Deploying FortiGate-VM active-passive HA AWS between multiple zones manually with Transit Gateway integration
This guide provides sample configuration of a manual build of an AWS Transit Gateway (TGW) with two virtual private cloud (VPC) spokes and a security VPC. The security VPC contains two FortiGate-VMs to inspect inbound and outbound traffic.
You can also deploy a similar scenario using a set of deployment templates using Terraform. The templates install all necessary resources at once, including FortiGate-VM nodes and Linux client VMs for your turnkey testing. The templates are more time-efficient than manually creating configurations.
Before deploying FortiGate high availability (HA) for AWS with TGW integration, familiarity with the following AWS services is recommended:
If you are new to AWS, see Getting Started with AWS.
This deployment consists of the following steps:
- Creating VPCs and subnets
- Creating a Transit Gateway and related resources
- Creating an Internet gateway
- Creating VPC route tables
- Deploying FortiGate-VM from AWS marketplace
- Adding network interfaces and elastic IP addresses to the FortiGate-VMs
- Configuring the FortiGate-VMs
- Updating the route table and adding an IAM policy
- Testing FortiGate-VM HA failover