By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Request for Active-Passive Firewall Automation Solution on AWS

0

Hi,

In my network account, we have deployed multi-AZ Fortinet firewalls, and all traffic passes through both firewalls. However, my customer wants an active-passive firewall setup and wants this to be automated on the AWS side. The internet-facing ALB has a target group attached to these firewalls, and I want the traffic to pass through only one firewall EC2 instance. If that instance becomes unhealthy, the traffic should automatically switch to another instance. Is this possible? Please suggest a solution.

Topics
Networking & Content DeliverySecurity, Identity, & ComplianceCompute
Tags
Amazon VPCAWS Network FirewallAmazon EC2AWS Transit Gateway
Language
English
profile picture
Akshay Salunkhe
asked a year ago3.2K views
1 Answer
2
Accepted Answer

Hi Akshay, Before proposing and implementing a solution it is worth investigating requirements and understand why there is a requirement to have an active-passive setup?

Fortinet themselves have 2 flavors published here - one for active-active (current) and another for active-passive (deprecated, as they note), see https://github.com/fortinet/aws-cloudformation-templates Also take a look here - https://github.com/40net-cloud/fortinet-aws-solutions/tree/master/FortiGate, this repo is maintained by Fortinet's EMEA team.

You may want to look at both, compare and see if these are applicable/compatible.

profile pictureAWS
AWSAmir
answered a year ago
profile picture
EXPERT
Gary Mclean
reviewed a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content