Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Steve,
I currently run VMs in AWS running 5.4 platform (I believe the BYOL can run 5.6 platform). We manage these VMs via FortiManager just like any other firewall. I don't believe you can autoscale across regions. Here is a good reference from Fortinet specific to AWS
https://www.fortinet.com/products/aws-azure-security/fortigate-aws.html
Like any other Internet based service, performance is hard to predict because it is dependent on your connection to the Internet. We have high speed links and our performance meets our needs. For each region, we build our VMs and assign them to the same policy within FortiManager. We also utilize ther "per device mapping" feature to dynamically assign values based on the firewall the policy is deployed to which helps a lot.
Sorry I am not able to provide feedback to all of your questions but I hope this helps.
Regards,
d
Hello Dmcquade
Appreciate your reply. Thank you.
In your setup, do you use autoscaling ? i believe each FortiGate-VM needs to be manually assigned to FortiManager ?
Thanks
Steve
No on the auto scaling. Most of the implementations I have done involve site to site IPSEC VPN tunnels to an on-prem site. Typically we'll create 2 Fortigate VMs in a Transit VPC. Each VM will have a tunnel to the on-prem (preferrably 2 distinct locations for DR / Load balancing). For this reason we did not do auto scaling.
Sorry
d
Thank you
Building out a transit VPC as well, looking at FortiGate's - Did you build out two separate ( non h/a non config sync ) instances in the same AZ, different AZ's, different VPC's?
I want the availability of cross AZ subnets, but it looks like I can't get H/A or sync capabilities if they're in different subnets... I can handle the management of different IPSEC configs, but don't want to deal with the separate management of the FW policy side...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.