Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • AWS Administration Guide

    Home FortiGate Public Cloud 6.4.0 AWS Administration Guide
    6.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Creating VPC route tables

    Creating VPC route tables

    To create a VPC route table:
    1. In the AWS console, open the VPC service.
    2. Configure two spoke VPC route tables:
      1. Select Route Tables, then click the Create route table button.
      2. Configure the desired name, then select the spoke A VPC. Click the Create button.
      3. Repeat the process for the spoke B VPC.
      4. Select the spoke A VPC route table. On the Routes tab, click the Edit routes button.
      5. Click Add Route.
      6. In the Destination field, specify 0.0.0.0/0.
      7. For the Target, specify the Transit Gateway (TGW). Click Save Routes.
      8. On the Subnet Associations tab, click the Edit subnet associations button.
      9. Select the spoke subnet that you just created, then click Save.

      10. Repeat the process for the spoke B route table.
    3. Configure the security VPC internal route table:
      1. Click the Create route table button.
      2. Configure Sec_VPC_Internal as the name. This will be the route for internal traffic targeting the TGW. Select the security VPC.
      3. Click the Create button.
      4. Select the security VPC internal route table. On the Routes tab, click the Edit routes button.
      5. Click Add Route.
      6. In the Destination field, enter 0.0.0.0/0. Use the TGW as the target.
      7. Click Save changes.
      8. On the Subnet Associations tab, click the Edit subnet associations button.
      9. Select the internal/private subnets for both VPC availability zones (AZ) A and B, then click the Save button.
    4. Configure the security VPC external route table:
      1. Click the Create route table button.
      2. Configure Sec_VPC_External as the name. This will be the Internet-facing route table. Select the security VPC.
      3. Click the Create button.
      4. Select the security VPC external route table. On the Routes tab, click the Edit routes button.
      5. Add the following routes:

        Destination

        Target

        0.0.0.0/0

        Internet gateway

        10.1.1.0/24

        TGW

        10.2.1.0/24

        TGW
      6. On the Subnet Associations tab, click the Edit subnet associations button.
      7. Add the management, public, and heartbeat subnets for security VPC AZs, then click the Save button.
    5. Configure the route table for return traffic to the spoke VPCs from the FortiGate:
      1. Click the Create route table button.
      2. Configure Sec_VPC_TGW as the name. Select the security VPC.
      3. Click the Create button.
      4. On the Routes tab, click the Edit routes button.
      5. Add the following routes:

        Destination

        Target

        10.1.1.0/24

        TGW

        10.2.1.0/24

        TGW
      6. On the Subnet Associations tab, click the Edit subnet associations button.
      7. Select the TGW subnets for both AZs A and B, then click the Save button.
    Note

    You will add a route that targets the ENI ID of port2 of the primary FortiGate in a later step.
    Previous
    Next

    Creating VPC route tables

    Creating VPC route tables

    To create a VPC route table:
    1. In the AWS console, open the VPC service.
    2. Configure two spoke VPC route tables:
      1. Select Route Tables, then click the Create route table button.
      2. Configure the desired name, then select the spoke A VPC. Click the Create button.
      3. Repeat the process for the spoke B VPC.
      4. Select the spoke A VPC route table. On the Routes tab, click the Edit routes button.
      5. Click Add Route.
      6. In the Destination field, specify 0.0.0.0/0.
      7. For the Target, specify the Transit Gateway (TGW). Click Save Routes.
      8. On the Subnet Associations tab, click the Edit subnet associations button.
      9. Select the spoke subnet that you just created, then click Save.

      10. Repeat the process for the spoke B route table.
    3. Configure the security VPC internal route table:
      1. Click the Create route table button.
      2. Configure Sec_VPC_Internal as the name. This will be the route for internal traffic targeting the TGW. Select the security VPC.
      3. Click the Create button.
      4. Select the security VPC internal route table. On the Routes tab, click the Edit routes button.
      5. Click Add Route.
      6. In the Destination field, enter 0.0.0.0/0. Use the TGW as the target.
      7. Click Save changes.
      8. On the Subnet Associations tab, click the Edit subnet associations button.
      9. Select the internal/private subnets for both VPC availability zones (AZ) A and B, then click the Save button.
    4. Configure the security VPC external route table:
      1. Click the Create route table button.
      2. Configure Sec_VPC_External as the name. This will be the Internet-facing route table. Select the security VPC.
      3. Click the Create button.
      4. Select the security VPC external route table. On the Routes tab, click the Edit routes button.
      5. Add the following routes:

        Destination

        Target

        0.0.0.0/0

        Internet gateway

        10.1.1.0/24

        TGW

        10.2.1.0/24

        TGW
      6. On the Subnet Associations tab, click the Edit subnet associations button.
      7. Add the management, public, and heartbeat subnets for security VPC AZs, then click the Save button.
    5. Configure the route table for return traffic to the spoke VPCs from the FortiGate:
      1. Click the Create route table button.
      2. Configure Sec_VPC_TGW as the name. Select the security VPC.
      3. Click the Create button.
      4. On the Routes tab, click the Edit routes button.
      5. Add the following routes:

        Destination

        Target

        10.1.1.0/24

        TGW

        10.2.1.0/24

        TGW
      6. On the Subnet Associations tab, click the Edit subnet associations button.
      7. Select the TGW subnets for both AZs A and B, then click the Save button.
    Note

    You will add a route that targets the ENI ID of port2 of the primary FortiGate in a later step.
    Previous
    Next