We have two VPC in AWS [Security, and Production] VPCs. We have deployed fortigate in Security VPC. In the designing phase we consider the fortigate to work as a Nat instance for all our private subnet including the on in the Production VPC.
From FortiOS - AWS Administration Guide, section Security inspection with Gateway Load Balancer
integration, part North-south security inspection to customer VPC. I have understood this can be accomplish by using Gateway Load Balancer. [https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/e129c4eb-867b-11eb-9995-005056...]
My question is:
1- We have one fortigate do we need to deploy Gateway Load Balancer? if No need for the Load Balancer, then how?
2-If I have stablished site to site VPN between the fortigate and third parties, and one of the Production private EC2 need to reach it I can do this also right?
Thanks,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Nemat,
To answer your questions:
1- The traffic needs to reach the Fortigate, so either with the GWLB as per documentation on page 192-193 or depending on your deployments perhaps another Fortigate/firewall. Although the former solution with the GWLB is a better way, ihmo.
2- Again this depends on how you have done your deployment and your topology, but all firewalls should be capable of VPN (i.e. IPsec).
For the GWLB, make sure you also have the latest firmware in your Fortigate. From the documentation i read that is using the Geneve protocol and it would be better to be on the latest firmware (i.e 6.4.10/7.0.8/7.2.2)
I am pretty sure you will need a Transit GW to satisfy the dependencies of #2. VPCs are not transitive. That is you cannot have traffic entering one VPC (i.e. VPN Traffic) and traversing to another VPC. For this you need Transit GW or a local Internet/VPN gw in the VPC. Check east-west traffic inspection it goes into a bit of detail on this one.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1529 | |
1027 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.