Deploying FortiGate-VM on IBM Cloud
FortiOS supports deploying FortiGate-VM bring your own license (BYOL) for IBM Cloud. IBM Cloud users can purchase and deploy FortiGate-VMs. The following describes the steps that you take to create and access a FortiGate-VM BYOL instance in IBM Cloud.
To deploy FortiGate-VM on IBM Cloud using the GUI:
- Obtain the .qcow2 image file:
- Log in to the Fortinet Support site.
- Go to Download > VM Images.
- From the Select Platform dropdown list, select IBM.
- Download the FortiGate-VM deployment file (FGT_VM64_IBM-v7.6.X.F-buildXXXX-FORTINET.out).
- Extract the zip file to get a .qcow2 file.
- Log in to the IBM Cloud portal.
- Prepare an object storage bucket on IBM VPC.
- Upload the .qcow2 image file.
- Import the custom image:
- Go to VPC Infrastructure (Gen 2) > Compute > Custom images.
- Click Import custom image.
- Import the custom image. You must enter a name and select a region. Select the .qcow2 image file uploaded earlier, and select Ubuntu 16.04 for the operating system.
- Create a new instance based on the custom image. Enter a name, select the VPC, location, custom image imported earlier, profile, SSH key, and user data. User data can be from the IBM bucket, config-url/license-url, or directly inputted in the form of a config, license, or MIME file. See the following example:
{ "bucket" : "lzou-bucket1", "region" : "eu-gb", "license" : "FGVM16TM19000211.lic", "config" : "config.txt", "apikey": "{{omitted}}" }
The following example includes the license-url and config-url:
{ "license-url" : "http://ec2-54-151-72-112.us-west-1.compute.amazonaws.com/FGVM16TM19000211.lic", "config-url" : "http://ec2-54-151-72-112.us-west-1.compute.amazonaws.com/config.txt" } }
- Attach a floating IP address to the instance NIC.
In 7.6 and later versions, the FortiGate-VM supports virtual network interfaces. This interface type is selected by default.
- In a browser, go to the IP address to connect to the FortiOS GUI and confirm that the instance is running.
To verify the FortiGates using the CLI:
ibmcloud # diagnose debug cloudinit show
>> Checking metadata source ibm
>> Found nocloud drive /dev/vdb
>> Successfully mounted nocloud drive
>> Setting password to instance id
>> Provisioning ssh key
>> Cloudinit curl header:
>> Cloudinit trying to get license from: https://thomasbucket2.s3.amazonaws.com/FGVM08TM123456.lic
>> Cloudinit download license successfully
>> Cloudinit trying to get config script from: https://thomasbucket2.s3.amazonaws.com/config2.txt
>> Cloudinit download config script successfully
>> Found metadata source: ibm
>> Trying to install vmlicense ...
>> Run config script
>> Finish running script
>> FGVM08TM123456 $ config system global
>> FGVM08TM123456 (global) $ set hostname ibmcloud
>> FGVM08TM123456 (global) $ end
get system status
Version: FortiGate-VM64-IBM v7.6.0,buildXXXX,200708 (interim)
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGVM08TM123456
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
License Status: Valid
License Expiration Date: 2021-05-15
VM Resources: 2 CPU/8 allowed, 3689 MB RAM
Log hard disk: Not available
Hostname: ibmcloud
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1705
Release Version Information: interim
FortiOS x86-64: Yes
System time: Tue Mar 19 15:14:00 2024