Fortinet Document Library

Version:

6.0.0

Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.4 6.2 6.0

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

6.0.0
6.0.0
Download PDF
Copy Link

Attaching a VPC to the Transit Gateway

You can attach an existing VPC to the FortiGate Autoscale with Transit Gateway environment by manually creating a Transit Gateway attachment and adding the necessary routes, propagations, and associations:

  1. Create a Transit Gateway attachment.
  2. Create a route to the Transit Gateway.
  3. Create a propagation in the inbound route table.
  4. Create an association in the outbound route table.
Note

The CIDR block for the VPC you are attaching must differ from that of the FortiGate Autoscale VPC.

In the instructions that follow, the VPC transit-gateway-demo-vpc01 with CIDR 10.0.0.0/16 will be attached to the FortiGate Autoscale with Transit Gateway environment.

Transit Gateway demo

To create a Transit Gateway attachment:
  1. In the left navigation tree, click TRANSIT GATEWAYS > Transit Gateway Attachment.
  2. Click Create Transit Gateway Attachment.
  3. Specify information as follows:
    1. Transit Gateway ID: Select from the dropdown menu
    2. Attachment type: VPC
    3. Attachment name tag: Enter a tag of your choice
    4. VPC ID: Select from the dropdown menu
    5. Subnet IDs: This option appears once the VPC ID has been selected. Check the Availability Zone check box(es) and choose 1 subnet per Availability Zone.
    For everything else, use the default settings.
  4. Click Create attachment.
  5. Wait for the State to change from pending to available.

    Transit Gateway creation

    The Name is what you specified for the Attachment name tag.
  6. When the State is available, click on the Resource ID to go to the VPC.

    Transit Gateway with Resource ID highlighted

To create a route to the Transit Gateway:
  1. In the VPC, click on the Route table.

    Creation of a route table

  2. Click the Routes tab and then click Edit routes.

    Routes tab: Edit routes

  3. Click Add route and specify the Destination, for example, 10.1.0.0/16. Under Target, select Transit Gateway.

    Add Destination, Target Transit Gateway

  4. Then dropdown will change to display available Transit Gateways. Select the one created by the deployment stack and then click Save routes.

    Select your Transit Gateway

Note

If you want to route all traffic to the Transit Gateway, you should add a new route for destination 0.0.0.0/0. If this route already exists, simply remove the route and add a new one for the same destination with the target set to the Transit Gateway created by the deployment stack.
To create a propagation in the inbound route table:
  1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
  2. Select the <ResourceTagPrefix>-transit-gateway-route-table-inbound route table.

    Select inbound route table

  3. Click the Propagations tab and then click Create propagation.
  4. From Choose attachment to propagate, select the attachment created in the section To create a Transit Gateway attachment:.

    Select created attachment

  5. Click Create propagation and then click Close.
  6. The new propagation with Resource type VPC is now listed on the Propagations tab.

    New propagation in the inbound route table

  7. Click on the Routes tab to see that the route for your VPC has been automatically propagated.

    Routes tab showing the propagated route.

To create an association in the outbound route table:
  1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
  2. Select the <ResourceTagPrefix>-transit-gateway-route-table-outbound route table.

    Select inbound route table

  3. Click the Associations tab and then click Create association.
  4. From Choose attachment to associate, select the attachment created in the section To create a Transit Gateway attachment:.

    Select created attachment

  5. Click Create association and then click Close.
  6. The new association with Resource type VPC is now listed on the Associations tab.

    New association in the outbound route table

The VPC is now connected to the FortiGate Autoscale Transit Gateway. For a technical view of attaching VPCs to the FortiGate Autoscale Transit Gateway, please refer to the architectural diagram .

Resources

Upgrade Path Tool

Attaching a VPC to the Transit Gateway

You can attach an existing VPC to the FortiGate Autoscale with Transit Gateway environment by manually creating a Transit Gateway attachment and adding the necessary routes, propagations, and associations:

  1. Create a Transit Gateway attachment.
  2. Create a route to the Transit Gateway.
  3. Create a propagation in the inbound route table.
  4. Create an association in the outbound route table.
Note

The CIDR block for the VPC you are attaching must differ from that of the FortiGate Autoscale VPC.

In the instructions that follow, the VPC transit-gateway-demo-vpc01 with CIDR 10.0.0.0/16 will be attached to the FortiGate Autoscale with Transit Gateway environment.

Transit Gateway demo

To create a Transit Gateway attachment:
  1. In the left navigation tree, click TRANSIT GATEWAYS > Transit Gateway Attachment.
  2. Click Create Transit Gateway Attachment.
  3. Specify information as follows:
    1. Transit Gateway ID: Select from the dropdown menu
    2. Attachment type: VPC
    3. Attachment name tag: Enter a tag of your choice
    4. VPC ID: Select from the dropdown menu
    5. Subnet IDs: This option appears once the VPC ID has been selected. Check the Availability Zone check box(es) and choose 1 subnet per Availability Zone.
    For everything else, use the default settings.
  4. Click Create attachment.
  5. Wait for the State to change from pending to available.

    Transit Gateway creation

    The Name is what you specified for the Attachment name tag.
  6. When the State is available, click on the Resource ID to go to the VPC.

    Transit Gateway with Resource ID highlighted

To create a route to the Transit Gateway:
  1. In the VPC, click on the Route table.

    Creation of a route table

  2. Click the Routes tab and then click Edit routes.

    Routes tab: Edit routes

  3. Click Add route and specify the Destination, for example, 10.1.0.0/16. Under Target, select Transit Gateway.

    Add Destination, Target Transit Gateway

  4. Then dropdown will change to display available Transit Gateways. Select the one created by the deployment stack and then click Save routes.

    Select your Transit Gateway

Note

If you want to route all traffic to the Transit Gateway, you should add a new route for destination 0.0.0.0/0. If this route already exists, simply remove the route and add a new one for the same destination with the target set to the Transit Gateway created by the deployment stack.
To create a propagation in the inbound route table:
  1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
  2. Select the <ResourceTagPrefix>-transit-gateway-route-table-inbound route table.

    Select inbound route table

  3. Click the Propagations tab and then click Create propagation.
  4. From Choose attachment to propagate, select the attachment created in the section To create a Transit Gateway attachment:.

    Select created attachment

  5. Click Create propagation and then click Close.
  6. The new propagation with Resource type VPC is now listed on the Propagations tab.

    New propagation in the inbound route table

  7. Click on the Routes tab to see that the route for your VPC has been automatically propagated.

    Routes tab showing the propagated route.

To create an association in the outbound route table:
  1. In the left navigation tree, click Transit Gateways > Transit Gateway Route Tables.
  2. Select the <ResourceTagPrefix>-transit-gateway-route-table-outbound route table.

    Select inbound route table

  3. Click the Associations tab and then click Create association.
  4. From Choose attachment to associate, select the attachment created in the section To create a Transit Gateway attachment:.

    Select created attachment

  5. Click Create association and then click Close.
  6. The new association with Resource type VPC is now listed on the Associations tab.

    New association in the outbound route table

The VPC is now connected to the FortiGate Autoscale Transit Gateway. For a technical view of attaching VPCs to the FortiGate Autoscale Transit Gateway, please refer to the architectural diagram .