Creating Static Route in AWS EC2 Fortigate instance

Posted: August 19, 2018 in fortigate

After Fortigate is installed in AWS , by default, EC2 instances behind Fortigate cannot get to the internet.We need to set default route on Fortigate firewall.

Locating AWS VPC defult gateway

Amazon VPC has default gateway which usually has 1 as in last octet, to locate it click Network-Interfaces-click on WAN interface-Edit

2.PNG

 

3.png

 

Now create static route

 

Network-Static route-Create New

 

1.png

Specify 0.0.0.0/0.0.0.0 as destination

Gateway: IP defined in previous step

Interface:Fortigate internet faced interface

Administrative distance: it’s route metric, in my case,the highest value i could set was 4

 

4

 

Creating outgoing Policy 

Now we need to create outgoing policy from LAN network to the Internet

First,create Address object for defying LAN network:

Policy & Objects-Addresses-New-Create New Address

Type:Subnet

Interface:Any

 

6.PNG

Now create outgoing route in Fortigate

Incoming Interface: LAN interface

Outgoing interface:WAN

Source:LAN subnet

Destination:all

Service:All

Enable NAT in Firewall/Network options

5.PNG

Now, you should be able to browse internet from EC2 instance behind Fortigate firewall

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s