Fortinet Document Library

Version:


Table of Contents

AWS Administration Guide

7.0.0
Download PDF
Copy Link

SD-WAN Transit Gateway Connect

This guide assumes that the customer and security VPCs and the FortiGate instances that the diagram shows are already in place and application instances are already created. This guide does not cover the steps for creating those resources.

VPC

Description

Customer

Where the customer workloads will be deployed. Each Availability Zone (AZ) has an Application subnet, where the application workloads are deployed. This VPC does not have an Internet gateway and all North-South traffic is routed through the FortiGate instances in the Security subnet via the Transit Gateway (TGW).

Security

Where FortiGates are deployed. All North-South traffic is routed through the FortiGate. This routing is achieved by the following:

  • Sharing BGP routes using the TGW Connect attachment
  • Configuring BGP connect peers between the FortiGate and the TGW

SD-WAN Transit Gateway Connect

This guide assumes that the customer and security VPCs and the FortiGate instances that the diagram shows are already in place and application instances are already created. This guide does not cover the steps for creating those resources.

VPC

Description

Customer

Where the customer workloads will be deployed. Each Availability Zone (AZ) has an Application subnet, where the application workloads are deployed. This VPC does not have an Internet gateway and all North-South traffic is routed through the FortiGate instances in the Security subnet via the Transit Gateway (TGW).

Security

Where FortiGates are deployed. All North-South traffic is routed through the FortiGate. This routing is achieved by the following:

  • Sharing BGP routes using the TGW Connect attachment
  • Configuring BGP connect peers between the FortiGate and the TGW