Fortinet black logo

AWS Administration Guide

Home FortiGate Public Cloud 7.4.0 AWS Administration Guide
7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Attaching a VPC to the TGW

Attaching a VPC to the TGW

You can attach an existing VPC to the FortiGate Autoscale with Transit Gateway (TGW) environment by manually creating a TGW attachment and adding the necessary routes, propagations, and associations:

  1. Create a TGW attachment.
  2. Create a route to the TGW.
  3. Create a propagation in the inbound route table.
  4. Create an association in the outbound route table.
Note

The CIDR block for the VPC you are attaching must differ from that of the FortiGate Autoscale VPC.

The following instructions attach the VPC transit-gateway-demo-vpc01 with CIDR 10.0.0.0/16 to the FortiGate Autoscale with Transit Gateway environment.

Transit Gateway demo

To create a TGW attachment:
  1. In the left navigation tree, click TRANSIT GATEWAYS > Transit Gateway Attachment.
  2. Click Create Transit Gateway Attachment.
  3. Specify information as follows:
    1. Transit Gateway ID: select the desired TGW ID from the dropdown list.
    2. Attachment type: select VPC.
    3. Attachment name tag: enter a desired tag.
    4. VPC ID: select from the dropdown menu
    5. Subnet IDs: This option appears once the VPC ID has been selected. Check the Availability Zone check box(es) and choose one subnet per Availability Zone.
    For everything else, use the default settings.
  4. Click Create attachment.
  5. Wait for the State to change from pending to available.

    Transit Gateway creation

    The Name is what you specified for the Attachment name tag.
  6. When the State is available, click the Resource ID to go to the VPC.

    Transit Gateway with Resource ID highlighted

To create a route to the TGW:
  1. In the VPC, click the Route table.

    Creation of a route table

  2. Click the Routes tab and then click Edit routes.

    Routes tab: Edit routes

  3. Click Add route and specify the Destination, for example, 10.1.0.0/16. Under Target, select Transit Gateway.

    Add Destination, Target Transit Gateway

  4. The dropdown displays available TGWs. Select the one that the deployment stack created and click Save routes.

    Select your Transit Gateway

Note

If you want to route all traffic to the TGW, add a new route for destination 0.0.0.0/0. If this route already exists, remove the route and add a new one for the same destination with the target set to the TGW that the deployment stack.
To create a propagation in the inbound route table:
  1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
  2. Select the <ResourceTagPrefix>-transit-gateway-route-table-inbound route table.

    Select inbound route table

  3. Click the Propagations tab and then click Create propagation.
  4. From Choose attachment to propagate, select the attachment created in the section To create a TGW attachment:.

    Select created attachment

  5. Click Create propagation and then click Close.
  6. The new propagation with Resource type VPC is now listed on the Propagations tab.

    New propagation in the inbound route table

  7. Click the Routes tab to see that the route for your VPC has been automatically propagated.

    Routes tab showing the propagated route.

To create an association in the outbound route table:
  1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
  2. Select the <ResourceTagPrefix>-transit-gateway-route-table-outbound route table.

    Select inbound route table

  3. Click the Associations tab and then click Create association.
  4. From Choose attachment to associate, select the attachment created in the section To create a TGW attachment:.

    Select created attachment

  5. Click Create association and then click Close.
  6. The new association with Resource type VPC is now listed on the Associations tab.

    New association in the outbound route table

The VPC is now connected to the FortiGate Autoscale TGW. For a technical view of attaching VPCs to the FortiGate Autoscale TGW, see the architectural diagram.

Previous
Next

Attaching a VPC to the TGW

You can attach an existing VPC to the FortiGate Autoscale with Transit Gateway (TGW) environment by manually creating a TGW attachment and adding the necessary routes, propagations, and associations:

  1. Create a TGW attachment.
  2. Create a route to the TGW.
  3. Create a propagation in the inbound route table.
  4. Create an association in the outbound route table.
Note

The CIDR block for the VPC you are attaching must differ from that of the FortiGate Autoscale VPC.

The following instructions attach the VPC transit-gateway-demo-vpc01 with CIDR 10.0.0.0/16 to the FortiGate Autoscale with Transit Gateway environment.

Transit Gateway demo

To create a TGW attachment:
  1. In the left navigation tree, click TRANSIT GATEWAYS > Transit Gateway Attachment.
  2. Click Create Transit Gateway Attachment.
  3. Specify information as follows:
    1. Transit Gateway ID: select the desired TGW ID from the dropdown list.
    2. Attachment type: select VPC.
    3. Attachment name tag: enter a desired tag.
    4. VPC ID: select from the dropdown menu
    5. Subnet IDs: This option appears once the VPC ID has been selected. Check the Availability Zone check box(es) and choose one subnet per Availability Zone.
    For everything else, use the default settings.
  4. Click Create attachment.
  5. Wait for the State to change from pending to available.

    Transit Gateway creation

    The Name is what you specified for the Attachment name tag.
  6. When the State is available, click the Resource ID to go to the VPC.

    Transit Gateway with Resource ID highlighted

To create a route to the TGW:
  1. In the VPC, click the Route table.

    Creation of a route table

  2. Click the Routes tab and then click Edit routes.

    Routes tab: Edit routes

  3. Click Add route and specify the Destination, for example, 10.1.0.0/16. Under Target, select Transit Gateway.

    Add Destination, Target Transit Gateway

  4. The dropdown displays available TGWs. Select the one that the deployment stack created and click Save routes.

    Select your Transit Gateway

Note

If you want to route all traffic to the TGW, add a new route for destination 0.0.0.0/0. If this route already exists, remove the route and add a new one for the same destination with the target set to the TGW that the deployment stack.
To create a propagation in the inbound route table:
  1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
  2. Select the <ResourceTagPrefix>-transit-gateway-route-table-inbound route table.

    Select inbound route table

  3. Click the Propagations tab and then click Create propagation.
  4. From Choose attachment to propagate, select the attachment created in the section To create a TGW attachment:.

    Select created attachment

  5. Click Create propagation and then click Close.
  6. The new propagation with Resource type VPC is now listed on the Propagations tab.

    New propagation in the inbound route table

  7. Click the Routes tab to see that the route for your VPC has been automatically propagated.

    Routes tab showing the propagated route.

To create an association in the outbound route table:
  1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
  2. Select the <ResourceTagPrefix>-transit-gateway-route-table-outbound route table.

    Select inbound route table

  3. Click the Associations tab and then click Create association.
  4. From Choose attachment to associate, select the attachment created in the section To create a TGW attachment:.

    Select created attachment

  5. Click Create association and then click Close.
  6. The new association with Resource type VPC is now listed on the Associations tab.

    New association in the outbound route table

The VPC is now connected to the FortiGate Autoscale TGW. For a technical view of attaching VPCs to the FortiGate Autoscale TGW, see the architectural diagram.

Previous
Next