- 新しい順
- 投票が多い順
- コメントが多い順
Hello,
To migrate the workloads to AWS you can use AWS Site to Site VPN service, this is managed AWS service and you don't need to deploy or manage any extra firewalls on the AWS side.
[+] Site-to-Site VPN single and multiple VPN connection examples - https://docs.aws.amazon.com/vpn/latest/s2svpn/Examples.html
You can setup a AWS Site to Site VPN using below steps:
Step 1: Create a customer gateway > Fortigate External Public IP
Step 2: Create a target gateway > Select Virtual Private Gateway or Transit Gateway if you wish to connect to multiple VPCs.
Step 3: Configure routing
Step 4: Update your security group
Step 5: Create a VPN connection
Step 6: Download the configuration file
Step 7: Configure the customer gateway device (Fortigate firewall)
[+] Getting started with AWS Site-to-Site VPN - https://docs.aws.amazon.com/vpn/latest/s2svpn/SetUpVPNConnections.html
You can define routing in Step 3 and Step 5 as that will give option to add the route pointing towards on-premises CIDR range.
You can inspect all of your traffic to/from AWS using an on premises firewall as you describe. Private connectivity to AWS can be achieved using Direct Connect or site-to-site VPN. In either case, the network topology on the customer side can be configured to use the firewalls.
Note that you can also inspect traffic on the AWS side using Fortigate firewalls and Gateway Load Balancer. This is explained in the documentation - but it is an option as traffic can be inspected on premises.
Thank you so much Brettski for your inputs. it clarified my doubts.
関連するコンテンツ
- AWS公式更新しました 10ヶ月前
- AWS公式更新しました 2年前
Thank you so much Narinder for your quick response. it helped.