Feature Introduction
AWS Cloud WAN
AWS Cloud WAN provides a central dashboard for making connections between your branch offices, data centers, and Amazon Virtual Private Clouds (Amazon VPCs)—building a global network with only a few clicks. You use network policies to automate network management and security tasks in one location. Cloud WAN generates a complete view of your on-premises and AWS networks to help you monitor network health, security, and performance.
Fortinet SD-WAN
Fortinet SDWAN (software-defined wide-area network) solution enables enterprises to transform and secure all WAN edges. Leveraging the Security-driven Networking approach that uses one operating system and one centralized management console, enterprises realize superior user experience, enhanced security posture effectiveness with converged networking and security, and achieve operational continuity and efficiency. Fortinet FortiGate delivers fast, scalable, and flexible Secure SD-WAN for cloud-first, security-sensitive, and global enterprises. Our Security-Driven Networking approach consolidates SD-WAN, next-generation firewall (NGFW), and advanced routing.
Zenlayer
Zenlayer offers on-demand edge cloud services in over 270 PoPs around the world, with expertise in fast-growing emerging markets like India, China, and South America. Businesses utilize Zenlayer's global edge cloud platform to instantly improve digital experiences for their users with ultra-low latency and worldwide connectivity on demand.
Example Description
In the previous example, we use the integration of AWS Cloud-WAN and Fortinet SD-WAN to realize direct connection communication of enterprise branches based on the secure connection between SD-WAN POPs, so that the management terminal of the Singapore office can quickly connect to the equipment of the Virginia plant through SD-WAN network security. Securely transfer corporate data.
For details, see:
https://fusecommunity.fortinet.com/blogs/alan/2022/10/27/aws-cloud-wan-integration-fortinet-sd-wan-3
In this example, in order to securely and quickly transfer the operating data of the Vietnam factory equipment to the business system deployed in AWS, we solved the problem that AWS does not have an availability zone coverage in Vietnam through the network resources of our partner Zenlayer, so as to optimize the network experience between the Vietnam factory and the business system deployed on AWS, and based on Fortinet SD-WAN Performance SLA and intelligent routing allow Vietnam factories to maintain a secure and effective network connection with business systems deployed on AWS for the secure and stable transmission of enterprise data.
Architecture:
Configuration Instructions
Address information:
|
Site |
SD-WAN IP Address |
LAN IP/Netmask |
|
Business EC2 |
- |
10.0.2.80/24 |
|
Singapore POP |
10.0.254.254 |
- |
|
Vietnam POP |
10.254.21.254 |
- |
|
Vietnam Factory |
10.254.21.1 10.0.254.2 |
192.168.90.2/24 |
AWS Configurations
Create a Virtual Private Gateway,Used to bind connection Direct Connect resources
Accept and activate Direct Connect
Create a Virtual Interface,Fill in the Direct Connect profile information, bind to the previously established Virtual Private Gateway.
Bind Virtual Private Gateway to business VPC
Configure route propagation for the Business VPC and enable the Virtual Private Gateway
Disable network source/destination inspection of EC 2 hosts in business systems to allow other IP addresses outside the VPC to communicate with EC2 hosts
Vietnam POP Configurations
Configure the Port2 interface IP address as the interconnect address of the AWS Virtual Interface
Enable BGP, configure neighbor information for Vietnam POP and AWS Virtual Interface, and local network information
Create an IPSec Tunnel called SD-WAN to provide SD-WAN access services to the Vietnam plant
Configure the SD-WAN interface IP address information and access permissions
Configure the Vietnam factory to access the Firewall Policy of AWS business systems through SD-WAN
Vietnam Factory FortiGate Configurations
Configure SD-WAN access from Vietnam factory to Vietnam POP
Configure SD-WAN access from the Vietnam factory to the Singapore POP
Configure SD-WAN Zones and add port1, sdwan01, sdwan02 to Virtual WAN Link
Set SD-WAN Performance SLA
Set SD-WAN Rules
Verify
When the SD-WAN is in the normal state, the data traffic of the uploaded service system goes through the SD-WAN connection of Vietnam POP
If the SD-WAN connection service test of Vietnam POP is abnormal, the data traffic uploaded to the service system goes to the SD-WAN connection of Singapore POP
