We were thinking about moving our last servers into the Cloud (AWS probably, but a local provider could also be chosen due to their great local support)
How do you rebuild a VPN network towards a target in Cloud, versus a physical target like it is today?
Are Fortigate VPNs compatible with, for example, a dedicated endpoint host (Linux / Win) running OpenVPN server, WireGuard servers and such? This host would in turn open the road to the application servers via standard routing through internal (private) networking.
Only a dozen or so remote VPN sites, nothing exceedingly complex - what would come first in your mind to build this scenario?
Public clouds usually offer a VPN gateway service that you could use or , better, use a Fortigate VM and leverage connectivity, visibility and security without adding a lot of complexity.
As long as the remote supports the industry standard IPsec IKEv1 or IKEv2 , site-to-site or dialup, you should be good to go.
In that regards cloud is just the same as physical. Add the cloud portion to an existing setup as a spoke or have it be the hub , either way you like or need it.
I use a non-big 3 cloud provider (that does VMware IaaS) and am running FortiGate VM02v (no VDOMs since I don’t need them) and have been doing so for the past 4 years. This lets me have FortiGate at the edge of every network, not just my physical locations, so I don’t need to manage an alternate product.
Cost of VMv series is very reasonable in terms of a perpetual license model (for the underlying VM license, there’s still subscription license for security services if desired), but if you need VDOM’s price goes up quite a bit. You can also start with VMv if you don’t think VDOM’s are needed then do a VDOM upgrade license in the future.
There’s also VM-s series that is full subscription model with very attractive pricing. No VDOM’s with this one either, but again, you can add them on with an upgrade license.