Creating MVE Connections to AWS Direct Connect with Fortinet SD-WAN

You can create a network connection from an MVE (a FortiGate) to AWS with Virtual Cross Connects (VXCs) and AWS Direct Connect. You can create either a Hosted Connection or a Hosted VIF.

You initiate the AWS connection through the Megaport Portal, accept the connection in AWS, and create an interface for the Edge in FortiManager.


Fortinet provides documentation for their SD-WAN product, including FortiManager and cloud connections, at Fortinet SD-WAN Documentation Library.

Before you begin

Before you can create a connection to AWS, you need to satisfy these requirements:

  • Create an MVE (FortiGate). For more information, see Creating an MVE.

  • In AWS, ensure that you have configured the Direct Connect gateway, AWS gateway, VPCs, and related attachments and associations.

Creating a connection to AWS from the MVE

With an MVE already created, you can create a connection to AWS. The VXC connection can be one of two AWS models:

  • Hosted Connections – A Hosted Connection can support one private, public, or transit virtual interface. Hosted Connections are dedicated connections and are recommended for production environments.

  • Hosted Virtual Interfaces (Hosted VIFs) – Hosted VIFs can connect to public or private AWS cloud services: a Hosted VIF cannot connect to a transit virtual interface. Hosted VIF connections share bandwidth.

Click the link for your preferred connection type for detailed configuration steps.


Creating a connection from the MVE instance to AWS is very similar to creating a connection from a Port or an MCR. The primary difference is the process with Fortinet SD-WAN does not include automatically configure the MVE in Fortinet and you need to manually create a subinterface and define VLANs, IP addresses, MD5 values, and BGP peers in the FortiManager console.