Deploying FortiGate for AWS


This recipe introduces the process of deploying FortiGate for AWS. See below for recipes in this process:

  1. Determine your licensing model
  2. Register and download your licenses
  3. Create a VPC and subnets
  4. Attach the new VPC to the Internet gateway
  5. Subscribe to the FortiGate
  6. Create a routing table and associate subnets
  7. Connect to the FortiGate
  8. [Use case] Set up a Windows Server in the protected network
  9. [Connectivity test] Configure FortiGate firewall policies and virtual IPs

The FortiGate Enterprise Firewall for Amazon Web Services (AWS) is deployed as a virtual appliance in AWS (IaaS). This recipe shows you how to install and configure a single instance FortiGate-VM virtual appliance in AWS to provide a full NGFW/UTM security solution to protect your workloads in the AWS IaaS.

Networking is a core component in using AWS services, and using virtual private clouds (VPCs), subnets, and virtual gateways help you to secure your resources at the networking level.

This recipe covers the deployment of simple web servers, but this type of deployment can be used for any type of public resource protection, with only slight modifications. With this architecture as a starting point, you can implement more advanced solutions, including multi-tiered solutions.

In this recipe, two subnets are created: Subnet1, which is used to connect the FortiGate-VM to the AWS Virtual Gateway on the public-facing side, and Subnet2, which is used to connect the FortiGate-VM and the Windows server on the private side.