Fortinet black logo

Administration Guide

Home FortiGate CNF Administration Guide

Distributed inter-subnet east-west traffic in one AZ Example

Distributed inter-subnet east-west traffic in one AZ Example

Scenario objective

Traffic between two subnets in the same availability zone (AZ) in one VPC is inspected by a FortiGate CNF instance.

Before deployment of FortiGate CNF

Traffic in this scenario is east-west within the same availability zone (AZ) in a region. All routes are local routes.

The Before deployment of FortiGate CNF traffic flow is as follows:

  1. Traffic originates from compute resources located in Private Subnet 1 (10.1.3.0/24).

  2. Traffic goes to compute resources located in Private Subnet 2 (10.1.4.0/24).

Routing tables

The routing tables are defined as follows.

Private Subnet 1 route table
Destination Target
10.1.0.0/16 Local
Private Subnet 2 route table
Destination Target
10.1.0.0/16 Local

After deployment of FortiGate CNF

The After deployment of FortiGate CNF topology traffic flow is as follows:

  1. Ttraffic goes from Private Subnet 1 (10.1.3.0/24) to the GWLBe located in CNF Endpoint Subnet (10.1.1.0/24).

  2. Traffic is sent to the FortiGate CNF instance for inspection.

  3. FortiGate CNF sends traffic back to the GWLBe.

  4. The GWLBe forwards the traffic to Private Subnet 2 (10.1.4.0/24).

To deploy the FortiGate CNF instance in this scenario:

  1. In AWS, add a subnet CNF Endpoint Subnet (10.1.1.0/24) and the associated route table.

    Destination Target
    10.1.0.0/16 Local

  2. In FortiGate CNF, deploy a GWLBe to this subnet.

  3. In AWS, add a route to the Private Subnet 1 route table to route all traffic going to Private Subnet 2 to the GWLBe.

    Destination Target
    10.1.0.0/16 Local

    10.1.4.0/24

    GWLBe

  4. In AWS, add a route to the Private Subnet 2 route table to route all traffic going to Private Subnet 1 to the GWLBe.

    Destination Target
    10.1.0.0/16 Local

    10.1.3.0/24

    GWLBe

Previous
Next

Distributed inter-subnet east-west traffic in one AZ Example

Scenario objective

Traffic between two subnets in the same availability zone (AZ) in one VPC is inspected by a FortiGate CNF instance.

Before deployment of FortiGate CNF

Traffic in this scenario is east-west within the same availability zone (AZ) in a region. All routes are local routes.

The Before deployment of FortiGate CNF traffic flow is as follows:

  1. Traffic originates from compute resources located in Private Subnet 1 (10.1.3.0/24).

  2. Traffic goes to compute resources located in Private Subnet 2 (10.1.4.0/24).

Routing tables

The routing tables are defined as follows.

Private Subnet 1 route table
Destination Target
10.1.0.0/16 Local
Private Subnet 2 route table
Destination Target
10.1.0.0/16 Local

After deployment of FortiGate CNF

The After deployment of FortiGate CNF topology traffic flow is as follows:

  1. Ttraffic goes from Private Subnet 1 (10.1.3.0/24) to the GWLBe located in CNF Endpoint Subnet (10.1.1.0/24).

  2. Traffic is sent to the FortiGate CNF instance for inspection.

  3. FortiGate CNF sends traffic back to the GWLBe.

  4. The GWLBe forwards the traffic to Private Subnet 2 (10.1.4.0/24).

To deploy the FortiGate CNF instance in this scenario:

  1. In AWS, add a subnet CNF Endpoint Subnet (10.1.1.0/24) and the associated route table.

    Destination Target
    10.1.0.0/16 Local

  2. In FortiGate CNF, deploy a GWLBe to this subnet.

  3. In AWS, add a route to the Private Subnet 1 route table to route all traffic going to Private Subnet 2 to the GWLBe.

    Destination Target
    10.1.0.0/16 Local

    10.1.4.0/24

    GWLBe

  4. In AWS, add a route to the Private Subnet 2 route table to route all traffic going to Private Subnet 1 to the GWLBe.

    Destination Target
    10.1.0.0/16 Local

    10.1.3.0/24

    GWLBe

Previous
Next