Fortinet black logo

AWS Administration Guide

Creating VPC route tables

Copy Link
Copy Doc ID f4e6f33e-6876-11ea-9384-00505692583a:602245
Download PDF

Creating VPC route tables

To create a VPC route table:
  1. In the AWS console, open the VPC service.
  2. Configure two spoke VPC route tables:
    1. Select Route Tables, then click the Create route table button.
    2. Configure the desired name, then select the spoke A VPC. Click the Create button.
    3. Repeat the process for the spoke B VPC.
    4. Select the spoke A VPC route table. On the Routes tab, click the Edit routes button.
    5. Click Add Route.
    6. In the Destination field, specify 0.0.0.0/0.
    7. For the Target, specify the Transit Gateway (TGW). Click Save Routes.
    8. On the Subnet Associations tab, click the Edit subnet associations button.
    9. Select the spoke subnet that you just created, then click Save.

    10. Repeat the process for the spoke B route table.
  3. Configure the security VPC internal route table:
    1. Click the Create route table button.
    2. Configure Sec_VPC_Internal as the name. This will be the route for internal traffic targeting the TGW. Select the security VPC.
    3. Click the Create button.
    4. Select the security VPC internal route table. On the Routes tab, click the Edit routes button.
    5. Click Add Route.
    6. In the Destination field, enter 0.0.0.0/0. Use the TGW as the target.
    7. Click Save changes.
    8. On the Subnet Associations tab, click the Edit subnet associations button.
    9. Select the internal/private subnets for both VPC availability zones (AZ) A and B, then click the Save button.
  4. Configure the security VPC external route table:
    1. Click the Create route table button.
    2. Configure Sec_VPC_External as the name. This will be the Internet-facing route table. Select the security VPC.
    3. Click the Create button.
    4. Select the security VPC external route table. On the Routes tab, click the Edit routes button.
    5. Add the following routes:

      Destination

      Target

      0.0.0.0/0

      Internet gateway

      10.1.1.0/24

      TGW

      10.2.1.0/24

      TGW

    6. On the Subnet Associations tab, click the Edit subnet associations button.
    7. Add the management, public, and heartbeat subnets for security VPC AZs, then click the Save button.
  5. Configure the route table for return traffic to the spoke VPCs from the FortiGate:
    1. Click the Create route table button.
    2. Configure Sec_VPC_TGW as the name. Select the security VPC.
    3. Click the Create button.
    4. On the Routes tab, click the Edit routes button.
    5. Add the following routes:

      Destination

      Target

      10.1.1.0/24

      TGW

      10.2.1.0/24

      TGW

    6. On the Subnet Associations tab, click the Edit subnet associations button.
    7. Select the TGW subnets for both AZs A and B, then click the Save button.
Note

You will add a route that targets the ENI ID of port2 of the primary FortiGate in a later step.

Creating VPC route tables

To create a VPC route table:
  1. In the AWS console, open the VPC service.
  2. Configure two spoke VPC route tables:
    1. Select Route Tables, then click the Create route table button.
    2. Configure the desired name, then select the spoke A VPC. Click the Create button.
    3. Repeat the process for the spoke B VPC.
    4. Select the spoke A VPC route table. On the Routes tab, click the Edit routes button.
    5. Click Add Route.
    6. In the Destination field, specify 0.0.0.0/0.
    7. For the Target, specify the Transit Gateway (TGW). Click Save Routes.
    8. On the Subnet Associations tab, click the Edit subnet associations button.
    9. Select the spoke subnet that you just created, then click Save.

    10. Repeat the process for the spoke B route table.
  3. Configure the security VPC internal route table:
    1. Click the Create route table button.
    2. Configure Sec_VPC_Internal as the name. This will be the route for internal traffic targeting the TGW. Select the security VPC.
    3. Click the Create button.
    4. Select the security VPC internal route table. On the Routes tab, click the Edit routes button.
    5. Click Add Route.
    6. In the Destination field, enter 0.0.0.0/0. Use the TGW as the target.
    7. Click Save changes.
    8. On the Subnet Associations tab, click the Edit subnet associations button.
    9. Select the internal/private subnets for both VPC availability zones (AZ) A and B, then click the Save button.
  4. Configure the security VPC external route table:
    1. Click the Create route table button.
    2. Configure Sec_VPC_External as the name. This will be the Internet-facing route table. Select the security VPC.
    3. Click the Create button.
    4. Select the security VPC external route table. On the Routes tab, click the Edit routes button.
    5. Add the following routes:

      Destination

      Target

      0.0.0.0/0

      Internet gateway

      10.1.1.0/24

      TGW

      10.2.1.0/24

      TGW

    6. On the Subnet Associations tab, click the Edit subnet associations button.
    7. Add the management, public, and heartbeat subnets for security VPC AZs, then click the Save button.
  5. Configure the route table for return traffic to the spoke VPCs from the FortiGate:
    1. Click the Create route table button.
    2. Configure Sec_VPC_TGW as the name. Select the security VPC.
    3. Click the Create button.
    4. On the Routes tab, click the Edit routes button.
    5. Add the following routes:

      Destination

      Target

      10.1.1.0/24

      TGW

      10.2.1.0/24

      TGW

    6. On the Subnet Associations tab, click the Edit subnet associations button.
    7. Select the TGW subnets for both AZs A and B, then click the Save button.
Note

You will add a route that targets the ENI ID of port2 of the primary FortiGate in a later step.