Fortinet black logo

AWS Administration Guide

Home FortiGate Public Cloud 7.0.0 AWS Administration Guide
7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Deploying and configuring ELB-based HA/LB

Deploying and configuring ELB-based HA/LB

FortiGate-VM can achieve high availability (HA) using AWS elastic load balancer (ELB). You can deploy two FortiGate-VMs and associate them with an ELB and traffic balances between the two. If one FortiGate-VM fails, the other handles traffic. This provides more security and reliability to the existing cloud infrastructure.

Serving incoming and outgoing traffic for protected VMs requires external and internal ELBs. An external ELB is normally accessible from the Internet and distributes traffic as it enters a VPC. An internal ELB has similar capabilities but is only accessible within a VPC.

Like other LBs, you can configure ELB as an external ELB that is accessible from the Internet and distributes traffic as it enters a VPC or as an internal ELB which has similar functions and is only accessible inside a VPC. This section helps you get started with AWS ELB and FortiGate-VM configuration in an AWS environment.

Using this configuration, an IT administrator can place an application server inside a private subnet. The application server can provide web applications, terminal services, or general purpose Internet service. The FortiGate-VM fully protects and logs the access.

The design shows that application servers are fully separated between two subnets for active-active configuration. This configuration divides the load evenly.

You can protect and turn multiple availability zones highly available depending on how you design the topology.

You can also combine AWS Route 53 to use DNS name together with ELB.

Previous
Next

Deploying and configuring ELB-based HA/LB

FortiGate-VM can achieve high availability (HA) using AWS elastic load balancer (ELB). You can deploy two FortiGate-VMs and associate them with an ELB and traffic balances between the two. If one FortiGate-VM fails, the other handles traffic. This provides more security and reliability to the existing cloud infrastructure.

Serving incoming and outgoing traffic for protected VMs requires external and internal ELBs. An external ELB is normally accessible from the Internet and distributes traffic as it enters a VPC. An internal ELB has similar capabilities but is only accessible within a VPC.

Like other LBs, you can configure ELB as an external ELB that is accessible from the Internet and distributes traffic as it enters a VPC or as an internal ELB which has similar functions and is only accessible inside a VPC. This section helps you get started with AWS ELB and FortiGate-VM configuration in an AWS environment.

Using this configuration, an IT administrator can place an application server inside a private subnet. The application server can provide web applications, terminal services, or general purpose Internet service. The FortiGate-VM fully protects and logs the access.

The design shows that application servers are fully separated between two subnets for active-active configuration. This configuration divides the load evenly.

You can protect and turn multiple availability zones highly available depending on how you design the topology.

You can also combine AWS Route 53 to use DNS name together with ELB.

Previous
Next