By Jonathan Peng, Staff Solutions Architect
Most Internet services within a Virtual Private Cloud (VPC) need to have multiple Public IP addresses for customers to access. If we want to protect all public traffic with a secured firewall box, we will face the problem of deploying multiple IPs on a single Elastic Compute Service (ECS) instance-based firewall.
In this article, we will be deploying multiple EIPs with one Fortinet NGFW ECS instance to help Alibaba Cloud users to address this problem.
Here are some of the things that you can do with multiple IP addresses and Fortinet NGFW:
Following diagram illustrate the overall concept of how to deploy this solution, we need to go through following 7 steps:
Login Alibaba Cloud console, in product find VPC and create a new VPC and two vSwitches.
In product find ECS and create three different ECS, simulate to provide App 192.168.1.81, Web 192.168.1.82, and Search 192.168.1.80 services.
Create ECS by using Marketplace Image, and choose Fortinet FortiGate NGFW image.
Create 3 SLB for App, Web, and Search HTTP services.
All listener is set to http 80
Different SLB listener need to add the Fortinet Firewall as backend server and point to different port 40001, 40002 and 40003.
Add a default route into the VPC's vRouter and point to Fortinet ECS.
Login to Fortinet ECS.
Add App, Web, and Search private address into Fortinet.
Setup inbound DNAT, create 3 Virtual IPs and mapping 40001 port to App 80 port, 40002 port to Web 80 port, and 40003 port to Search 80 port.
Set up outbound SNAT firewall policy for internet connection.
Set up inbound DNAT firewall policy for internet connection.
At last, we can connect to these three different service servers by SLB IP address.
If you've followed the above steps correctly, you should see all the traffic going through the Fortinet firewall.
Marketplace - February 21, 2019
Alibaba Clouder - February 4, 2019
Alibaba Container Service - March 29, 2019
Alibaba Clouder - September 25, 2018
Alibaba Clouder - January 24, 2019
Sabith - October 25, 2018
A cloud firewall service utilizing big data capabilities to protect against web-based attacksLearn More
An online computing service that offers elastic and secure virtual cloud servers to cater all your cloud hosting needs.Learn More
Anti-DDoS Pro is a value-added service to protect your online business from malicious DDoS attacksLearn More
More Posts by Alibaba Clouder