Skip to main content
SSUPPORT
SSUPPORT
New Member
September 8, 2023
Question

AWS GWLB cross AZ

  • September 8, 2023
  • 3 replies
  • 1737 views

In reference to the below article.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-GEneric-NEtwork-Virtualization/ta-p/228212

The below traffic config 

config system geneve

    edit "consumer"             

        set interface "port1"

        set type ppp    <- case where the internal packet has no Ethernet Header.

        set remote-ip 10.4.1.22 <- GENEVE tunnel remote peer IP address.            

    next

end

 

1. In the above config , when we deploy customer VPC in 2 AZs and with 2 GWLBendpoints

 

2. What do we configure on the GENEVE interface as remote iP , will this be the GWLB IP address from the same subnet as Security VPC  or the Remote GWLBe endpoint IP address

 

3 replies

Anthony_E
Staff
Anthony_E
Staff
September 11, 2023

Hello SSUPPORT,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
September 13, 2023

Hello SSUPPORT,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Best Regards
saneeshpv_FTNT
Staff
saneeshpv_FTNT
Staff
September 18, 2023

Hi @SSUPPORT ,

 

Not sure if you have seen this article.

 

https://aws.amazon.com/blogs/networking-and-content-delivery/integrate-your-custom-logic-or-appliance-with-aws-gateway-load-balancer/

 

Anyway, based on the flow explained in this article, your Security appliance (ex: FGT here) should be configured the Remote IP as the IP address of GWLB and not GWLBE. One GWLB can be connected to many GWLBEs.

 

Not sure if this clarifies your questions. If not please open a case with Fortinet Support for additional help.

 

Best Regards,
Saneesh

    Terms & ConditionsAccessibility statement