Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

More Links

Transit gateways

Resources

Upgrade Path Tool

AWS Cookbook

6.4.0
Download PDF
Copy Link

Creating the transit gateway

A transit gateway (TGW) is a transit hub used to connect two VPCs or a VPC to an on-premise network. This example connects the application VPC to the security VPC via a TGW. This ensures that any access to and from the application VPC is routed via the security VPC, where the FortiGates can inspect it.

To create the TGW:
  1. Go to VPC Dashboard > Transit Gateways > Transit Gateways.
  2. Click Create Transit Gateway.
  3. Configure the TGW as needed. Creating a TGW creates a TGW default route table. The table is used as the default association and propagation route table for this gateway. You can access this table in VPC Dashboard > Transit Gateways > Transit Gateway Route Tables.
To create the TGW attachment:

You can create a gateway attachment to link separate VPCs and subnets to the newly created TGW. The two resources can be in the same or different AWS accounts. This example assumes that both VPCs are in the same AWS account.

  1. Go to VPC Dashboard > Transit Gateways > Transit Gateway Attachments.
  2. Click Create Transit Gateway Attachment.
  3. From the Transit Gateway ID dropdown list, select the TGW that you created.
  4. From the Attachment type dropdown list, select VPC.
  5. From the VPC ID dropdown list, select the VPC that you want to attach to the TGW.
  6. Under Subnet IDs, select the required subnet in the desired AZ.
  7. Configure other fields as desired.
  8. Click Create Attachment.
  9. Repeat the process for the remaining two VPC attachments. The security VPC is attached to the TGW, with only the TGW subnets in each AZ selected. This ensures that traffic can be routed seamlessly to and from the GWLB endpoint. You must attach each subnet/AZ to the TGW separately.

More Links

Resources

Creating the transit gateway

A transit gateway (TGW) is a transit hub used to connect two VPCs or a VPC to an on-premise network. This example connects the application VPC to the security VPC via a TGW. This ensures that any access to and from the application VPC is routed via the security VPC, where the FortiGates can inspect it.

To create the TGW:
  1. Go to VPC Dashboard > Transit Gateways > Transit Gateways.
  2. Click Create Transit Gateway.
  3. Configure the TGW as needed. Creating a TGW creates a TGW default route table. The table is used as the default association and propagation route table for this gateway. You can access this table in VPC Dashboard > Transit Gateways > Transit Gateway Route Tables.
To create the TGW attachment:

You can create a gateway attachment to link separate VPCs and subnets to the newly created TGW. The two resources can be in the same or different AWS accounts. This example assumes that both VPCs are in the same AWS account.

  1. Go to VPC Dashboard > Transit Gateways > Transit Gateway Attachments.
  2. Click Create Transit Gateway Attachment.
  3. From the Transit Gateway ID dropdown list, select the TGW that you created.
  4. From the Attachment type dropdown list, select VPC.
  5. From the VPC ID dropdown list, select the VPC that you want to attach to the TGW.
  6. Under Subnet IDs, select the required subnet in the desired AZ.
  7. Configure other fields as desired.
  8. Click Create Attachment.
  9. Repeat the process for the remaining two VPC attachments. The security VPC is attached to the TGW, with only the TGW subnets in each AZ selected. This ensures that traffic can be routed seamlessly to and from the GWLB endpoint. You must attach each subnet/AZ to the TGW separately.