Fortinet firewalls offer strong security at a good price point. Gartner named the company one of three leaders in its Enterprise Network Firewall Magic Quadrant, along with Palo Alto and Checkpoint. NSS labs tested the FortiGate 500E and gave it a 99.3% security effectiveness rating. Performance testing came in strong at 6,753 Mbps.
AWS Site to Site VPN provides a robust solution for connectivity into your VPC's. We really like how the AWS solution provides best in class availability by providing two separate tunnels for redundancy. Also the solution supports BGP which increases availability. If your firewall does not support BGP AWS can work with static routes.
Recently, we have been tasked with combining AWS VPN with Fortinet Next Generation Firewalls to create hybrid cloud solutions for several clients. Although the solution works well, I will share a few issues that we had to figure out the hard way. First, once you complete the setup of the Customer Gateway and Virtual private gateway and VPN on AWS, a configuration file "instructions" for your firewall is provided. We found a few errors and omissions with the instructions and hope that this will save others some time. The set remote-ip command shown in figure 1 on the system interface does not include the subnet in the text file and will cause an error. The AWS instructions also show "config router gwdetect" shown in figure 2. This has been changed in the newer Fortinet firmware to "config system link-monitor". And finally, If your tunnels are showing connected but you still cannot ping check your routes. Make sure your EC2 instances are not set to send VPN traffic out the "IGW" instead of "VPG". If you are using BGP make sure those routes are set to be propagated.
Overall, this has proven to be a robust combination of technologies. We recommend this technology combination for affordable Hybrid Cloud Solutions. Don't hesitate to contact us for assistance in designing your Hybrid Cloud Solutions.
|Figure 1||Figure 2|
Hybrid Cloud Solutions, start with connectivity.
Join us and connect to the cloud!