Fortigate as gateway for multiple vpcs

0

we currently have an environment set up that uses a fortigate in one vpc as the gateway for 2 other vpcs through a transit gateway, we want to know if there is any way to achieve this without the transit gateway

3 Answers
0

Yes you can do that. Through Gateway Load balancer Endpoint in spoke + GWLB with Fortgiate as target in dedicated VPC.

See Diagram 2 in Palo Alto article with dotted green and dotted blue line flow ( forget about TGW in that diagram )

Essentially , you will created Gateway Endpoint in both spoke, link them with Gateway LB in dedicated VPC that has Fortigate registered with it.

After that some Appliances provide 2 ARM design where traffic will exit out to internet through second ENI of fortigate through IGW in fortigate/GWLB VPC. or in One Arm design where traffic will come back to spoke VPC and exit through spoke VPC IGW.

https://www.paloaltonetworks.com/blog/network-security/vm-series-integration-with-aws-gateway-loadbalancer/

I just want to give you architectural guidance that what you want to do is achievable.

answered 3 months ago
0

Hi, why would you like to achieve this without a transit gateway? Technical requirement, cost? it depends on the reason the most suitable answer. If its because cost, then there other options like Gateway Load balancer but this also implies a cost, if it is because you would like to get other benefits like load balancing, north-south traffic inspection then gateway load balancer could be a solution without transit gateway. If is other reason and you just want to remove transit gateway, then before the transit gateway this kind of scenario was deployed using a Transit VPC, where one central VPC (your fortigate VPC) connects with every other VPC (spoke VPC) through a VPN connection. This architecture comes with own challenges, and transit gateway was the service that came to resolve them, however is still possible to do that configuration.

profile picture
AWS
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions