To implement security for the traffic between two VPCs in AWS, while keeping separate
management of each department’s VPC, two possible actions are:
Create a transit VPC with a FortiGate HA cluster, connect to the other two using VPC peering, and use
routing tables to force traffic through the FortiGate cluster. This option allows the cybersecurity
department to manage the transit VPC and apply security policies on the FortiGate cluster, while the
other departments can manage their own VPCs and instances. The VPC peering connections enable
direct communication between the VPCs without using public IPs or gateways. The routing tables can
be configured to direct all inter-VPC traffic to the transit VPC.
Create a VPC with a FortiGate auto-scaling group with a Transit Gateway attached to the three VPCs
to force routing through the FortiGate cluster. This option also allows the cybersecurity department
to manage the security VPC and apply security policies on the FortiGate cluster, while the other
departments can manage their own VPCs and instances. The Transit Gateway acts as a network hub
that connects multiple VPCs and on-premises networks. The routing tables can be configured to
direct all inter-VPC traffic to the security VPC. Reference:
https://docs.fortinet.com/document/fortigate-public-cloud/7.2.0/aws-administrationguide/506140/connecting-a-local-fortigate-to-an-aws-vpc-vpn
https://docs.fortinet.com/document/fortigate-public-cloud/7.0.0/sd-wan-architecture-forenterprise/166334/sd-wan-configuration
