A prominent US-based specialty engineering and construction company faced challenges centralizing security controls, gaining visibility into traffic patterns and intrusion attempts, and applying policies at the application level within their cloud infrastructure. They turned to Fortinet Cloud Consulting Services to develop a comprehensive cloud network security design tailored to their unique requirements to ensure top-tier security and operational efficiency on AWS.
Guided Expertise in Selecting the Right Cloud Architecture
The Fortinet Cloud Consulting Services team worked closely with the customer to create an architecture that emphasized scalability, reliability, and robustness. The Fortinet consultants outlined multiple options, highlighting their unique benefits and potential challenges. This in-depth analysis enabled the customer to make informed decisions, ensuring their infrastructure not only satisfied current needs but was also adaptable for future advancements, facilitating a smooth migration.
Centralized Firewall Policy Management and Full Visibility of Network Traffic
Fortinet’s FortiGate Next-Generation Firewall is at the core of the customer’s security Virtual Private Cloud (VPC). Running the same OS as FortiGate hardware appliances, FortiGate-VMs enable you to enforce consistent security policies across any private or public cloud. Powered by AI-driven threat intelligence, FortiGate VMs provide proven threat protection at scale.
A pivotal aspect of the solution was the integration of FortiGate-VMs with the AWS Gateway Load Balancer (GWLB) in combination with AWS Transit Gateway, which was instrumental in achieving granular inspection of all the flows in the customer environment. The customer had public-facing workloads fronted by AWS Application Load Balancer (ALB), private workloads without an elastic IP that still needed to access the Internet, inter-VPC flows, and traffic between their on-premises data center and AWS. All these flows are now inspected by FortiGate-VMs for compliance with business policies. This setup not only enhanced the security posture but also improved network visibility, offering a scalable and resilient architecture that could adapt to the evolving demands of the digital landscape. The figure below shows the architectural implementation.
Further enhancing this security solution, the Fortinet team also integrated centralized firewall policy management with FortiManager. This allows for streamlined and consistent policy administration across the customer's entire network landscape, significantly simplifying the management of security policies.
Additionally, with the integration of FortiAnalyzer, the customer gained full visibility into network traffic. This tool provided comprehensive logging, analysis, and reporting capabilities, enabling the customer to monitor, understand, and respond to network activities effectively. These additions were crucial in achieving a holistic security stance, offering the customer an unparalleled level of control and insight into their network security.
Moreover, the Fortinet team built and packaged all necessary deployment scripts, which streamlined the migration process and minimized potential disruptions. Recognizing the importance of ongoing knowledge and self-sufficiency, Fortinet’s experts provided comprehensive training on all components of the solution and best practices. This educational effort ensured that the customer's engineering staff were not just passive recipients of a new system but active participants in its operation and future development.
To learn more about Fortinet Cloud Consulting Services for AWS, visit here.
