Fortinet Document Library

Version:


Table of Contents

6.2.0
Download PDF
Copy Link

Initial Deployment

In this example, you will deploy FortiManager from the EC2 console.

  1. Find the FortiManager on the AWS marketplace. Choose the FortiManager version based on the number of devices you want to manage.
  2. After configuring the software, click Continue to Launch.

  3. Select one of the supported instance types. Click Next: Configure Instance Details.

  4. Configure the various attributes:
    1. Network: Ensure to select a VPC connected to the Internet gateway. By default, VPCs are connected to the Internet gateway.
    2. Subnet
    3. Enable Auto-assign public IP
    4. Other as needed depending on your IT infrastructure requirements
  5. Click Next: Add Storage.

  6. You can configure disks by choosing one of the following options:
    1. Leave the disks at default values. You can add additional disks later.
    2. Increase the second volume's disk size. The second volume is used for logging.
    3. Add additional disks.

    You can configure the volume type as EBS, the device as /dev/sdb, and the size based on your requirements. You are entitled to consume disks according to the licensed limit of the purchased BYOL license.

    For more detail about disk sizes and the maximum limit of licensed numbers of devices, see the product listing page.

    The FortiManager system reserves a certain portion of disk space for system use and unexpected quota overflow. The remaining space is available for allocation to devices. Reports are stored in the reserved space. The following describes the reserved disk quota relative to the total available disk size (other than the root device):

    • Small disk (less than or equal to 500 GB): system reserves 20% or 50 GB of disk space, whichever is smaller.
    • Medium disk (less than or equal to 1 TB): system reserves 15% or 100 GB of disk space, whichever is smaller.
    • Large disk (less than or equal to 5 TB): system reserves 10% or 200 GB of disk space, whichever is smaller.
    • Very large disk (greater than 5 TB): system reserves 5% or 300 GB of disk space, whichever is smaller.

    To add additional storage at this point, follow the instructions in Adding additional storage (optional).

  7. Click Next: Add Tags.

  8. Create or add tags as required. Name tags are convenient to use to distinguish EC2 instance names. You can also leave this section blank and continue by clicking Next: Configure Security Group.

  9. Review all open ports configured by default. Usually, these can stay as-is. Most strict configuration is to allow SSH or HTTPS to access the FortiManager management console. Accessing the GUI requires the HTTPS port to be open. Refer here to see each port's purpose.

  10. Click Review and Launch. A popup may ask if you want to make General Purpose (SSD) the default boot volume. Select the desired option, then click Next.

  11. Review the configuration and click Launch Instance.
  12. Select a key pair, check the acknowledgment checkbox, then click Launch Instance.
  13. FortiManager-VM (PAYG) requires the connectivity to FortiCare (https://directregistration.fortinet.com:443) to obtain a valid license otherwise FortiManager-VM will shut down for self-protection. Ensure the following:
    1. The outgoing connectivity to https://directregistration.fortinet.com:443 is allowed in security groups and ACLs.
    2. A public IP address (either default or EIP) is assigned.

Initial Deployment

In this example, you will deploy FortiManager from the EC2 console.

  1. Find the FortiManager on the AWS marketplace. Choose the FortiManager version based on the number of devices you want to manage.
  2. After configuring the software, click Continue to Launch.

  3. Select one of the supported instance types. Click Next: Configure Instance Details.

  4. Configure the various attributes:
    1. Network: Ensure to select a VPC connected to the Internet gateway. By default, VPCs are connected to the Internet gateway.
    2. Subnet
    3. Enable Auto-assign public IP
    4. Other as needed depending on your IT infrastructure requirements
  5. Click Next: Add Storage.

  6. You can configure disks by choosing one of the following options:
    1. Leave the disks at default values. You can add additional disks later.
    2. Increase the second volume's disk size. The second volume is used for logging.
    3. Add additional disks.

    You can configure the volume type as EBS, the device as /dev/sdb, and the size based on your requirements. You are entitled to consume disks according to the licensed limit of the purchased BYOL license.

    For more detail about disk sizes and the maximum limit of licensed numbers of devices, see the product listing page.

    The FortiManager system reserves a certain portion of disk space for system use and unexpected quota overflow. The remaining space is available for allocation to devices. Reports are stored in the reserved space. The following describes the reserved disk quota relative to the total available disk size (other than the root device):

    • Small disk (less than or equal to 500 GB): system reserves 20% or 50 GB of disk space, whichever is smaller.
    • Medium disk (less than or equal to 1 TB): system reserves 15% or 100 GB of disk space, whichever is smaller.
    • Large disk (less than or equal to 5 TB): system reserves 10% or 200 GB of disk space, whichever is smaller.
    • Very large disk (greater than 5 TB): system reserves 5% or 300 GB of disk space, whichever is smaller.

    To add additional storage at this point, follow the instructions in Adding additional storage (optional).

  7. Click Next: Add Tags.

  8. Create or add tags as required. Name tags are convenient to use to distinguish EC2 instance names. You can also leave this section blank and continue by clicking Next: Configure Security Group.

  9. Review all open ports configured by default. Usually, these can stay as-is. Most strict configuration is to allow SSH or HTTPS to access the FortiManager management console. Accessing the GUI requires the HTTPS port to be open. Refer here to see each port's purpose.

  10. Click Review and Launch. A popup may ask if you want to make General Purpose (SSD) the default boot volume. Select the desired option, then click Next.

  11. Review the configuration and click Launch Instance.
  12. Select a key pair, check the acknowledgment checkbox, then click Launch Instance.
  13. FortiManager-VM (PAYG) requires the connectivity to FortiCare (https://directregistration.fortinet.com:443) to obtain a valid license otherwise FortiManager-VM will shut down for self-protection. Ensure the following:
    1. The outgoing connectivity to https://directregistration.fortinet.com:443 is allowed in security groups and ACLs.
    2. A public IP address (either default or EIP) is assigned.