This image shows the east-west traffic flow from the database to the web or
application in a regional hub and spoke topology that uses a Fortinet FortiGate
firewall. It includes three virtual cloud networks (VCNs):
- Hub VCN (192.168.0.0/16): The hub VCN houses the Fortinet FortiGate Firewall VMs. The trust subnet uses port 3 for internal traffic to or from the Fortinet FortiGate Firewall VM. The hub VCN communicates with spoke VCNs through a DRG.
- Web or application tier spoke VCN (10.0.0.0/24): The VCN contains a single subnet. A load balancer manages traffic to the web or application VMs. The application tier VCN is connected to the hub VCN over a DRG attachment.
- Database tier spoke VCN (10.0.1.0/24): The VCN contains a single subnet that contains the primary database system. The database tier VCN is connected to the hub VCN over a DRG attachment.
- Traffic that moves from the database tier to the web or application load balancer (10.0.0.10) is routed through the database subnet route table (destination 0.0.0.0/0).
- Traffic moves from the database subnet route table to the DRG for the database tier spoke VCN.
- Traffic moves from the DRG to the Fortinet FortiGate firewall in the trust subnet over port 3 through the hub VCN ingress route table.
- Traffic from the Fortinet FortiGate firewall is routed through the trust subnet route table (destination 10.0.0.0/16).
- Traffic moves from the trust subnet route table to the DRG for the database spoke VCN (destination 10.0.0.0/16).
- Traffic moves from the DRG to the web or application tier spoke VCN and then to the load balancer for the web or application.