North-south security inspection in AWS.

Question

We have two VPC in AWS [Security, and Production] VPCs. We have deployed fortigate in Security VPC. In the designing phase we consider the fortigate to work as a Nat instance for all our private subnet including the on in the Production VPC.

From FortiOS - AWS Administration Guide, section Security inspection with Gateway Load Balancer
integration, part North-south security inspection to customer VPC. I have understood this can be accomplish by using Gateway Load Balancer. [https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e129c4eb-867b-11eb-9995-00505692583a/FortiOS_7.0_AWS_Administration_Guide.pdf]

My question is:

1- We have one fortigate do we need to deploy Gateway Load Balancer? if No need for the Load Balancer, then how?

2-If I have stablished site to site VPN between the fortigate and third parties, and one of the Production private EC2 need to reach it I can do this also right?

Thanks,

Anonymous_User · Answer

Hello Nemat,To answer your questions:1- The traffic needs to reach the Fortigate, so either with the GWLB as per documentation on page 192-193 or depending on your deployments perhaps another Fortigate/firewall. Although the former solution with the GWLB is a better way, ihmo.2- Again this depends on how you have done your deployment and your topology, but all firewalls should be capable of VPN (i.e. IPsec).For the GWLB, make sure you also have the latest firmware in your Fortigate. From the documentation i read that is using the Geneve protocol and it would be better to be on the latest firmware (i.e 6.4.10/7.0.8/7.2.2)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded