Fortinet black logo

AWS Administration Guide

Creating routing tables and associate subnets

Copy Link
Copy Doc ID 94c869ba-eb59-11ed-8e6d-fa163e15d75b:60984
Download PDF

Creating routing tables and associate subnets

Configure the routing tables. Since the FortiGate-VM has two interfaces, one for the public subnet and one for the private subnet, you must configure two routing tables.

To create routing tables and associate subnets:
  1. To configure the public subnet's routing table, go to Networking & Content Delivery > VPC in the AWS management console. In the VPC Dashboard, select Your VPCs, and select the VPC you created. In the Summary tab in the lower pane, select the route table ID located in the Route table field. To easily identify the route table, set a name for it in the Name field.

  2. In the Routes tab, select Edit, then select Add another route. In the Destination field, type 0.0.0.0/0. In the Target field, type igw and select the Internet gateway from the auto-complete suggestions. Select Save. The default route on the public interface in this VPC is now the Internet gateway.

  3. In the Subnet Associations tab, select Edit, and select the public subnet to associate it with this routing table. Select Save.

  4. To configure the routing table for the private subnet, select Create Route Table. To easily identify the route table, set a name for it in the Name field. Select the VPC you created. Select Yes, Create.

  5. In the Routes tab, select Edit, then select Add another route. In the Destination field, type 0.0.0.0/0. In the Target field, enter the interface ID of the private network interface. To find the interface ID, go to the EC2 Management Console, select Instances, and select the interface in the Network interfaces section in the lower pane of the page (Interface ID field). Select Save. The default route on the private subnet in this VPC is now the FortiGate's private network interface.

  6. In the Subnet Associations tab, select Edit, select the private subnet to associate it with this routing table. Select Save. You have now created two routing tables, one for the public segment and one for the private segment, with default routes.

  7. In the EC2 Management Console, select Instances, and select the network interface that you created for the private subnet (in this example, eth1) in the Network interfaces section in the lower pane. Select the interface ID.

  8. Select the network interface, select the Actions dropdown list, select Change Source/Dest. Check. Select Disabled. Select Save.

    If you have multiple network interfaces, you must disable Source/Dest. Check in each interface. You can confirm by looking at the interface information shown as false.

Creating routing tables and associate subnets

Configure the routing tables. Since the FortiGate-VM has two interfaces, one for the public subnet and one for the private subnet, you must configure two routing tables.

To create routing tables and associate subnets:
  1. To configure the public subnet's routing table, go to Networking & Content Delivery > VPC in the AWS management console. In the VPC Dashboard, select Your VPCs, and select the VPC you created. In the Summary tab in the lower pane, select the route table ID located in the Route table field. To easily identify the route table, set a name for it in the Name field.

  2. In the Routes tab, select Edit, then select Add another route. In the Destination field, type 0.0.0.0/0. In the Target field, type igw and select the Internet gateway from the auto-complete suggestions. Select Save. The default route on the public interface in this VPC is now the Internet gateway.

  3. In the Subnet Associations tab, select Edit, and select the public subnet to associate it with this routing table. Select Save.

  4. To configure the routing table for the private subnet, select Create Route Table. To easily identify the route table, set a name for it in the Name field. Select the VPC you created. Select Yes, Create.

  5. In the Routes tab, select Edit, then select Add another route. In the Destination field, type 0.0.0.0/0. In the Target field, enter the interface ID of the private network interface. To find the interface ID, go to the EC2 Management Console, select Instances, and select the interface in the Network interfaces section in the lower pane of the page (Interface ID field). Select Save. The default route on the private subnet in this VPC is now the FortiGate's private network interface.

  6. In the Subnet Associations tab, select Edit, select the private subnet to associate it with this routing table. Select Save. You have now created two routing tables, one for the public segment and one for the private segment, with default routes.

  7. In the EC2 Management Console, select Instances, and select the network interface that you created for the private subnet (in this example, eth1) in the Network interfaces section in the lower pane. Select the interface ID.

  8. Select the network interface, select the Actions dropdown list, select Change Source/Dest. Check. Select Disabled. Select Save.

    If you have multiple network interfaces, you must disable Source/Dest. Check in each interface. You can confirm by looking at the interface information shown as false.