Fortinet white logo
Fortinet white logo

Deploying FortiManager-VM on IBM Cloud

Deploying FortiManager-VM on IBM Cloud

FortiManager can be deployed as a Bring Your Own License (BYOL) FortiManager-VM on IBM Cloud. The following describes the steps to create, access, and license a FortiManager-VM instance in the IBM Cloud.

Deployment Information:

Below is a high level overview of what will be used or created:

  • Cloud Object Storage Service and a Bucket of your choice will be used.
  • A custom image will be created.
  • A VPC and a subnet in the region of your choice will be used or created if needed.
  • SSH Keys will be used or created.
  • Network Security Groups of your choice will be used or created as needed.
  • A Floating IP of your choice will be used or created as needed to access the FortiManager GUI.
  • A FortiManager Virtual Server instance will be created using the VPC network, Custom image, Floating IP, and SSH Keys in your IBM Cloud environment.
To deploy FortiManager-VM on IBM Cloud using the GUI:
  1. Obtain the .qcow2 image file:
    1. Log in to the Fortinet Support site.
    2. Go to Support > Firmware Download.
    3. From the Select Product dropdown list, select FortiManager.
    4. Select the Download tab and navigate to the version needed.
      Note

      Support for IBM Cloud began with FortiManager version 7.0.4.

    5. Download the FortiManager-VM deployment file (FMG_VM64_IBM-vX-buildXXXX-FORTINET.out.kvm.zip).
    6. Extract the ZIP file to get a .qcow2 file.
  2. Log in to the IBM Cloud portal.
  3. Prepare an object storage bucket on IBM VPC.
    Tooltip

    For more information about creating an object storage bucket on IBM Cloud, see Getting started with IBM Cloud Object Storage.

  4. Upload the .qcow2 image file to cloud object storage.
  5. Create the custom image:
    1. Go to VPC Infrastructure > Compute > Custom images.
    2. Click Create +.
    3. Enter the required information:
      1. Specify the Geography and Region of the custom image.
      2. Name the custom image (e.g. FortiManager Server Instance).
      3. Specify the Cloud Object Storage Location where the source .qcow2 file was uploaded to.

    4. Choose Debian GNU/Linux as the operating system, and select debian-10-amd64, then click Create Custom Image.
  6. Create a new virtual server instance based on the custom image:
    1. Enter the required information:
      1. Name of the FortiManager Server Instance.
      2. Specify the Resource group.
      3. Specify the Region.
    2. From the Operating System dropdown:
      1. Select Custom image.
      2. Select the custom image previously created in step 5.
    3. In the Profile section:
      1. Select View All Profiles.
      2. Select the desired instance profile (for example, bx2-4x16).
    4. Select SSH Keys or create them as needed.
    5. Add a data volume:
      1. In the Data volumes section, select Create +.
      2. Name the volume accordingly.
      3. Size the volume accordingly (for example, 10 GB).
    6. Use existing VPC and subnets or create a VPC and subnets as necessary.
    7. Add network interfaces as desired:
      1. In the Network interfaces section, select Create +.
      2. Name the interface accordingly.
      3. Select the desired subnet.
    8. Click Create Virtual Server.
  7. Use an existing Security Group or create a new Security Group with the following Inbound Rules:

    Protocol

    Source Type

    Source

    Value

    ICMP

    Any

    0.0.0.0/0

    Type:Any, Code:Any

    TCP

    Any

    0.0.0.0/0

    Ports: 22-22

    TCP

    Any

    0.0.0.0/0

    Ports: 9443-9443

    TCP

    Any

    0.0.0.0/0

    Ports: 443-443

    TCP

    Any

    0.0.0.0/0

    Ports: 80-80

    TCP & UDP

    Any

    0.0.0.0/0

    Ports: 514-514

    TCP

    Any

    0.0.0.0/0

    Ports: 541-541

    TCP

    Any

    0.0.0.0/0

    Ports: 2032-2032

    TCP

    Any

    0.0.0.0/0

    Ports: 3000-3000

    TCP

    Any

    0.0.0.0/0

    Ports: 5199-5199

    TCP

    Any

    0.0.0.0/0

    Ports: 6020-6020

    TCP

    Any

    0.0.0.0/0

    Ports: 6028-6028

    TCP

    Any

    0.0.0.0/0

    Ports: 8080-8080

    Note

    The Source CIDR range can be changed to be more restrictive based on the IBM Cloud Environment and/or customer networks. 0.0.0.0/0 is used in this document as an example.

  8. Reserve a floating IP for GUI access:
    1. Go to VPC Infrastructure.
    2. Select Floating IPs.
    3. Select Create +.
    4. Specify the values for: Geography, Region, Zone, Name of the IP, and Resource Group.
    5. Specify the instance (created from step 6) to bind with the Floating IP.

  9. In a browser, use the floating IP to access the FortiManager-VM instance by HTTPS or SSH.
  10. Log in with the default username admin and the initial password of instance-id.

