This image shows the east-west traffic flow from the web or application to the
database in a regional hub and spoke topology that uses a Fortinet FortiGate firewall.
It includes three virtual cloud networks (VCNs):
- Hub VCN (192.168.0.0/16): The hub VCN houses the Fortinet FortiGate Firewall VMs. The trust subnet uses port 3 for internal traffic to or from the Fortinet FortiGate Firewall VM. The hub VCN communicates with spoke VCNs through a dynamic routing gateway (DRG).
- Web or application tier spoke VCN (10.0.0.0/24): The VCN contains a single subnet. A load balancer manages traffic to the web or application VMs. The application tier VCN is connected to the hub VCN over dynamic routing gateway attachment.
- Database tier spoke VCN (10.0.1.0/24): The VCN contains a single subnet that contains the primary database system. The database tier VCN is connected to the hub VCN over dynamic routing gateway attachment.
- Traffic that moves from the web or application tier to the database tier (10.0.1.10) is routed through the web or application subnet route table (destination 0.0.0.0/0).
- Traffic moves from the web or application subnet route table to the DRG for the database tier spoke VCN.
- Traffic moves from the DRG to the Fortinet FortiGate firewall in the trust subnet over por t3 through the hub VCN ingress route table.
- Traffic from the Fortinet FortiGate firewall is routed through the trust subnet route table (destination 10.0.0.0/24, 10.0.1.0/24).
- Traffic moves from the trust subnet route table to the DRG (destination 10.0.0.0/16).
- Traffic moves from the DRG to the database tier spoke VCN.
- Traffic moves from the database spoke route table to the database system.