Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • AWS Administration Guide

    Home FortiGate Public Cloud 7.6.0 AWS Administration Guide
    7.6.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Attaching a VPC to the TGW

    Attaching a VPC to the TGW

    You can attach an existing VPC to the FortiGate Autoscale with Transit Gateway (TGW) environment by manually creating a TGW attachment and adding the necessary routes, propagations, and associations:

    1. Create a TGW attachment.
    2. Create a route to the TGW.
    3. Create a propagation in the inbound route table.
    4. Create an association in the outbound route table.
    Note

    The CIDR block for the VPC you are attaching must differ from that of the FortiGate Autoscale VPC.

    The following instructions attach the VPC transit-gateway-demo-vpc01 with CIDR 10.0.0.0/16 to the FortiGate Autoscale with Transit Gateway environment.

    Transit Gateway demo

    To create a TGW attachment:
    1. In the left navigation tree, click TRANSIT GATEWAYS > Transit Gateway Attachment.
    2. Click Create Transit Gateway Attachment.
    3. Specify information as follows:
      1. Transit Gateway ID: select the desired TGW ID from the dropdown list.
      2. Attachment type: select VPC.
      3. Attachment name tag: enter a desired tag.
      4. VPC ID: select from the dropdown menu
      5. Subnet IDs: This option appears once the VPC ID has been selected. Check the Availability Zone check box(es) and choose one subnet per Availability Zone.
      For everything else, use the default settings.
    4. Click Create attachment.
    5. Wait for the State to change from pending to available.

      Transit Gateway creation

      The Name is what you specified for the Attachment name tag.
    6. When the State is available, click the Resource ID to go to the VPC.

      Transit Gateway with Resource ID highlighted

    To create a route to the TGW:
    1. In the VPC, click the Route table.

      Creation of a route table

    2. Click the Routes tab and then click Edit routes.

      Routes tab: Edit routes

    3. Click Add route and specify the Destination, for example, 10.1.0.0/16. Under Target, select Transit Gateway.

      Add Destination, Target Transit Gateway

    4. The dropdown displays available TGWs. Select the one that the deployment stack created and click Save routes.

      Select your Transit Gateway

    Note

    If you want to route all traffic to the TGW, add a new route for destination 0.0.0.0/0. If this route already exists, remove the route and add a new one for the same destination with the target set to the TGW that the deployment stack.
    To create a propagation in the inbound route table:
    1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
    2. Select the <ResourceTagPrefix>-transit-gateway-route-table-inbound route table.

      Select inbound route table

    3. Click the Propagations tab and then click Create propagation.
    4. From Choose attachment to propagate, select the attachment created in the section To create a TGW attachment:.

      Select created attachment

    5. Click Create propagation and then click Close.
    6. The new propagation with Resource type VPC is now listed on the Propagations tab.

      New propagation in the inbound route table

    7. Click the Routes tab to see that the route for your VPC has been automatically propagated.

      Routes tab showing the propagated route.

    To create an association in the outbound route table:
    1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
    2. Select the <ResourceTagPrefix>-transit-gateway-route-table-outbound route table.

      Select inbound route table

    3. Click the Associations tab and then click Create association.
    4. From Choose attachment to associate, select the attachment created in the section To create a TGW attachment:.

      Select created attachment

    5. Click Create association and then click Close.
    6. The new association with Resource type VPC is now listed on the Associations tab.

      New association in the outbound route table

    The VPC is now connected to the FortiGate Autoscale TGW. For a technical view of attaching VPCs to the FortiGate Autoscale TGW, see the architectural diagram.

    Previous
    Next

    Attaching a VPC to the TGW

    Attaching a VPC to the TGW

    You can attach an existing VPC to the FortiGate Autoscale with Transit Gateway (TGW) environment by manually creating a TGW attachment and adding the necessary routes, propagations, and associations:

    1. Create a TGW attachment.
    2. Create a route to the TGW.
    3. Create a propagation in the inbound route table.
    4. Create an association in the outbound route table.
    Note

    The CIDR block for the VPC you are attaching must differ from that of the FortiGate Autoscale VPC.

    The following instructions attach the VPC transit-gateway-demo-vpc01 with CIDR 10.0.0.0/16 to the FortiGate Autoscale with Transit Gateway environment.

    Transit Gateway demo

    To create a TGW attachment:
    1. In the left navigation tree, click TRANSIT GATEWAYS > Transit Gateway Attachment.
    2. Click Create Transit Gateway Attachment.
    3. Specify information as follows:
      1. Transit Gateway ID: select the desired TGW ID from the dropdown list.
      2. Attachment type: select VPC.
      3. Attachment name tag: enter a desired tag.
      4. VPC ID: select from the dropdown menu
      5. Subnet IDs: This option appears once the VPC ID has been selected. Check the Availability Zone check box(es) and choose one subnet per Availability Zone.
      For everything else, use the default settings.
    4. Click Create attachment.
    5. Wait for the State to change from pending to available.

      Transit Gateway creation

      The Name is what you specified for the Attachment name tag.
    6. When the State is available, click the Resource ID to go to the VPC.

      Transit Gateway with Resource ID highlighted

    To create a route to the TGW:
    1. In the VPC, click the Route table.

      Creation of a route table

    2. Click the Routes tab and then click Edit routes.

      Routes tab: Edit routes

    3. Click Add route and specify the Destination, for example, 10.1.0.0/16. Under Target, select Transit Gateway.

      Add Destination, Target Transit Gateway

    4. The dropdown displays available TGWs. Select the one that the deployment stack created and click Save routes.

      Select your Transit Gateway

    Note

    If you want to route all traffic to the TGW, add a new route for destination 0.0.0.0/0. If this route already exists, remove the route and add a new one for the same destination with the target set to the TGW that the deployment stack.
    To create a propagation in the inbound route table:
    1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
    2. Select the <ResourceTagPrefix>-transit-gateway-route-table-inbound route table.

      Select inbound route table

    3. Click the Propagations tab and then click Create propagation.
    4. From Choose attachment to propagate, select the attachment created in the section To create a TGW attachment:.

      Select created attachment

    5. Click Create propagation and then click Close.
    6. The new propagation with Resource type VPC is now listed on the Propagations tab.

      New propagation in the inbound route table

    7. Click the Routes tab to see that the route for your VPC has been automatically propagated.

      Routes tab showing the propagated route.

    To create an association in the outbound route table:
    1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
    2. Select the <ResourceTagPrefix>-transit-gateway-route-table-outbound route table.

      Select inbound route table

    3. Click the Associations tab and then click Create association.
    4. From Choose attachment to associate, select the attachment created in the section To create a TGW attachment:.

      Select created attachment

    5. Click Create association and then click Close.
    6. The new association with Resource type VPC is now listed on the Associations tab.

      New association in the outbound route table

    The VPC is now connected to the FortiGate Autoscale TGW. For a technical view of attaching VPCs to the FortiGate Autoscale TGW, see the architectural diagram.

    Previous
    Next