Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Deployment options

FortiGate Autoscale for AWS provides two deployment options:

  • Deployment into a new VPC (end-to-end deployment). This option builds a new AWS environment consisting of the VPC, subnets, FortiGates, security groups, and other infrastructure components, and then deploys FortiGate Autoscale for AWS into this new VPC.
  • Deployment into an existing VPC. This option provisions FortiGate Autoscale for AWS in your existing AWS infrastructure.
Note

Incoming requests to the web servers in the private subnets present in your existing VPC will go through a connection that flows through the Internet gateway, network load balancer, and the FortiGate ASG before reaching the web server. The web server returns the response using the same connection.

Outgoing requests from the web servers go through the individual FortiGate NAT gateway and the Internet gateway to the external network. The external network returns the response using the same path.

Ensure that you remove any existing NAT device routes from existing route tables associated with the private subnets. FortiGate Autoscale for AWS automatically attaches a proper route to the route table, as described above.

FortiGate Autoscale for AWS provides separate CFTs for these options. It also allows you to configure CIDR blocks, instance types, and FortiGate settings.

Resources

Deployment options

FortiGate Autoscale for AWS provides two deployment options:

  • Deployment into a new VPC (end-to-end deployment). This option builds a new AWS environment consisting of the VPC, subnets, FortiGates, security groups, and other infrastructure components, and then deploys FortiGate Autoscale for AWS into this new VPC.
  • Deployment into an existing VPC. This option provisions FortiGate Autoscale for AWS in your existing AWS infrastructure.
Note

Incoming requests to the web servers in the private subnets present in your existing VPC will go through a connection that flows through the Internet gateway, network load balancer, and the FortiGate ASG before reaching the web server. The web server returns the response using the same connection.

Outgoing requests from the web servers go through the individual FortiGate NAT gateway and the Internet gateway to the external network. The external network returns the response using the same path.

Ensure that you remove any existing NAT device routes from existing route tables associated with the private subnets. FortiGate Autoscale for AWS automatically attaches a proper route to the route table, as described above.

FortiGate Autoscale for AWS provides separate CFTs for these options. It also allows you to configure CIDR blocks, instance types, and FortiGate settings.