Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Use Case: Securing EC2 instances on AWS

Use Case: High Availability for FortiGate on AWS

Automatically Updating Dynamic Addresses for AWS Using Fabric Connector

Resources

Upgrade Path Tool
5.6.0
Copy Link

Launching FortiGate on AWS

See FortiGate Deployment (Single Instance) Protecting Single VPC.

The most basic deployment consists of one FortiGate with two ENIs facing a public subnet and private subnet, with FortiGate deployed inline between the two subnets. A single FortiGate protects a single VPC with a single availability zone. The public subnet's default gateway is an AWSInternet gateway, and FortiGate's private subnet-facing ENI is the private subnet's default gateway. Protected EC2 instances such as web servers, database servers, or other endpoints are assumed to exist in the private subnet. One elastic/public IP address or IPv4 DNSname must be allocated to the FortiGate in the public subnet for you to access FortiGate remotely via HTTPS or SSH over the Internet for initial configuration.

Resources

Launching FortiGate on AWS

See FortiGate Deployment (Single Instance) Protecting Single VPC.

The most basic deployment consists of one FortiGate with two ENIs facing a public subnet and private subnet, with FortiGate deployed inline between the two subnets. A single FortiGate protects a single VPC with a single availability zone. The public subnet's default gateway is an AWSInternet gateway, and FortiGate's private subnet-facing ENI is the private subnet's default gateway. Protected EC2 instances such as web servers, database servers, or other endpoints are assumed to exist in the private subnet. One elastic/public IP address or IPv4 DNSname must be allocated to the FortiGate in the public subnet for you to access FortiGate remotely via HTTPS or SSH over the Internet for initial configuration.