Skip to main content
x_member
x_member
New Member
November 4, 2016
Question

How to safely permit traffic to an Amazon AWS hosted site (Cloudfront)

  • November 4, 2016
  • 1 reply
  • 4854 views

Running 5.2.7 on a FGT60D and one of the sites that we programmatically retrieve data from has moved recently to Amazon's hosting service. Previously this traffic was permitted using the site FQDN, however as I understand it this can now resolve to a number of different IPs depending on server load etc. - data retrieval is failing periodically now.

 

What is the best practice for permitting traffic to a specific URL hosted in this way? 

 

    1 reply

    x_member
    x_memberAuthor
    New Member
    November 14, 2016

    In the absence of any responses I've been experimenting with Application Control and WebFilter policies without success. 

    I now have a ticket raised with Fortinet Support for assistance but would still appreciate any insights that the community could share.

     

     

    emnoc
    emnoc
    New Member
    November 14, 2016

    You could  use   a  FQDN style  dans records in  5.4.x and with a short ttl, but ideally I would use a    ipsec tunnel to the VPC

     

    Ken

    x_member
    x_memberAuthor
    New Member
    November 15, 2016

    emnoc wrote:

    You could  use   a  FQDN style  dans records in  5.4.x and with a short ttl, but ideally I would use a    ipsec tunnel to the VPC

     

    Ken

    Thanks for responding however I'm not sure I understand; I should also have specified that we're using a FGT60 on 5.2.7 waiting on bugfixes for SSL DPI on inbound traffic before doing any firewall upgrades. The hosted site is an external resource (UK government) providing healthcare data that we make available to clients, so I'm not sure how the IPSec tunnel solution would apply?

    Does 5.2.x permit the same FQDN approach?

    Terms & ConditionsAccessibility statement