet  0.0.0.0./0.0.0.0  

Gateway Address 10.0.0.1

port1 Wan

……… follow Link 2.3.

Firwall Polic

Best Import is port2(Lan) -> port1(Wan)