Blogs
AhmeAbee1
New Contributor II
Fortinet is one of the leading Firewall vendors that Alkira’s customers use in their deployments. These enterprise customers consider Fortinet their trusted partner whether they are looking to deploy security appliances inside their data centers or as a virtual form factor in private and public cloud environments.

UploadedImages_FwflhxV9Q9iUN8xf3lY7_image1.jpeg

Figure 1: Network View on Alkira Portal with Fortinet Firewall Service

Firewall deployments in the public clouds are complex, require many steps, lack standardization in the Multi-Cloud environment, and do not offer the same functionality as the on-premise deployment. For example, at a minimum, a cloud engineer needs to do the following for a successful cloud firewall deployment in any CSP environment:

  • Deploy a Security VPC/VNET spanning multiple Availability Zones for high-availability
  • Support connecting large quantities of cloud networks and propagating routes dynamically.
  • Secure inbound and outbound traffic flows.
  • Ensure traffic symmetry when there are multiple firewall instances
  • Utilize multiple route tables in cloud networks to steer traffic flows between VPCs and on-premises networks through the Security VPC
  • Leverage advanced cloud networking features such as Transit Gateway to achieve traffic inspection through the firewall instances in Security VPC while keeping data and pricing in check

In this blog, we cover the Fortinet firewall integration with the Alkira solution and how this integration makes the enterprise customers' deployment super simple and standardized across different regions and cloud providers.  


Alkira’s Integration with Fortinet

Bringing Fortinet to the Alkira network services marketplace allows customers to automatically deploy firewalls in the Alkira Cloud Exchange Point® (CXP), globally distributed multi-cloud points of presence. The firewalls are consumed as a service, allowing them to easily inspect both east-west and north-south traffic flows while maintaining full control of their security posture. By connecting multi-cloud networks through the Alkira Cloud Services Exchange ® with integrated Fortinet FortiGate enabled as a service, cloud engineers no longer need to deploy a Security VPC in each cloud region. They can selectively choose which traffic flows to apply service insertion through the Fortigate without worrying about traffic symmetry or multiple route tables. 


UploadedImages_cIallpAQyiRyLsdFuMxN_image2.jpeg
                                                                                                           Figure 2: Adding Fortinet Firewall Service on the Alkira CXP


Fortinet firewalls deployed in the Alkira Cloud Exchange Points connect to the customer’s existing FortiManager Fortinet Management solution to enforce security policies
consistently across the environment.

UploadedImages_Z3ZdRkpuRQOT38cIcCPF_image3.jpeg
Figure 3: Fortinet Configuration including FortiManager on the Alkira Portal

Customers can deploy Fortinet Fortigate on-demand and autoscale them in the Alkira CXPs to inspect traffic between any cloud or on-premises connections and external ingress and egress communication. 

UploadedImages_sygDFJtT8uCxWhpkPAXN_image4.jpeg
                                                                                              Figure 4: Fortinet Auto-Scale Configuration on Alkira CXP

For enterprises with cloud workloads in multiple regions, the FortiGate can be provisioned in multiple Alkira CXPs. In terms of configurations on the Alkira side, cloud engineers simply use Alkira intent-based policies to determine which traffic needs to be inserted with Fortinet firewall’s services. The concepts of scope and matching rules within the intent-based policies allow them to be applied enterprise-wide or as narrow as the connections between two single IP addresses. Policy highlighting visualizes which network elements are affected by the selected intent-based policy, as depicted below.

UploadedImages_IyV6MARgTa6IOhMCiRkQ_image5.jpeg
Figure 5: Traffic Policy for re-directing traffic through Fortinet Firewall Service


UploadedImages_pBHg2wyqS02ns2kBm4OB_2022-11-09_16-21-59.jpeg

Figure 6: FortiGate Dashboard Showing Interfaces and Zones


Conclusion

Alkira and Fortinet solution integration unlock the true potential of the cloud. It is a win-win solution for customers as they deploy an enterprise-grade security firewall in the cloud without compromising any functionality due to the limitations of the cloud-native constructs. Leveraging the Alkira network cloud for their deployments, enterprises can achieve speed, simplicity, elasticity, and efficiency, thus enabling IT teams to meet business needs on time. 

Solution Brief

Fortinet Integration Guide with Alkira


Modernize your cloud network with Alkira

Alkira Cloud Area Networking is a full stack, edge-to-cloud, enterprise-grade network.  With built-in routing and network services. 100% cloud-built.  With no agents to install. And delivered as-a-service.

Just auto-connect your clouds, sites, users, and even SD-WAN fabrics.  Instantly deliver networking for site-to-site, Internet/SaaS applications within and across clouds.  All with single-pane visibility, HA, and segmentation.  We automate all the tedious network plumbing for you.

Immediately spin up and autoscale best-of-breed network services from your favorite vendor.   They’re fully integrated into your new network.  No more complicated routing domains.  No more over-provisioning.  No more security compromises.  And no more deployment delays. 

With Alkira Cloud Area Networking, you can stand up new global networks and cloud onramps in hours instead of months.  One cloud or many.  And for the first time, enjoy an elastic network that scales up and down based on business demand.

And the best thing about Cloud Area Networking?  It’s delivered as a service. No hardware to buy.  No software to download.  No cloud to learn.  With Alkira, your network team will move faster.  Manage less. And save more.  

Reach out and schedule a demo today to learn more about how Alkira can help simplify cloud area networking for your organization.

You can also try our Cloud Insights tool for free here, giving you instant inventory and insights into your cloud networking resources.

About the Authors:  Ahmed Abeer  &  Deepesh Kumar

Ahmed Abeer is a Sr. Product Manager at Alkira, where he is responsible for building a best-in-class Multi-Cloud Networking and Security Product. He has been in Product Management for over ten years in different big and small organizations. He has worked with large enterprise and service provider customers to enable LTE/5G MPLS network infrastructure, automate Layer 3 Data Centers, enable Next-Gen Multi-Cloud architecture, and define customers’ Multi-Cloud strategies. Ahmed’s technical expertise in Cloud Computing and Layer 2/Layer 3 network technologies. Ahmed is a public speaker at various conferences & forums and holds a Master’s Degree in Computer Engineering.

Deepesh Kumar is a Solutions Architect and product specialist in the computer networking industry with over 6 years of experience. He currently works as part of the post-sales team at Alkira and focuses on working with customers to design and deploy the Alkira solution. Prior to working here, he worked at Viptela, which was acquired by Cisco Systems. He holds a master's degree from San Jose State University.