Creating Static Route in AWS EC2 Fortigate instance

Posted: August 19, 2018 in fortigate

After Fortigate is installed in AWS , by default, EC2 instances behind Fortigate cannot get to the internet.We need to set default route on Fortigate firewall.

Locating AWS VPC defult gateway

Amazon VPC has default gateway which usually has 1 as in last octet, to locate it click Network-Interfaces-click on WAN interface-Edit





Now create static route


Network-Static route-Create New



Specify as destination

Gateway: IP defined in previous step

Interface:Fortigate internet faced interface

Administrative distance: it’s route metric, in my case,the highest value i could set was 4




Creating outgoing Policy 

Now we need to create outgoing policy from LAN network to the Internet

First,create Address object for defying LAN network:

Policy & Objects-Addresses-New-Create New Address





Now create outgoing route in Fortigate

Incoming Interface: LAN interface

Outgoing interface:WAN

Source:LAN subnet



Enable NAT in Firewall/Network options


Now, you should be able to browse internet from EC2 instance behind Fortigate firewall


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s