Fortinet Document Library

Version:


Table of Contents

About FortiGate for AWS

Deploying FortiGate on AWS

Deploying auto scaling on AWS

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on AWS

Security Fabric Connector Integration with AWS

Resources

Upgrade Path Tool
6.0.0
Copy Link

Creating a Routing Table and Associate Subnets

Configure the routing tables. Since the FortiGate has two interfaces, one for the public subnet and one for the private subnet, you must configure two routing tables.

  1. To configure the routing table for the public subnet, select VPC in the Networking & Content Delivery section of the AWS Management Console. In the VPC Dashboard, select Your VPCs, and select the VPC you created. In the Summary tab in the lower pane, select the route table ID located in the Route table field. To easily identify the route table, set a name for it in the Name field.

  2. In the Routes tab, select Edit, then select Add another route. In the Destination field, type 0.0.0.0/0. In the Target field, type igw and select the Internet Gateway from the auto-complete suggestions. Select Save. The default route on the public interface in this VPC is now the Internet Gateway.

  3. In the Subnet Associations tab, select Edit, and select the public subnet to associate it with this routing table. Select Save.

  4. To configure the routing table for the private subnet, select Create Route Table. To easily identify the route table, set a name for it in the Name field. Select the VPC you created. Select Yes, Create.

  5. In the Routes tab, select Edit, then select Add another route. In the Destination field, type 0.0.0.0/0. In the Target field, enter the interface ID of the private network interface. To find the interface ID, go to the EC2 Management Console, select Instances, and select the interface in the Network interfaces section in the lower pane of the page (Interface ID field). Select Save. The default route on the private subnet in this VPC is now the private network interface of the FortiGate.

  6. In the Subnet Associations tab, select Edit, select the private subnet to associate it with this routing table. Select Save. Two routing tables, one for the public segment and one for the private segment, have now been created with default routes.

  7. In the EC2 Management Console, select Instances, and select the network interface that you created for the private subnet (in this example, eth1) in the Network interfaces section in the lower pane. Select the interface ID.

  8. Select the network interface, select the Actions dropdown list, select Change Source/Dest. Check. Select Disabled. Select Save.

    If you have multiple network interfaces, Source/Dest. Check needs to be disabled in each interface. You can confirm by looking at the interface information shown as false.

Resources

Creating a Routing Table and Associate Subnets

Configure the routing tables. Since the FortiGate has two interfaces, one for the public subnet and one for the private subnet, you must configure two routing tables.

  1. To configure the routing table for the public subnet, select VPC in the Networking & Content Delivery section of the AWS Management Console. In the VPC Dashboard, select Your VPCs, and select the VPC you created. In the Summary tab in the lower pane, select the route table ID located in the Route table field. To easily identify the route table, set a name for it in the Name field.

  2. In the Routes tab, select Edit, then select Add another route. In the Destination field, type 0.0.0.0/0. In the Target field, type igw and select the Internet Gateway from the auto-complete suggestions. Select Save. The default route on the public interface in this VPC is now the Internet Gateway.

  3. In the Subnet Associations tab, select Edit, and select the public subnet to associate it with this routing table. Select Save.

  4. To configure the routing table for the private subnet, select Create Route Table. To easily identify the route table, set a name for it in the Name field. Select the VPC you created. Select Yes, Create.

  5. In the Routes tab, select Edit, then select Add another route. In the Destination field, type 0.0.0.0/0. In the Target field, enter the interface ID of the private network interface. To find the interface ID, go to the EC2 Management Console, select Instances, and select the interface in the Network interfaces section in the lower pane of the page (Interface ID field). Select Save. The default route on the private subnet in this VPC is now the private network interface of the FortiGate.

  6. In the Subnet Associations tab, select Edit, select the private subnet to associate it with this routing table. Select Save. Two routing tables, one for the public segment and one for the private segment, have now been created with default routes.

  7. In the EC2 Management Console, select Instances, and select the network interface that you created for the private subnet (in this example, eth1) in the Network interfaces section in the lower pane. Select the interface ID.

  8. Select the network interface, select the Actions dropdown list, select Change Source/Dest. Check. Select Disabled. Select Save.

    If you have multiple network interfaces, Source/Dest. Check needs to be disabled in each interface. You can confirm by looking at the interface information shown as false.