Fortinet Inc.

11/10/2020 | Press release | Distributed by Public on 11/10/2020 10:45

Highly Scalable FortiGate Next Generation Firewall Security on AWS Gateway Load Balancer Service

Customers are increasingly adopting deeper and more comprehensive solutions to secure their Amazon Virtual Private Cloud (Amazon VPC) environments. They are implementing their security solutions with high availability architectures to ensure that protection is always on against malicious actors and threats. But these types of deployments increase operational complexity. In many cases, other teams within an organization that don't have the security expertise simply bypass the use of security appliances.

AWS Gateway Load Balancer (GWLB) is a new service from AWS that makes it easy to deploy, scale, and manage virtual appliances such as firewalls, intrusion detection and prevention systems, and deep packet inspection systems, in the cloud. Now, customers can simplify their VPC security deployment and improve resiliency by delivering FortiGate-VM based Next Generation Firewall protection as a service with GWLB.

Fortinet's FortiGate-VM integration with GWLB helps customers deploy NextGen Firewall in the cloud with high availability, scaling, and load balancing, while using FortiGate's robust connectivity features like high performance IPSec VPN, SSL VPN and rich security features including Intrusion Prevention (IDPS), Deep Packet Inspection (DPI), URL Filtering, AntiSpam and Anti-malware protection.

FortiGate-VM Next Generation Firewall Security connected with GWLB addresses two key use cases with couple of deployment options - North-South Inspection and East-West Inspection.

Use case 1: North-South Inspection

In typical AWS deployments most of the application instances in a VPC reside in a Private subnet and are blocked from accessing resources outside the local network. But some application instances need to be accessible to users over the internet and in some other cases applications or servers need to access other services like automatic software updates. In these cases, the traffic to and from the internet must be inspected to prevent attacks and reduce the risk of breaches. For these reasons, customers can deploy FortiGate-VM with the GWLB service to protect their application instances.

The first option is to use AWS Gateway Load Balancer Endpoints (GWLBE) from Customer VPCs. GWLBE makes it easy for users to secure their internet bound traffic without the hassle of having to setup and manage virtual firewalls and policies.