Diagram.
![](https://tungle.ca/wp-content/uploads/2022/03/image-27.png)
Below are a couple of steps to deploy Fortinet on AWS.
Create a new VPC.
![](https://tungle.ca/wp-content/uploads/2022/03/1-1.png)
Create a public subnet.
![](https://tungle.ca/wp-content/uploads/2022/03/2-1.png)
Create a private subnet.
![](https://tungle.ca/wp-content/uploads/2022/03/3-1.png)
![](https://tungle.ca/wp-content/uploads/2022/03/4-1-1024x385.png)
Create an Internet gateway.
![](https://tungle.ca/wp-content/uploads/2022/03/5-1.png)
Attach the gateway to your VPC.
![](https://tungle.ca/wp-content/uploads/2022/03/6-1.png)
Edit Route table, change default Route table to Private Route Table.
![](https://tungle.ca/wp-content/uploads/2022/03/7-1-1024x628.png)
Create a Public Route Table.
![](https://tungle.ca/wp-content/uploads/2022/03/8-1.png)
![](https://tungle.ca/wp-content/uploads/2022/03/9-1-1024x375.png)
Link Lab Public Subnet to Public Route Table.
![](https://tungle.ca/wp-content/uploads/2022/03/10-1-1024x725.png)
![](https://tungle.ca/wp-content/uploads/2022/03/11-1-1024x523.png)
Create a new key pair.
![](https://tungle.ca/wp-content/uploads/2022/03/12-1.png)
Go to EC2, and deploy Fortinet on AWS.
![](https://tungle.ca/wp-content/uploads/2022/03/13-1-1024x691.png)
![](https://tungle.ca/wp-content/uploads/2022/03/14-2.png)
![](https://tungle.ca/wp-content/uploads/2022/03/15-1-1024x498.png)
Select your VPC, the subnet belongs to Lab Public Subnet. Also Auto-assign Public IP is Enable.
![](https://tungle.ca/wp-content/uploads/2022/03/16-1-1024x740.png)
![](https://tungle.ca/wp-content/uploads/2022/03/19-1-1024x830.png)
Security Group.
![](https://tungle.ca/wp-content/uploads/2022/03/18-1-1024x424.png)
![](https://tungle.ca/wp-content/uploads/2022/03/17-1-1024x485.png)
![](https://tungle.ca/wp-content/uploads/2022/03/20-1-1024x742.png)
![](https://tungle.ca/wp-content/uploads/2022/03/21-1.png)
![](https://tungle.ca/wp-content/uploads/2022/03/22-1-1024x599.png)
![](https://tungle.ca/wp-content/uploads/2022/03/24-1-1024x609.png)
Go to Network interfaces. Change the interface to Fortinet Public Subnet.
![](https://tungle.ca/wp-content/uploads/2022/03/25-1024x555.png)
Create a new Fortinet Private subnet.
![](https://tungle.ca/wp-content/uploads/2022/03/26-1.png)
Attach this network interface to Fortinet EC2.
![](https://tungle.ca/wp-content/uploads/2022/03/28-1-1024x507.png)
![](https://tungle.ca/wp-content/uploads/2022/03/27-1-1024x557.png)
Create a new Elastic IP address.
![](https://tungle.ca/wp-content/uploads/2022/03/30-1.png)
![](https://tungle.ca/wp-content/uploads/2022/03/31-2-1024x754.png)
Associate this Elastic IP address to Fortinet EC2.
![](https://tungle.ca/wp-content/uploads/2022/03/34-1.png)
![](https://tungle.ca/wp-content/uploads/2022/03/35-1-1024x677.png)
Now, Fortinet has two interfaces. One is Private, and another one is Public.
![](https://tungle.ca/wp-content/uploads/2022/03/36-1.png)
![](https://tungle.ca/wp-content/uploads/2022/03/37-1.png)
Access Fortinet via the Internet.
![](https://tungle.ca/wp-content/uploads/2022/03/39.png)
![](https://tungle.ca/wp-content/uploads/2022/03/38-1-1024x529.png)
Login to Fortinet.
![](https://tungle.ca/wp-content/uploads/2022/03/40-1.png)
Change password to login to Fortinet.
![](https://tungle.ca/wp-content/uploads/2022/03/41-3-1024x569.png)
![](https://tungle.ca/wp-content/uploads/2022/03/42-1-1024x811.png)
Edit interfaces.
WAN interface.
![](https://tungle.ca/wp-content/uploads/2022/03/43-3-1024x771.png)
LAN interface.
![](https://tungle.ca/wp-content/uploads/2022/03/48-1-1024x799.png)
![](https://tungle.ca/wp-content/uploads/2022/03/50-1-1024x592.png)
Edit Security Group to allow to ping Fortinet.
![](https://tungle.ca/wp-content/uploads/2022/03/45-1024x549.png)
![](https://tungle.ca/wp-content/uploads/2022/03/46-1.png)
Disable Source and Destination Check on “Fortinet Private subnet”.
![](https://tungle.ca/wp-content/uploads/2022/03/51-1-1024x604.png)
![](https://tungle.ca/wp-content/uploads/2022/03/52-1-1024x505.png)
![](https://tungle.ca/wp-content/uploads/2022/03/53-1-1024x757.png)
Now, change the route to route private subnet traffic via Fortinet Private subnet interface.
![](https://tungle.ca/wp-content/uploads/2022/03/54-1-1024x441.png)
![](https://tungle.ca/wp-content/uploads/2022/03/55-1-1024x700.png)
Create a new Windows 2016 VM EC2. The machine is belonged to “Lab private Subnet”.
![](https://tungle.ca/wp-content/uploads/2022/03/56-1-1024x837.png)
![](https://tungle.ca/wp-content/uploads/2022/03/57-1-1024x690.png)
Create a new Windows Security Group to allow HTTP and RDP traffic.
![](https://tungle.ca/wp-content/uploads/2022/03/58-1-1024x434.png)
![](https://tungle.ca/wp-content/uploads/2022/03/59-1024x746.png)
![](https://tungle.ca/wp-content/uploads/2022/03/60-1.png)
![](https://tungle.ca/wp-content/uploads/2022/03/61-1-1024x479.png)
Back to Fortinet to configure FIrewall Policy to allow traffic from Fortinet Private subnet to access the Internet.
![](https://tungle.ca/wp-content/uploads/2022/03/61-2-1024x479.png)
Configure port forwarding to allow traffic.
![](https://tungle.ca/wp-content/uploads/2022/03/63-1-1024x680.png)
![](https://tungle.ca/wp-content/uploads/2022/03/65-1-1024x896.png)
Allow inbound traffic from WAN to this machine.
![](https://tungle.ca/wp-content/uploads/2022/03/66-1-1024x840.png)
Try to access the machine.
![](https://tungle.ca/wp-content/uploads/2022/03/67-1.png)
Sniffer traffic on Fortinet.
![](https://tungle.ca/wp-content/uploads/2022/03/68-1-1024x253.png)
Modify the Security group to allow RDP.
![](https://tungle.ca/wp-content/uploads/2022/03/69-1-1024x554.png)
![](https://tungle.ca/wp-content/uploads/2022/03/70-1-1024x642.png)
Load private key to decrypt Windows password.
![](https://tungle.ca/wp-content/uploads/2022/03/71-1.png)
Access RDP to Windows 2016 instance on AWS.
![](https://tungle.ca/wp-content/uploads/2022/03/72-1.png)
Now we can see the RDP traffic via Fortinet.
diagnose sniffer packet port1 "port 3389"
![](https://tungle.ca/wp-content/uploads/2022/03/73-1.png)
The Windows machine is able to access the Internet.
![](https://tungle.ca/wp-content/uploads/2022/03/74-1.png)