FORTINET DOCUMENT LIBRARY https://docs.fortinet.com
FORTINET VIDEO GUIDE https://video.fortinet.com
FORTINET BLOG https://blog.fortinet.com
CUSTOMER SERVICE & SUPPORT https://support.fortinet.com
FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/support-and-training/training.html
NSE INSTITUTE https://training.fortinet.com
FORTIGUARD CENTER https://fortiguard.com/
END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf
FEEDBACK Email: [email protected]
Administration Guide TABLE OF CONTENTS
Creating a virtual private cloud 4 Obtaining the deployment image 7 Uploading image file to Object Storage Service 9 Creating custom image 14 Creating FortiWeb-VM instance 16 Connecting to FortiWeb 19 Changing the default administrative ports 19 Changing the password 20
Administration Guide 3 Creating a virtual private cloud
Creating a virtual private cloud
1. Assuming this is a new environment, the first step is to create the virtual private cloud (VPC). In the Alibaba Cloud web console, select Virtual Private Cloud.
2. Click Create VPC.
3. Configure the following settings.
VPC
Name Enter a name for the VPC.
IPv4 CIDR Block Specify the IPv4 CIDR Block for this VPC.
Resource Group Select the resource group for the VPC.
VSwitch
Name Enter a name for the VSwitch.
Zone Select the zone of the VSwitch. In later steps, you should deploy FortiWeb-VM in the same zone.
IPv4 CIDR Block Specify the IPv4 CIDR Block for this VSwitch. It should be a subnet of the VPC.
Administration Guide 4 Creating a virtual private cloud
Administration Guide 5 Creating a virtual private cloud
Administration Guide 6 Obtaining the deployment image
Obtaining the deployment image
1. Go to the Fortinet support site (https://support.fortinet.com) and log in. 2. Navigate to Download > Firmware Images.
3. Select FortiWeb from the Select Product drop-down list, then select the Download tab. 4. Navigate to the desired version, then download either of the following files beginning with "FWB_KVM" (not FWB_KVM_PAYG): a. The ".out" file: Download it if you already deployed FortiWeb-VM, and you want to upgrade it this time. Save this file to a local directory, log in to FortiWeb, then upload this file through System Settings > Maintenance > Firmware Upgrade. You can skip the following steps in this article since they only apply to new installation of FortiWeb. b. The ".out.kvm.zip" file: Download it if you want to newly install FortiWeb-VM.
Administration Guide 7 Obtaining the deployment image
5. Unzip the ".out.kvm.zip" file. You will get two files: boot.disk and log.qcow2.
Administration Guide 8 Uploading image file to Object Storage Service
Uploading image file to Object Storage Service
1. Select Object Storage Service.
2. Select Buckets to create a new bucket.
l Enter a name for the bucket.
l Select the region where this bucket will be located.
l Configure the Storage Class, Access Control List, Zone-redundant Storage, and Real-time Log Query as shown below.
Administration Guide 9 Uploading image file to Object Storage Service
3. Click OK. The bucket will appear in the bucket list in the navigation menu. 4. Select the bucket you just created, then click the Files tab. Click the Upload button to upload the image file.
Administration Guide 10 Uploading image file to Object Storage Service
5. Select Current for the Upload to directory, Inherited from Bucket as the File ACL, then drag the image file boot.qcow2 to the Upload field.
6. The file will be displayed in the table on the Upload page if it is uploaded successfully. Click Detail.
Administration Guide 11 Uploading image file to Object Storage Service
7. Click Copy File URL. We will use this URL in later steps when creating a custom image.
Administration Guide 12 Uploading image file to Object Storage Service
Administration Guide 13 Creating custom image
Creating custom image
1. Select Elastic Compute Service.
2. Select Custom Images > Images, then click the Import Image button.
3. Configure the image settings.
l OSS Object Address: Enter the File URL you have copied in the last step when uploading image file to Object Storage Service.
l Image Name: Enter a name for the image.
Administration Guide 14 Creating custom image
l For other settings, please configure them as shown below.
4. Click OK. 5. You will see the image listed on the Image tab if it is created successfully. 6. Click Create Instance to create a FortiWeb instance.
Administration Guide 15 Creating FortiWeb-VM instance
Creating FortiWeb-VM instance
1. Select Custom tab. 2. Set Basic Configurations.
Billing Method Choose the desired billing method. If you plan to use FortiWeb for a long time, Subscription is most economical choice.
Region Select the region and zone where the VSwitch is located.
IO-Optimized Instance Select the instance type with at least 2 vCPU.and 4 GB memory.
3. Configure Networking.
Network Select the VPC and VSwitch you have created.
Network Billing Method l Enable Assign Public IP. You will access FortiWeb's GUI and CLI through this IP address.
l Select Pay-By-Traffic or Pay-By-Bandwidth as desired.
Security Group Select Port 80, 443, and 22. FortiWeb KVM image by default uses 80 and 443 for FortiWeb's administrative access. If you want to use these two ports for your application traffic, you can open more ports in security group for administrative access purpose, then change the default administrative ports through FortiWeb's GUI (System > Admin > Settings > Web Administration Ports).
Administration Guide 16 Creating FortiWeb-VM instance
4. Set System Configurations. FortiWeb only supports Inherit Password From Image. The default username is admin and the password is empty.
Administration Guide 17 Creating FortiWeb-VM instance
5. Configure Grouping. Select Default Resource Group or create a new resource group.
6. Review the instance information. Check ECS Service level Agreement. Click Create Instance. It may take about 1-5 minutes to create the instance. 7. Check the status of the instance. If it's Running, you can go ahead to the next step.
When you deploy the FortiWeb-VM package, network adapters are created automatically. If you want to delete network adapters, do it during the deployment process. It's not recommended to delete network adapters once the FortiWeb is deployed, otherwise unexpected error will occur.
Administration Guide 18 Connecting to FortiWeb
Connecting to FortiWeb
Get the public IP address of the instance as shown below. Use this address to access FortiWeb's web UI in a web browser or the CLI using an SSH connection.
To connect to the web UI
1. In a web browser's address field, enter the public IP address, and the port number 80 (HTTP) or 443 (HTTPS), for example: https://13.58.161.100:443. The HTTP access to FortiWeb's GUI will be automatically redirected to HTTPS, so if you enter the HTTP port number (e.g. 80), it will be redirected to the HTTPS port (e.g. 443). 2. Log in using the username admin. The password is empty.
To connect to the CLI via SSH
These instructions connect to FortiWeb-VM using PuTTY terminal emulation software. 1. On your management computer, start PuTTY. 2. To ensure that your configuration does not use environment variables that can interfere with the connection, in the Category tree, expand Connection, and then click Data. Remove any environment variables. 3. Click Session, and for Host Name (or IP Address), enter the public IP address of the FortiWeb-VM instance. 4. In Port, type 22. 5. For Connection type, select SSH. 6. Select Open. The SSH client connects to the FortiWeb appliance. The SSH client may display a warning if this is the first time you are connecting to the FortiWeb appliance. 7. Enter username admin. The password is empty.
Changing the default administrative ports
If you have opened other ports in security group for administrative purpose, go to System > Admin > Settings > Web Administration Ports to change the default administrative ports to other values.
Administration Guide 19 Connecting to FortiWeb
Changing the password
In System > Admin > Administrators, update the password.
Administration Guide 20