FortiGate Autoscale for AWS provides two deployment options:
- Deployment into a new VPC (end-to-end deployment). This option builds a new AWS environment consisting of the VPC, subnets, FortiGates, security groups, and other infrastructure components, and then deploys FortiGate Autoscale for AWS into this new VPC.
- Deployment into an existing VPC. This option provisions FortiGate Autoscale for AWS in your existing AWS infrastructure.
Incoming requests to the web servers in the private subnets present in your existing VPC will go through a connection that flows through the Internet gateway, network load balancer, and the FortiGate ASG before reaching the web server. The web server returns the response using the same connection.
Outgoing requests from the web servers go through the individual FortiGate NAT gateway and the Internet gateway to the external network. The external network returns the response using the same path.
Ensure that you remove any existing NAT device routes from existing route tables associated with the private subnets. FortiGate Autoscale for AWS automatically attaches a proper route to the route table, as described above.
FortiGate Autoscale for AWS provides separate CFTs for these options. It also allows you to configure CIDR blocks, instance types, and FortiGate settings.