Deploying FortiManager-VM on IBM Cloud

Deploying FortiManager-VM on IBM Cloud

FortiManager can be deployed as a Bring Your Own License (BYOL) FortiManager-VM on IBM Cloud. The following describes the steps to create, access, and license a FortiManager-VM instance in the IBM Cloud.

Deployment Information:

Below is a high level overview of what will be used or created:

  • Cloud Object Storage Service and a Bucket of your choice will be used.
  • A custom image will be created.
  • A VPC and a subnet in the region of your choice will be used or created if needed.
  • SSH Keys will be used or created.
  • Network Security Groups of your choice will be used or created as needed.
  • A Floating IP of your choice will be used or created as needed to access the FortiManager GUI.
  • A FortiManager Virtual Server instance will be created using the VPC network, Custom image, Floating IP, and SSH Keys in your IBM Cloud environment.
To deploy FortiManager-VM on IBM Cloud using the GUI:
  1. Obtain the .qcow2 image file:
    1. Log in to the Fortinet Support site.
    2. Go to Support > Firmware Download.
    3. From the Select Product dropdown list, select FortiManager.
    4. Select the Download tab and navigate to the version needed.
      Note

      Support for IBM Cloud began with FortiManager version 7.0.4.

    5. Download the FortiManager-VM deployment file (FMG_VM64_IBM-vX-buildXXXX-FORTINET.out.kvm.zip).
    6. Extract the ZIP file to get a .qcow2 file.
  2. Log in to the IBM Cloud portal.
  3. Prepare an object storage bucket on IBM VPC.
    Tooltip

    For more information about creating an object storage bucket on IBM Cloud, see Getting started with IBM Cloud Object Storage.

  4. Upload the .qcow2 image file to cloud object storage.
  5. Create the custom image:
    1. Go to VPC Infrastructure > Compute > Custom images.
    2. Click Create +.
    3. Enter the required information:
      1. Specify the Geography and Region of the custom image.
      2. Name the custom image (e.g. FortiManager Server Instance).
      3. Specify the Cloud Object Storage Location where the source .qcow2 file was uploaded to.

    4. Choose Debian GNU/Linux as the operating system, and select debian-10-amd64, then click Create Custom Image.
  6. Create a new virtual server instance based on the custom image:
    1. Enter the required information:
      1. Name of the FortiManager Server Instance.
      2. Specify the Resource group.
      3. Specify the Region.
    2. From the Operating System dropdown:
      1. Select Custom image.
      2. Select the custom image previously created in step 5.
    3. In the Profile section:
      1. Select View All Profiles.
      2. Select the desired instance profile (for example, bx2-4x16).
    4. Select SSH Keys or create them as needed.
    5. Add a data volume:
      1. In the Data volumes section, select Create +.
      2. Name the volume accordingly.
      3. Size the volume accordingly (for example, 10 GB).
    6. Use existing VPC and subnets or create a VPC and subnets as necessary.
    7. Add network interfaces as desired:
      1. In the Network interfaces section, select Create +.
      2. Name the interface accordingly.
      3. Select the desired subnet.
    8. Click Create Virtual Server.
  7. Use an existing Security Group or create a new Security Group with the following Inbound Rules:

    Protocol

    Source Type

    Source

    Value

    ICMP

    Any

    0.0.0.0/0

    Type:Any, Code:Any

    TCP

    Any

    0.0.0.0/0

    Ports: 22-22

    TCP

    Any

    0.0.0.0/0

    Ports: 9443-9443

    TCP

    Any

    0.0.0.0/0

    Ports: 443-443

    TCP

    Any

    0.0.0.0/0

    Ports: 80-80

    TCP & UDP

    Any

    0.0.0.0/0

    Ports: 514-514

    TCP

    Any

    0.0.0.0/0

    Ports: 541-541

    TCP

    Any

    0.0.0.0/0

    Ports: 2032-2032

    TCP

    Any

    0.0.0.0/0

    Ports: 3000-3000

    TCP

    Any

    0.0.0.0/0

    Ports: 5199-5199

    TCP

    Any

    0.0.0.0/0

    Ports: 6020-6020

    TCP

    Any

    0.0.0.0/0

    Ports: 6028-6028

    TCP

    Any

    0.0.0.0/0

    Ports: 8080-8080

    Note

    The Source CIDR range can be changed to be more restrictive based on the IBM Cloud Environment and/or customer networks. 0.0.0.0/0 is used in this document as an example.

  8. Reserve a floating IP for GUI access:
    1. Go to VPC Infrastructure.
    2. Select Floating IPs.
    3. Select Create +.
    4. Specify the values for: Geography, Region, Zone, Name of the IP, and Resource Group.
    5. Specify the instance (created from step 6) to bind with the Floating IP.

  9. In a browser, use the floating IP to access the FortiManager-VM instance by HTTPS or SSH.
  10. Log in with the default username admin and the initial password of instance-id.