FortiGate Cloud-Native Firewall

Why do you need FortiGate CNF?

78% of organizations have security gaps in cloud workloads. Self-managed firewalls in AWS require capacity planning, patching, HA configuration. Native AWS tools don’t provide advanced threat protection.

FortiGate CNF is AWS-native managed NGFW with auto-scaling and FortiGuard threat intelligence. Zero infrastructure management - Fortinet manages patching, updates and availability. Pay-as-you-go without upfront costs.

How does it work?

AWS-Native Architecture

Managed service integration:

• AWS Gateway Load Balancer integration
• VPC endpoint deployment
• Auto-scaling based on traffic
• Multi-AZ high availability
• Native AWS networking

FortiOS Foundation

Enterprise NGFW capabilities:

• Same FortiOS as on-premise
• Consistent security policies
• FortiGuard protection
• SSL inspection
• Application control

Managed Operations

Fortinet handles operations:

• Automatic updates and patches
• Capacity scaling
• High availability
• Performance optimization
• 24/7 monitoring

Key Features

Threat Protection

• IPS/IDS
• Antivirus/anti-malware
• Web filtering
• DNS security
• FortiGuard threat intel

Traffic Inspection

• North-south (internet traffic)
• East-west (VPC to VPC)
• Egress filtering
• Ingress protection
• SSL/TLS inspection

Policy Management

• Centralized policy console
• Per-VPC policies
• Microsegmentation
• Consistent with on-prem FortiGate
• API automation

Logging & Visibility

• CloudWatch integration
• FortiAnalyzer support
• Traffic analytics
• Compliance reporting
• Real-time dashboards

Deployment Model

Architecture:

Internet <-> FortiGate CNF <-> Your VPCs
                   |
          AWS Gateway Load Balancer
                   |
        Endpoints in each VPC

Integration:

• AWS Transit Gateway
• VPC peering support
• Multiple AWS accounts
• Cross-region deployment

FortiGate CNF vs Self-Managed

	FortiGate CNF	FortiGate VM
Management	Fortinet managed	Self-managed
Scaling	Automatic	Manual
HA config	Built-in	Your responsibility
Updates	Automatic	Manual
Pricing	Pay-as-you-go	Instance-based

Who is it for?

• AWS-first organizations seeking managed security
• DevOps teams without dedicated security ops
• Enterprise with consistent hybrid security requirements
• Companies seeking predictable cloud security costs

Benefits

For IT: Zero infrastructure management, auto-scaling, simplified operations

For security: FortiGuard protection, east-west visibility, consistent policies

For business: Pay-as-you-go, faster time-to-security, reduced OpEx

Specification

Platform	AWS (GWLB)
Scaling	Automatic
Protection	NGFW, IPS, AV, web filter
Management	Fortinet managed

FAQ

How does CNF differ from FortiGate-VM? CNF is managed service - Fortinet manages infrastructure. FortiGate-VM is self-managed VM in your AWS account.

Do I need Gateway Load Balancer? Yes. FortiGate CNF uses AWS Gateway Load Balancer for traffic distribution.

How does pricing work? Pay-as-you-go based on traffic and enabled features. No upfront commitment.

Can I use the same policies as on-prem? Yes. FortiOS foundation ensures consistent policies between CNF and FortiGate on-premise.

Does CNF support east-west traffic? Yes. VPC to VPC inspection via Transit Gateway integration.

How do updates work? Automatic. Fortinet manages patching, firmware updates, signature updates.

Is FortiManager integration available? FortiManager support for unified management of hybrid deployments.

Does CNF support SSL inspection? Yes. TLS decryption and inspection for deep packet analysis.

Which AWS regions are supported? Major AWS regions. Check availability for specific region.

What does support look like? Fortinet support for service issues. nFlo as partner offers AWS architecture consulting.