Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

Resources

Upgrade Path Tool

AWS Cookbook

6.2.0
Download PDF
Copy Link

Deploying FortiGate-VM active-passive HA AWS between multiple zones manually with Transit Gateway integration

This guide provides sample configuration of a manual build of an AWS Transit Gateway (TGW) with two virtual private cloud (VPC) spokes and a security VPC. The security VPC contains two FortiGate-VMs to inspect inbound and outbound traffic.

Note

You can also deploy a similar scenario using a set of deployment templates using Terraform. The templates install all necessary resources at once, including FortiGate-VM nodes and Linux client VMs for your turnkey testing. The templates are more time-efficient than manually creating configurations.

Before deploying FortiGate high availability (HA) for AWS with TGW integration, familiarity with the following AWS services is recommended:

If you are new to AWS, see Getting Started with AWS.

This deployment consists of the following steps:

  1. Creating VPCs and subnets
  2. Creating a Transit Gateway and related resources
  3. Creating an Internet gateway
  4. Creating VPC route tables
  5. Deploying FortiGate-VM from AWS marketplace
  6. Adding network interfaces and elastic IP addresses to the FortiGate-VMs
  7. Configuring the FortiGate-VMs
  8. Updating the route table and adding an IAM policy
  9. Testing FortiGate-VM HA failover

 

Resources

Deploying FortiGate-VM active-passive HA AWS between multiple zones manually with Transit Gateway integration

This guide provides sample configuration of a manual build of an AWS Transit Gateway (TGW) with two virtual private cloud (VPC) spokes and a security VPC. The security VPC contains two FortiGate-VMs to inspect inbound and outbound traffic.

Note

You can also deploy a similar scenario using a set of deployment templates using Terraform. The templates install all necessary resources at once, including FortiGate-VM nodes and Linux client VMs for your turnkey testing. The templates are more time-efficient than manually creating configurations.

Before deploying FortiGate high availability (HA) for AWS with TGW integration, familiarity with the following AWS services is recommended:

If you are new to AWS, see Getting Started with AWS.

This deployment consists of the following steps:

  1. Creating VPCs and subnets
  2. Creating a Transit Gateway and related resources
  3. Creating an Internet gateway
  4. Creating VPC route tables
  5. Deploying FortiGate-VM from AWS marketplace
  6. Adding network interfaces and elastic IP addresses to the FortiGate-VMs
  7. Configuring the FortiGate-VMs
  8. Updating the route table and adding an IAM policy
  9. Testing FortiGate-VM HA failover