East-west security inspection between two customer VPCs
The following shows the topology for this deployment, which uses GWLB for east-west security inspection between two customer VPCs:
This guide assumes that the following are already created and in place as the diagram shows:
- Customer A and B VPCs
- Security VPC
- FortiGate with at least one management network interface and elastic IP address assigned
- Application instances
The guide describes configuring additional network interfaces to handle data traffic. The following describes the two VPC types in this deployment:
VPC |
Description |
---|---|
Customer |
Where customer workloads are deployed. The customer VPCs each have one AZ with an application-purposed subnet where you deploy application workloads where the FortiGate must inspect the traffic. |
Security |
Where the FortiGate is deployed. You create the GWLB in this VPC. The security VPC AZ also includes the following subnets:
|