Alan_Chen
Staff
Staff

Feature Introduction

AWS Cloud WAN

AWS Cloud WAN provides a central dashboard for making connections between your branch offices, data centers, and Amazon Virtual Private Clouds (Amazon VPCs)—building a global network with only a few clicks. You use network policies to automate network management and security tasks in one location. Cloud WAN generates a complete view of your on-premises and AWS networks to help you monitor network health, security, and performance.

 

Fortinet SD-WAN

Fortinet SDWAN (software-defined wide-area network) solution enables enterprises to transform and secure all WAN edges. Leveraging the Security-driven Networking approach that uses one operating system and one centralized management console, enterprises realize superior user experience, enhanced security posture effectiveness with converged networking and security, and achieve operational continuity and efficiency. Fortinet FortiGate delivers fast, scalable, and flexible Secure SD-WAN for cloud-first, security-sensitive, and global enterprises. Our Security-Driven Networking approach consolidates SD-WAN, next-generation firewall (NGFW), and advanced routing.

 

Zenlayer

Zenlayer offers on-demandedgecloud services in over 270 PoPs around the world, with expertise in fast-growing emerging markets like India, China, and South America. Businesses utilize Zenlayer's global edge cloud platform to instantly improve digital experiences for their users with ultra-low latency and worldwide connectivity on demand.

 

Example Description

In the previous example, we use the integration of AWS Cloud-WAN and Fortinet SD-WAN to realize direct connection communication of enterprise branches based on the secure connection between SD-WAN POPs, so that the management terminal of the Singapore office can quickly connect to the equipment of the Virginia plant through SD-WAN network security. Securely transfer corporate data.

For details, see:

https://fusecommunity.fortinet.com/blogs/alan/2022/10/27/aws-cloud-wan-integration-fortinet-sd-wan-3

 

In this example, in order to securely and quickly transfer the operating data of the Vietnam factory equipment to the business system deployed in AWS, we solved the problem that AWS does not have an availability zone coverage in Vietnam through the network resources of our partner Zenlayer, so as to optimize the network experience between the Vietnam factory and the business system deployed on AWS, and based on Fortinet SD-WAN Performance SLA and intelligent routing allow Vietnam factories to maintain a secure and effective network connection with business systems deployed on AWS for the secure and stable transmission of enterprise data.

 

Architecture:
MessageImages_5142285666314d5b8ee72d87d7cc965e.png

Configuration Instructions

Address information:

Site

SD-WAN

IP Address

LAN

IP/Netmask

Business EC2

-

10.0.2.80/24

Singapore POP

10.0.254.254

-

Vietnam POP

10.254.21.254

-

Vietnam Factory

10.254.21.1

10.0.254.2

192.168.90.2/24

AWS Configurations

Create a Virtual Private Gateway,Used to bind connection Direct Connect resources

MessageImages_96a678b72ea4469199a8e88eb4e6c527.png

Accept and activate Direct Connect

MessageImages_522ab159b51045a0b646c483e3933291.png

Create a Virtual Interface,Fill in the Direct Connect profile information, bind to the previously established Virtual Private Gateway.

MessageImages_2049d9eef8a34c4f94085308b2f64bd2.pngMessageImages_fef114a605144b24ab4e75f7f2967ac1.png

Bind Virtual Private Gateway to business VPC

MessageImages_948d018412e6492da83fbf85e6f94f4c.png

Configure route propagation for the Business VPC and enable the Virtual Private Gateway

MessageImages_3b6c9ce174d1489492511fe60410a264.png


Disable network source/destination inspection of EC 2 hosts in business systems to allow other IP addresses outside the VPC to communicate with EC2 hosts
MessageImages_c0c426f54cf7430e84910777ea3c8cd2.png

Vietnam POP Configurations

Configure the Port2 interface IP address as the interconnect address of the AWS Virtual Interface

MessageImages_e3f0b246839a4a5dba705ee9cca81186.png


Enable BGP, configure neighbor information for Vietnam POP and AWS Virtual Interface, and local network information

MessageImages_08879e90363d4874b653440a3b477a82.png


Create an IPSec Tunnel called SD-WAN to provide SD-WAN access services to the Vietnam plant

MessageImages_ed5c2d1c1e004b27bfbbdce8c1d02e3a.png 

Configure the SD-WAN interface IP address information and access permissions

MessageImages_606bf683c909422098369868dd6edc0c.png 

Configure the Vietnam factory to access the Firewall Policy of AWS business systems through SD-WAN
MessageImages_074d4919b15849b4b978401427b6804e.png

Vietnam Factory FortiGate Configurations

Configure SD-WAN access from Vietnam factory to Vietnam POP

MessageImages_c137091c5e674d16814e212ba8e3d7e3.pngMessageImages_c6fa56b2be13490fa1558b1e579e4501.png

Configure SD-WAN access from the Vietnam factory to the Singapore POP

MessageImages_ad5d45db2f6e4ae8a10af12e35c2108b.pngMessageImages_682fd684c7f844cb8c2968bda8c15119.png

Configure SD-WAN Zones and add port1, sdwan01, sdwan02 to Virtual WAN Link

MessageImages_cd426549d6c644519fc91c28eba3f03b.png 

Set SD-WAN Performance SLA

MessageImages_5afefcb68f1342dfbe8571a4c4d74597.png


Set SD-WAN Rules
MessageImages_e2ff242f976e4974845236caf8b71a79.png

Verify

When the SD-WAN is in the normal state, the data traffic of the uploaded service system goes through the SD-WAN connection of Vietnam POP

MessageImages_f26ef85bcc08414c94507cd235b37014.pngMessageImages_2c3e2b9d5998420595a355622fb967ed.png

If the SD-WAN connection service test of Vietnam POP is abnormal, the data traffic uploaded to the service system goes to the SD-WAN connection of Singapore POP
MessageImages_f36d3f231134466dbead8a4366f8f1ae.pngMessageImages_da3f8d2c648d4e5ab22e62b711a410c3.png