FortiGate-VM can achieve HA using AWS ELB. You can deploy two FortiGate-VMs and associate them with an ELB, and traffic is balanced between the two. If one FortiGate-VM fails, the other handles traffic. This provides more security and reliability to the existing cloud infrastructure.
External and internal ELBs are required if you want to serve incoming and outgoing traffic for protected VMs. An external ELB is normally accessible from the Internet and distributes traffic as it enters a VPC. An internal ELB has similar capabilities but is only accessible within a VPC.
Like other load balancers, ELB can be configured as an external ELB that is accessible from the Internet and distributes traffic as it enters a VPC, or as an internal ELB which has similar functions and is only accessible inside a VPC. This section helps you get started with AWS ELB and FortiGate-VM configuration in an AWS environment.
Using this configuration, an IT administrator can place an application server inside a private subnet. The application server can provide web applications, terminal services, or general purpose Internet service. The access is fully protected and logged by the FortiGate-VM.
The design shows that application servers are fully separated between two subnets for active-active configuration. The load is divided evenly in this configuration.
You can protect and turn multiple AZs highly available depending on how you design the topology.
You can also combine AWS Route 53 to use DNS name together with ELB.