East-West traffic inspection between VPC with GWLB in AWS
I am implementing east-west traffic inspection between VPCs with GWLB in AWS.
I have implemented Transit Gateway and I am able to get the traffic between the VPCs without any issues. But, I am struggling to get the traffic to use GWLB and pass the traffic to the firewall using Geneve protocol. I believe that I have followed the steps given in the Administration Guide and I am still not able to get this working.
1) Does anyone have a step-by-step detailed procedure that they can share?
2) How is the routing table implemented in the Transit Gateway and inside the security VPC to route the traffic to the firewall?
3) I wish to use the same firewall for north-south traffic inspection, SD-WAN, and third-party IPSec VPN terminations. Am I too ambitious in using the same firewall for multiple functions although all these can be achieved in a normal on-prem firewall?
4) What additional information do you need to help me in this implementation?
5) Is this possible to achieve with Fortigate CNF instead of BYOL implementation?
Any guidance and websites where I can get relevant information are highly appreciated.
Geneve is not working with fortios 6.4.12 and with fortios 7.4.0, working with 7.0.x and 7.2.x, even this having an issue with policy with proxy mode, https traffic will be block by ssl, ssl anomaly. Using probe-cert-failed allow command in the utm ssl profile, for ssl blocking, no ssl blocking, but, the traffic of https is slow.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.