Blogs

AWS Cloud-WAN integration Fortinet SD-WAN enables cloud-network convergence

By Alan posted Oct 09, 2022 07:24 AM

  

Feature Introduction

AWS Cloud WAN

AWS Cloud WAN provides a central dashboard for making connections between your branch offices, data centers, and Amazon Virtual Private Clouds (Amazon VPCs)—building a global network with only a few clicks. You use network policies to automate network management and security tasks in one location. Cloud WAN generates a complete view of your on-premises and AWS networks to help you monitor network health, security, and performance.

 

Fortinet SD-WAN

Fortinet SDWAN (software-defined wide-area network) solution enables enterprises to transform and secure all WAN edges. Leveraging the Security-driven Networking approach that uses one operating system and one centralized management console, enterprises realize superior user experience, enhanced security posture effectiveness with converged networking and security, and achieve operational continuity and efficiency. Fortinet FortiGate delivers fast, scalable, and flexible Secure SD-WAN for cloud-first, security-sensitive, and global enterprises. Our Security-Driven Networking approach consolidates SD-WAN, next-generation firewall (NGFW), and advanced routing.

 

Example and Configuration Instructions

In this example, we choose three regions perform the test, separately in each region create 2 VPCs, Define different feature properties. Deploy web server as a test application in Business-VPC, deploy FortiGate as an SD-WAN access node in Fortinet-VPC. Network connectivity between VPCs is established through AWS Cloud WAN.

We deploy AWS Cloud WAN and Fortinet SD-WAN with minimal configuration operations enabled cloud-network convergence, connecting to the closest Fortinet SD-WAN access node deployed in AWS via FortiGate at the Singapore branch, verify the endpoint to have the best experience accessing all services deployed in AWS.

Design parameters:

Region

Virginia

Singapore

Frankfurt

VPC Name

Business-VPC

Fortinet-VPC

Business-VPC

Fortinet-VPC

Business-VPC

Fortinet-VPC

Business-VPC CIDR

10.0.1.0/24

10.0.2.0/24

10.0.3.0/24

Fortinet-VPC CIDR

172.16.1.0/24

172.16.32.0/24

172.16.2.0/24

172.16.32.0/24

172.16.3.0/24

172.16.32.0/24

SD-WAN CIDR

10.0.255.0/24

10.0.254.0/24

10.0.253.0/24

Architecture:

 

Deploy VPC

Create a VPC based on the design parameters

1、Virginia Configuration:

  • Create a VPC named Business-VPC with a subnet address segment configured as 10.0.1.0/24
  • Create a VPC named Fortinet-VPC with a subnet address segment configured as 172.16.1.0/24 and 172.16.32.0/24

2、Singapore Configuration:

  • Create a VPC named Business-VPC with a subnet address segment configured as 10.0.2.0/24
  • Create a VPC named Fortinet-VPC with a subnet address segment configured as 172.16.2.0/24 and 172.16.32.0/24

3、Frankfurt Configuration:

  • Create a VPC named Business-VPC with a subnet address segment configured as 10.0.3.0/24
  • Create a VPC named Fortinet-VPC with a subnet address segment configured as 172.16.3.0/24 and 172.16.32.0/24

Deploy Cloud WAN

Create a cloud wan based on example needs, Select AWS Cloud WAN in the left column of the VPC control page, click Network Manager to enter the Cloud WAN design and configuration page.

  1. Create a Global network named "Fortinet" as the root network unit
  2. Configure the Core networks of the root network unit
  • Set "ASN range" to "64521-64529"
  • Set "Edge locations", select Virginia, Singapore, Frankfurt
  • Set "Segment name" to "sdwan"
  1. Configure Core network Policy
  • Create an Argument policy rule
  • Set "Rule number" to "200"
  • Set "Attach to Segment" to "sdwan"
  • Set "Attachment condition" type to "any"
  • After creating a policy, click View and apply change set to send the configuration to make it take effect.

  1. Configure the Attachment for the Core network
  • Create an Attachment named "Virginia-Business"
  • Set "Edge location", select "Virginia"
  • Set "Attachment type", select "VPC"
  • Set "VPC Attachment", select "Business-VPC"
  • Follow step 4 to create the appropriate attachments for the 6 VPCs in turn.

 

Deploy Business-VPC instance

Deploy a Linux instances in each Business-VPC in each Region and install Web Server for business testing.

  1. Virginia configuration:
  • IP address 10.0.1.80
  • Complete the Web Server deployment

 

  1. Singapore configuration:
  • IP address 10.0.2.80
  • Complete the Web Server deployment

 

  1. Frankfurt configuration:
  • IP address 10.0.3.80
  • Complete the Web Server deployment

 

Deploy Fortinet-VPC instance

Deploy a FortiGate instance in each Fortinet-VPC in each Region, allocate 2 NICs, one as a private connection to Business-VPC, and the other as a public connection to internet, and configure different address segments.

