Amazon Web Services Deployment with Fortiweb WAF

What does this Amazon Web Services Solution do?

The solution relies on the FortiWeb WAF to protect web resources that need to be protected from common web attacks that affect the availability, security, or consume too many resources of a web application.

Amazon Web Services Solution overview

Requests from the Internet are forwarded by Application Load Balancer or Network Load Balancer to the FortiWeb server located in a different available zone, and the FortiWeb server verifies the request against the predefined rules. If the request is verified to be secure, the request will continue to be forwarded to the business web server in the private network, otherwise Fortiweb will intercept and block the malicious request.

Amazon Web Services Deployment with Fortiweb WAF

This solution includes public and private subnets. The FortiWeb will be deployed to the public subnet, and the FortiWeb-protected Web servers will be deployed to the private subnet.

The Load Balance at the front end of the Fortiweb server can be an Amazon Web Services Application LoadBalance type or a Network Load Balance type.

FortiWeb Master node and FortiWeb Slave node will be created in different availability zones to form active-active-high Volume deployment mode. If the FortiWeb Master node fails, the FortiWeb Slave node is automatically lifted to the Master node.

Amazon Web Services Deployment with Fortiweb WAF

Version 1.0.0
Last updated: 06/2020
Author: Amazon Web Services 

Estimated deployment time: 5 min

Source code 


Built-in multiple strategies

The solution has built-in multiple protection strategies to protect against OWASP TOP10 threats. It can protect common Web server vulnerability attacks such as SQL injection, XSS cross-site scripting attack, Web Shell, command injection, illegal HTTP protocol request, etc.

Prevent the malicious crawler

Identify and protect the malicious crawler based on the four dimensions, including biometric detection, threshold detection, robot deception technology and mobile application recognition.

Application-level DDoS defense

The solution has built-in two-layer DDoS defense module. Network layer security module combines the dimensions of TCP Flood control and Syn Cookie threshold to defend and mitigate network layer attacks. Application layer security module against HTTP URL, Cookie, IP address, TCP Session and other application layer attacks to defend.

Machine learning identification

Based on machine learning identification technology, identify and block information collection behaviors such as malicious website content crawling, violent cracking, vulnerability scanning and malicious detection.
Explore all Amazon Web Services Solutions

Browse our portfolio of Amazon Web Services -built solutions to common architectural problems.

Learn more 
Find a Partner

Find Amazon Web Services certified consulting and technology partners to help you get started.

Learn more 
Start building in the console

Sign-up and start exploring our services.

Get started 
Hot Contact Us

Hotline Contact Us

1010 0766
Beijing Region
Operated By Sinnet
1010 0966
Ningxia Region
Operated By NWCD