What is Aviatrix Firewall Network (FireNet)?
Aviatrix Firewall Network (FireNet) is a turnkey network solution to deploy firewall instances in the cloud, as shown in the diagram below.
FireNet significantly simplifies firewall instance deployment and allows the firewall instances to inspect VPC/VNet to VPC/VNet (East West) traffic, VPC/VNet to Internet (Egress) traffic, and VPC/VNet to on-prem (North South) traffic.
In addition, FireNet allows you to scale firewall deployment to multiple AZs and multiple instances in active/active state.
What are the integration points with Fortinet firewall?
-
Managing Life Cycle of Fortinet firewall instances
-
Aviatrix Controller launches and deletes Fortinet firewall instances.
-
Supports Fortinet Bootstrap mechanism (for AWS and Azure) to simplify firewall instance launching and preload any firewall configurations.
-
-
Managing Fortinet firewall instances pool
-
The Aviatrix Controller monitors individual firewall health by periodically pining the LAN interface of each firewall instances. Ping period is every 5 second with a 20ms ping time out. The failure detection is maximum 5 seconds and 40ms. The Aviatrix Controller automatically detaches a unhealthy firewall instance. When the firewall instance is reachable again, it automatically attaches it back to the pool.
-
You can initiate a new firewall instance to be launched and attached to pool at any given time.
-
You can initiate to remove a firewall instance from the pool at any given time.
-
-
Static Route Configuration
Currently there is no API integration to automatically populate Fortinet route table entries. Customer needs to configure these entries. We recommend configuring the 3 RFC 1918 routes to point to the firewall LAN interface. For FireNet deployment, the RFC 1918 routes should point to the LAN interface subnet cloud provider’s default gateways. For Transit FireNet deployment, the RFC 1918 routes should point to the FireNet Gateway LAN interface IP, as shown in this example.