Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ravitejag
New Contributor II

Multiple secondary IP's limitation on WAN interface for DMZ server access through Fortigate in AWS

I faced a scenario where in there is a requirement to allow public access for multiple web servers through Fortigate in AWS.

 

With the help of secondary IP's & associating elastic IP's to it this can be achieved, however there is a limitation on AWS at instance level and the maximum secondary private IP's that can be allowed are 50. But increasing instance size doesn't seem feasible when you have n number of web servers in real time.

 

Can someone please help me out with a feasible and cost effective solution on this ?

 

FortiGate #aws

5 REPLIES 5
gfleming
Staff
Staff

Can you use some form of host-based routing? Associate a number of different hostnames to a single IP and have the FortiGate route them to the appropriate internal web server?

Cheers,
Graham
ravitejag
New Contributor II

Can you elaborate more on this ? One thing I would like to say is no changes can be done in existing servers or add new server. Looking for a solution from network/cloud perspective as a work around.

 

gfleming
ravitejag
New Contributor II

I see this as Fortigate Virtual server load balancing concept, by using this I can only do load balancing to multiple real servers or single server. To accomplish this, we need to create multiple secondary IP's on WAN interface and then do a double NAT to real servers & that's where the limitation is coming into picture. DNS part to be handled separately, only with the help of Fortigate configuration; I see it is not achievable. Could you please provide more insights or a different solution

gfleming

HTTP Host load balance method does not require multiple external IPs. One IP address can respond to multiple domain names (DNS Names all point to the one external IP) and Fortigate will forward those appropriately to the internal servers based on host name.

Cheers,
Graham
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors