cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

East-West traffic being forced to FortiGates vs NSG's being used for East-West Traffic

Jon_R
Copper Contributor

‎Sep 21 2021 11:11 AM - edited ‎Sep 21 2021 11:16 AM

‎Sep 21 2021 11:11 AM - edited ‎Sep 21 2021 11:16 AM

East-West traffic being forced to FortiGates vs NSG's being used for East-West Traffic

Good day everyone,

 

I wanted to get some opinions on a proposed Networking idea I have for my organization. We will be deploying a new environment based on the CAF model (Hub & Spoke) which will have various Subscriptions for different types of workloads (Core, Non-Prod, UAT, Prod etc.)

 

Each Subscription will have 1 VNet which is peered back to only the Core. I am proposing to have an N-Tier structure for the Subnets i.e IaaS-WEB, IaaS-APP & IaaS-DB as well as PaaS & SaaS (possibly) Subnets for Private Endpoints when needed.

 

In our Core Subscription we will be using FortiGates as our Firewall. My idea was to force all Outbound and internal VNet traffic to the FortiGates and manage all the rules and logs from one central location (FortiGate). This would mean we wouldn't be leveraging NSG's between the Subnets for managing rules between workloads and they would only have allow rules for traffic from the Firewall and potentially any other Azure Services i.e App Gateway, Load Balancer etc.

 

My reasoning in sending all the traffic to the FortiGates was to leverage it's security features and to have a central location to manage traffic flow rules and logs.

 

Looking for feedback.

 

Cheers,

 

Jonathan

 

989 Views
0 Likes
1 Reply
Reply
1 Reply
JamieGB

‎Sep 29 2021 02:28 AM

‎Sep 29 2021 02:28 AM

Re: East-West traffic being forced to FortiGates vs NSG's being used for East-West Traffic

Nothing wrong with this. It's quite a common deployment scenario.

Jamie.
0 Likes
Reply