  1. Virginia configuration:
  • Private connection IP address 172.16.1.254, Public connection IP address 172.16.32.254 (Binding EIP)
  • Complete the FortiGate deployment and activate license

 

  1. Singapore configuration:
  • Private connection IP address 172.16.2.254, Public connection IP address 172.16.32.254 (Binding EIP)
  • Complete the FortiGate deployment and activate license

 

  1. Frankfurt configuration:
  • Private connection IP address 172.16.3.254, Public connection IP address 172.16.32.254 (Binding EIP)
  • Complete the FortiGate deployment and activate license

 

Deploy VPC routing

  1. Virginia configuration:
  • Business-VPC, set the routing interface for target 10.0.0.0/22 and 172.16.0.0/22 as Core network
  • Fortinet-VPC, set the routing interface for target 10.0.0.0/22 and 172.16.0.0/22 as Core network

 

  1. Singapore configuration:
  • Business-VPC, set the routing interface for target 10.0.0.0/22 and 172.16.0.0/22 as Core network
  • Fortinet-VPC, set the routing interface for target 10.0.0.0/22 and 172.16.0.0/22 as Core network

 

  1. Frankfurt configuration:
  • Business-VPC, set the routing interface for target 10.0.0.0/22 and 172.16.0.0/22 as Core network
  • Fortinet-VPC, set the routing interface for target 10.0.0.0/22 and 172.16.0.0/22 as Core network

 

Deploy SD-WAN access nodes

Virginia Configuration:

  1. Create an IPSec Tunnel named SD-WAN, template type select "Custom"
  • Set "Remote Gateway", select "Dialup User"
  • Set "Interface", select "port2"
  • Set "Pre-shared Key" to 123456789
  • Set "IKE Version", select "2"
  • Set "Peer Options", select "Any peer ID"

 

  1. Configure the SD-WAN interface IP address and access permissions
  • Set the Address IP" to 10.0.255.254
  • Set The Remote IP/Netmask" to 10.0.255.254/24
  • Set Administrative Access", select "Ping"

 

  1. Configure static route for access test services
  • Set "Destination" to 10.0.0.0/22
  • Set "Interface", select "port1"
  • Set "Administrative Distance" to "1"

 

  1. Configure the Firewall Policy for accessing the test business
  • Set "Incoming Interface", select "SD-WAN"
  • Set "Outgoing Interface", select "port1"
  • Set "Source", select "all"
  • Set "Destination", select "Business Address (10.0.0.0/22) "

Follow this method to complete the deployment of the other two SD-WAN access nodes. 

Deploy Branch Office

Branch Office's FortiGate configuration:

  1. Create an IPSec Tunnel named "sdwan01", template type chooses Custom
  • Set "Remote Gateway" to Singapore EIP
  • Set "Interface", select "port1"
  • Set "Dead Peer Detection", select "On Idle"
  • Set "Pre-shared Key" to 123456789
  • Set "IKE Version", select "2"

 

  1. Configure the IP address and access permissions for the "sdwan01" interface
  • Set "Address IP" to 10.0.254.1
  • Set "Remote IP/Netmask" to 10.0.254.254/24
  • Set "Administrative Access", select "Ping"

 

  1. Configure SD-WAN Zones, add sdwan01 to virtual-wan-link
  • Create an SD-WAN Member
  • Set "Interface", select "sdwan01"
  • Set "SD-WAN Zone", select "Virtual-wan-link"

 

  1. Configure SD-WAN Rules to let traffic to the test application flow out of "sdwan01"
  • Set "Destination", select "Business Address"
  • Set "Outbound Interface", select "sdwan01"

 

  1. Configure the Firewall Policy for accessing the test business
  • Set "Incoming Interface", select "port10"
  • Set "Outgoing Interface", select "virtual-wan-link"
  • Set "Source", select "all"
  • Set "Destination", select "Business Address (10.0.0.0/22)"

 

Verify

  1. Verify connectivity in branch office to business by ping each Business-VPC test service

 

  1. Verify availability in branch office to access each Business-VPC test service via browser

 

Permalink

Comments

Oct 30, 2022 11:55 PM

We have a large variety of medicines in our inventory. About various products, Online medicine store have informative material which can be provided to you upon request. We will provide you with the information when you will contact us. Online medicine store are effective by using these medicines you can solve your sexual problems such as erectile dysfunction or low libido etc. Not for only men we provide medicines for solving women's sexual health issues. These medicines help you in increasing penis size and time of sex. You can enjoy more and will become satisfied.

  • Why Choose Us

 If you can’t find the medicine, then kindly inform we will try to arrange it for you. You can easily contact us through our contact page. Our agents will try to help you find what you are searching for. Alternate of any medicine we can suggest to you if anyone is not available but we do not recommend any medicine as it needs a proper diagnosis.

You cannot change your order once you have completed the process of placing an order. Before the payment process, you can cancel the order at any time. 

  • Our Products

Golden Bull

Levitra 100mg

Root Hegemon superpower

Super Kamagra

Xxl cream for men

Tongkat Ali xxx power

Viagra 100mg

180 Hours Power

25000 Delay Gel

48 Hours gold chocolate

Aloe Vera Slimming Cream

Alpha Maxx

Atlant Gel

Bathmate HydroMax pump X30 quantity

Bathmate HydroMax pump X30

Bathmate X40 Pump quantity

Bathmate X40 Pump

Beard Growth

  • Contact Us

You can log on to our website info@onlinemedicinestore.ae Or Call our number 0508430979 to place an order.

Dubai, UAE.