Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AnandS
New Contributor

Created on ‎05-14-2023 06:00 PM

East-West traffic inspection between VPC with GWLB in AWS

Hello all,

 

I am implementing east-west traffic inspection between VPCs with GWLB in AWS.

 

I have implemented Transit Gateway and I am able to get the traffic between the VPCs without any issues. But, I am struggling to get the traffic to use GWLB and pass the traffic to the firewall using Geneve protocol. I believe that I have followed the steps given in the Administration Guide and I am still not able to get this working.

 

1) Does anyone have a step-by-step detailed procedure that they can share?

2) How is the routing table implemented in the Transit Gateway and inside the security VPC to route the traffic to the firewall?

3) I wish to use the same firewall for north-south traffic inspection, SD-WAN, and third-party IPSec VPN terminations. Am I too ambitious in using the same firewall for multiple functions although all these can be achieved in a normal on-prem firewall?

4) What additional information do you need to help me in this implementation?

5) Is this possible to achieve with Fortigate CNF instead of BYOL implementation?

 

Any guidance and websites where I can get relevant information are highly appreciated.

 

Regards,

Anand

Labels:
382
0 Kudos
4 REPLIES 4
gfleming
Staff
Staff

Created on ‎05-16-2023 06:09 PM

This should help you: https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/aws-administration-guide/185298/east...

 

 

Cheers,
Graham
342
0 Kudos
kvimaladevi
Staff
Staff

Created on ‎05-16-2023 09:06 PM

Hi Anand,

 

The post deployment configuration part in the provided link should help you handle traffic between the FortiGate and GWLB:

https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/aws-administration-guide/360322/post...

Regards,

Vimala

331
0 Kudos
Netadmin-Japfa
New Contributor

Created on ‎05-16-2023 09:25 PM

I suggest to you do not implement anything with gwlb + fortigate aws.

It still not good.

 

I implement for north south with gwlb using fortigate aws, Fortigate having bug, all traffic https been blocking by ssl inspection, ssl blocking with probe-cert-failed, if you using policy proxy mode.

Already using command probe-cert-failed ALLOW. The traffic not block, but very slow!

 

 

 

324
0 Kudos
Netadmin-Japfa
New Contributor

Created on ‎05-22-2023 06:45 AM

Geneve is not working with fortios 6.4.12 and with fortios 7.4.0, working with 7.0.x and 7.2.x, even this having an issue with policy with proxy mode, https traffic will be block by ssl, ssl anomaly. Using probe-cert-failed allow command in the utm ssl profile, for ssl blocking, no ssl blocking, but, the traffic of https is slow.

276
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.