Blame
|
1 | # Fortigate in the Cloud |
||||||
| 2 | ||||||||
| 3 | ||||||||
| 4 | AWS Gateway Load Balancer (GWLB) |
|||||||
| 5 | ||||||||
|
6 | |||||||
|
7 | You should absolutely know this flow. |
||||||
| 8 | ||||||||
| 9 | Traffic flow in AWS: |
|||||||
|
10 | |||||||
|
11 | Traffic from protected VPC |
||||||
| 12 | Routed to GWLBe |
|||||||
| 13 | Sent to FortiGate CNF |
|||||||
| 14 | Security inspection happens |
|||||||
| 15 | Allowed traffic returns to internet gateway |
|||||||
| 16 | ||||||||
| 17 | Key concepts: |
|||||||
| 18 | ||||||||
|
19 | |||||||
|
20 | GWLB = scalable entry point |
||||||
| 21 | GWLBe = endpoint referenced in route tables |
|||||||
| 22 | Used for HA and scaling |
|||||||
| 23 | ||||||||
| 24 | Azure deployment flow |
|||||||
| 25 | ||||||||
| 26 | Azure equivalent: |
|||||||
| 27 | ||||||||
| 28 | GWLB tied to VNET |
|||||||
| 29 | Traffic forwarded to CNF |
|||||||
| 30 | CNF enforces policy |
|||||||
| 31 | Traffic exits through Azure NAT Gateway |
|||||||