Help
Blogs

AWS Cloud-WAN integration Fortinet SD-WAN for secure branch networking

Alan_Chen
Staff
Staff
‎10-26-2022 09:22 PM

Feature Introduction

AWS Cloud WAN

AWS Cloud WAN provides a central dashboard for making connections between your branch offices, data centers, and Amazon Virtual Private Clouds (Amazon VPCs)—building a global network with only a few clicks. You use network policies to automate network management and security tasks in one location. Cloud WAN generates a complete view of your on-premises and AWS networks to help you monitor network health, security, and performance.

 

Fortinet SD-WAN

Fortinet SDWAN (software-defined wide-area network) solution enables enterprises to transform and secure all WAN edges. Leveraging the Security-driven Networking approach that uses one operating system and one centralized management console, enterprises realize superior user experience, enhanced security posture effectiveness with converged networking and security, and achieve operational continuity and efficiency. Fortinet FortiGate delivers fast, scalable, and flexible Secure SD-WAN for cloud-first, security-sensitive, and global enterprises. Our Security-Driven Networking approach consolidates SD-WAN, next-generation firewall (NGFW), and advanced routing.

 

Example Description

In the previous example, we use the integration of AWS Cloud-WAN and Fortinet SD-WAN to achieve cloud-network convergence of enterprise services, so that enterprise employees can quickly access internal applications deployed on AWS in any branch office.

For details, see:

https://fusecommunity.fortinet.com/blogs/alan/2022/10/08/aws-cloud-wan-integration-fortinet-sd-wan-1

 

In this example, we use the integration of AWS Cloud-WAN and Fortinet SD-WAN to realize direct connection communication of enterprise branches based on the secure connection between SD-WAN POPs, so that the management terminal of the Singapore office can quickly connect to the equipment of the Virginia plant through SD-WAN network security. Securely transfer corporate data.

 

Architecture:

MessageImages_2c538eb9c4f04a9d81c2a1c2f52482a5.png

Configuration Instructions

Address information:

Site

SD-WAN

IP Address

POP Tunnel

IP Address

LAN

IP/Netmask

Virginia

POP

10.0.255.254

10.0.12.1

-

Virginia

Factory

10.0.255.1

-

192.168.20.2/24

Singapore

POP

10.0.254.254

10.0.12.2

-

Singapore

Branch

10.0.254.1

-

192.168.101.2/24

 

Virginia POP Configurations

Enable BGP, configure neighbor information for Virginia factory and Singapore POP, as well as local network information

  • Set "Local AS" to "65401"
  • Create new Neighbor, set "IP" to "10.0.255.1", "Remote AS" to "65411"
  • Create new Neighbor, set "IP" to "10.0.12.2", "Remote AS" to "65402"
  • Set "Networks" to "10.0.255.0/24"

MessageImages_243e52a1f7ed43cab2b27e8c9a2728d6.png 

Configure a firewall policy on the Singapore office intranet to access the Virginia factory intranet

  • Set "Incoming Interface" to "Singapore"
  • Set "Outgoing Interface" to "SD-WAN"
  • Set "Source" to "192.168.101.0/24"
  • Set "Destination" to "192.168.20.0/24"

MessageImages_931b29dddff54fbe9107972ef1c18d1a.png

Singapore POP Configurations

Enable BGP, configure neighbor information for Singapore office and Virginia POP, as well as local network information

  • Set "Local AS65402"
  • Create new Neighbors, set "IP" to "10.0.254.1", "Remote AS" to "65421"
  • Create new Neighbors, set "IP" to "10.0.12.1", "Remote AS" to "65401"
  • Set "Networks" to "10.0.254.0/24"

MessageImages_15cb3aa76c4f4877b22fe00575022c96.png

Configure a firewall policy on the Singapore office intranet to access the Virginia factory intranet

  • Set "Incoming Interface" to "SD-WAN"
  • Set "Outgoing Interface" to "Virginia"
  • Set "Source" to "192.168.101.0/24"
  • Set "Destination" to "192.168.20.0/24"

MessageImages_6ff22bef474e44e48300e2400af2ba48.png

Singapore Branch Configurations

Enable BGP, configure the neighbor information for Singapore POP, as well as the local network information

  • Set "Local AS" to "65421"
  • Create new Neighbor, set "IP" to " 10.0.254.254", "Remote AS" to "65402"
  • Set "Networks" to "192.168.101.0/24"

MessageImages_0776ad5180364dcaa251940c44c3dbb5.png

Configure SD-WAN Rules to have traffic from the Singapore office to the Virginia facility flow out of SDWAN01

  • Set "Source" to "192.168.101.0/24"
  • Set " Destination" to "192.168.20.0/24"
  • Set "Outgoing Interface" to "sdwan01"

MessageImages_8b273a7110974b189f46b51426cf59e5.png 

Configure firewall policies for the Singapore office to access the Virginia facility

  • Set "Incoming Interface" to "port10"
  • Set "Outgoing Interface" to "virtual-wan-link"
  • Set "Source" to "192.168.101.0/24"
  • Set "Destination" to "192.168.20.0/24"

MessageImages_d272526a42434131a2ef426b5bf2230f.png 

Virginia Factory Configurations

Enable BGP, configure the neighbor information for Singapore POP, as well as the local network information

  • Set "Local AS" to "65411
  • Create New "Neighbor", Set "IP" to "10.0.255.254", "Remote AS" to "65401"
  • Set "Networks" to "192.168.20.0/24"

MessageImages_04bb3b63c3b345859e80244ebdaef84e.png 

Configure a firewall policy that allows the Singapore office to access the Virginia facility

  • Set "Incoming Interface" to "sdwan01"
  • Set "Outgoing Interface" to "port2"
  • Set "Source" to "192.168.101.0/24"
  • Ser "Destination" to "192.168.20.0/24"
MessageImages_b803e6b4a13a4421889e8f0a22984825.png

Verify

Management terminals in the Singapore office can securely connect to equipment at the Virginia facility via SD-WAN network for secure transmission of corporate data.
MessageImages_37f0293dde494b9991a34948bcae4656.png

Popular Articles
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.