Launching FortiGate on AWS
The most basic deployment consists of one FortiGate with two ENIs facing a public subnet and private subnet, with FortiGate deployed inline between the two subnets. A single FortiGate protects a single VPC with a single availability zone. The public subnet's default gateway is an AWSInternet gateway, and FortiGate's private subnet-facing ENI is the private subnet's default gateway. Protected EC2 instances such as web servers, database servers, or other endpoints are assumed to exist in the private subnet. One elastic/public IP address or IPv4 DNSname must be allocated to the FortiGate in the public subnet for you to access FortiGate remotely via HTTPS or SSH over the Internet for initial configuration.