Fortinet black logo

AWS Administration Guide

Home FortiManager Public Cloud 6.2.0 AWS Administration Guide

Initial deployment

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID e95060bc-582d-11ea-9384-00505692583a:708283
Download PDF

Initial deployment

This example deploys a FortiManager instance from the EC2 console.

To deploy a FortiManager instance from the EC2 console:
  1. Launch the FortiManager-VM instance:
    1. Find the FortiManager listing on the AWS marketplace. Choose the FortiManager version based on the number of devices you want to manage.
    2. After configuring the software, click Continue to Launch. For a BYOL instance, select Launch through EC2, then click Launch.
  2. Select one of the supported instance types. Click Next: Configure Instance Details.

  3. Configure the various attributes:
    1. Network: Ensure to select a VPC connected to the Internet gateway. By default, VPCs are connected to the Internet gateway.
    2. Subnet
    3. Enable Auto-assign public IP
    4. Other as needed depending on your IT infrastructure requirements

    Click Next: Add Storage.

  4. You can configure disks by choosing one of the following options:
    1. Leave the disks at default values. You can add additional disks later.
    2. Increase the second volume's disk size. The second volume is used for logging.
    3. Add additional disks.

    You can configure the volume type as EBS, the device as /dev/sdb, and the size based on your requirements. You are entitled to consume disks according to the licensed limit of the purchased BYOL license.

    For more detail about disk sizes and the maximum limit of licensed numbers of devices, see the product listing page.

    The FortiManager system reserves a certain portion of disk space for system use and unexpected quota overflow. The remaining space is available for allocation to devices. Reports are stored in the reserved space. The following describes the reserved disk quota relative to the total available disk size (other than the root device):

    • Small disk (less than or equal to 500 GB): system reserves 20% or 50 GB of disk space, whichever is smaller.
    • Medium disk (less than or equal to 1 TB): system reserves 15% or 100 GB of disk space, whichever is smaller.
    • Large disk (less than or equal to 5 TB): system reserves 10% or 200 GB of disk space, whichever is smaller.
    • Very large disk (greater than 5 TB): system reserves 5% or 300 GB of disk space, whichever is smaller.

    To add additional storage at this point, follow the instructions in Adding additional storage (optional).

    Click Next: Add Tags.

  5. Create or add tags as required. Name tags are convenient to use to distinguish EC2 instance names. You can also leave this section blank and continue by clicking Next: Configure Security Group.

  6. Review all open ports configured by default. Usually, these can stay as-is. Most strict configuration is to allow SSH or HTTPS to access the FortiManager management console. Accessing the GUI requires the HTTPS port to be open. Refer here to see each port's purpose.

  7. Review the configuration and launch the instance:
    1. Click Review and Launch. A popup may ask if you want to make General Purpose (SSD) the default boot volume. Select the desired option, then click Next.

    2. Review the configuration and click Launch Instance.
    3. Select a key pair, check the acknowledgment checkbox, then click Launch Instance.
  8. An on-demand FortiManager-VM instance requires connectivity to FortiCare to obtain a valid license. Otherwise, the FortiManager-VM shuts down for self-protection. Ensure the following:
Previous
Next

Initial deployment

This example deploys a FortiManager instance from the EC2 console.

To deploy a FortiManager instance from the EC2 console:
  1. Launch the FortiManager-VM instance:
    1. Find the FortiManager listing on the AWS marketplace. Choose the FortiManager version based on the number of devices you want to manage.
    2. After configuring the software, click Continue to Launch. For a BYOL instance, select Launch through EC2, then click Launch.
  2. Select one of the supported instance types. Click Next: Configure Instance Details.

  3. Configure the various attributes:
    1. Network: Ensure to select a VPC connected to the Internet gateway. By default, VPCs are connected to the Internet gateway.
    2. Subnet
    3. Enable Auto-assign public IP
    4. Other as needed depending on your IT infrastructure requirements

    Click Next: Add Storage.

  4. You can configure disks by choosing one of the following options:
    1. Leave the disks at default values. You can add additional disks later.
    2. Increase the second volume's disk size. The second volume is used for logging.
    3. Add additional disks.

    You can configure the volume type as EBS, the device as /dev/sdb, and the size based on your requirements. You are entitled to consume disks according to the licensed limit of the purchased BYOL license.

    For more detail about disk sizes and the maximum limit of licensed numbers of devices, see the product listing page.

    The FortiManager system reserves a certain portion of disk space for system use and unexpected quota overflow. The remaining space is available for allocation to devices. Reports are stored in the reserved space. The following describes the reserved disk quota relative to the total available disk size (other than the root device):

    • Small disk (less than or equal to 500 GB): system reserves 20% or 50 GB of disk space, whichever is smaller.
    • Medium disk (less than or equal to 1 TB): system reserves 15% or 100 GB of disk space, whichever is smaller.
    • Large disk (less than or equal to 5 TB): system reserves 10% or 200 GB of disk space, whichever is smaller.
    • Very large disk (greater than 5 TB): system reserves 5% or 300 GB of disk space, whichever is smaller.

    To add additional storage at this point, follow the instructions in Adding additional storage (optional).

    Click Next: Add Tags.

  5. Create or add tags as required. Name tags are convenient to use to distinguish EC2 instance names. You can also leave this section blank and continue by clicking Next: Configure Security Group.

  6. Review all open ports configured by default. Usually, these can stay as-is. Most strict configuration is to allow SSH or HTTPS to access the FortiManager management console. Accessing the GUI requires the HTTPS port to be open. Refer here to see each port's purpose.

  7. Review the configuration and launch the instance:
    1. Click Review and Launch. A popup may ask if you want to make General Purpose (SSD) the default boot volume. Select the desired option, then click Next.

    2. Review the configuration and click Launch Instance.
    3. Select a key pair, check the acknowledgment checkbox, then click Launch Instance.
  8. An on-demand FortiManager-VM instance requires connectivity to FortiCare to obtain a valid license. Otherwise, the FortiManager-VM shuts down for self-protection. Ensure the following:
Previous
Next