Creating two FortiProxy-VM instances - HaVip
- In the AliCloud Elastic Compute Service (ECS) console, select Instances & Images > Images > Instances from the left side menu.
- Click Create Instance to create the primary FortiProxy instance.
- Select the Custom Launch tab.
- Set the Basic Configurations options.
Billing Method Select Pay-as-you-go. Region Select the region and zone where the VSwitch is located. Instance Type Select an instance type with at least 4 vCPU and 8 GB memory. Image
Select Custom Image and select the image you created earlier.
Storage
Select standard or enhanced SSD and specify a desired storage size. Add a data disk with desired SSD type and size.
- Click Next.
- Configure the Networking options.
Network Type Select the VPC and the external VSwitch you created earlier. Public IP Address Enable Assign Public IPv4 Address. You will access FortiProxy's GUI and CLI through this IP address.
Bandwidth Billing
Select Pay-By-Traffic or Pay-By-Bandwidth as desired.
Security Group Select the security group you created earlier. Elastic Network Interface
Select the external VSwitch you created earlier. This is the default ENI, which will be port1 on FortiProxy-VM. It is for public access such as the traffic from the clients to your application and the FortiProxy administrative access.
Click the Add icon to select the second VSwitch you created in the VPC. This will be port2 on FortiProxy-VM and be used for the connection between FortiWProxy and the back-end server.
You are allowed to create only two ENIs during the deployment process. You will need to create the third ENI after the FortiProxy-VM is deployed in later steps.
- Click Next.
- Configure the System Configurations options.
Logon Credentials Select Set Later. Instance Name Specify the instance name to identify the instance.
Host
Specify the host name to identify the FortiProxy VM.
Advanced RAM Role—Select an RAM role that includes the following permissions:
AliyunECSReadOnlyAccess
AliyunEIPReadOnlyAccess
AliyunVPCReadOnlyAccess
If you do not have such a role already, create one and add these permissions to the role before selecting the role here.
Actual role configurations may differ depending on your environments. Check with your company's public cloud administrators for details. User Data—Copy the string in the license file (
.lic
) you obtained during License registration and paste it here. This ensures that the FortiProxy VM is licensed before you launch it and avoids the need to manually load the license file during your first login. - Click Next.
- Configure the Grouping options as desired.
- Review the instance information. Go back and update any information if needed.
- Check ECS Terms of Service and Product Terms of Service Agreement.
- Click Create Instance and verify the status of the instance changes to Running.
- Create ENIs for the hasync and mngt (optional) interfaces and bind them to the instance:
- From the left side menu, select Network & Security > ENIs.
- Click Create ENI to create the third ENI for heartbeat traffic.
- Select the VPC you created.
- Select the VSwitch you created for the heartbeat traffic between HA members in the VPC. This ENI will be port3 on FortiProxy-VM.
- Specify the Primary Private IP. It should be in the same subnet as your back-end server. The following lists the IP address assignments for this sample deployment for FortiProxy-A (primary) and FortiProxy-B (secondary):
Port
AliCloud primary address for FortiProxy-A
AliCloud primary address for FortiProxy-B
port1
10.0.1.11
10.0.1.12
port2
10.0.2.11
10.0.2.12
port3
10.0.3.11
10.0.3.12
(Optional) port4
10.0.4.11
10.0.4.12
- Select the security group you created.
- Click OK. The ENI should be listed in the table.
- From the left side menu, select Instances & Images > Images > Instances and find the instance you have created.
- Click the instance name.
- Select the ENI tab and click Bind Secondary ENI.
- Select the ENI you just created for hasync.
- Click OK.
- (Optional) Repeat the sub-steps above to create another ENI for the mngt interface and bind it to the related instance.
- Try logging in the FortiProxy VM instance using the default credentials: username is
admin
and password is the instance ID. You will be prompted to change the default password during the first login. - Create the secondary FortiProxy VM instance and configure ENIs by repeating the previous steps. The only difference is that in step 6, do not enable Assign Public IPv4 Address as the secondary FortiProxy VM instance works as a backup of the primary instance and shares the public IP of the primary instance.
- Create an Elastic IP (EIP):
- In the AliCloud Virtual Private Cloud (VPC) console, select Elastic IP Addresses from the left side menu and click Create EIP.
- Configure the following options.
Billing Method Select Pay-as-you-go. Region Select the region and zone where the instance is located. Line Type Select BGP (Multi-ISP). Network Type
Select Internet.
Security Protection
Select Default.
IP Address Pool
Select Default.
Data Transfer Select a desired method. Maximum Bandwidth
Select a desired bandwidth.
Name
Specify a name to identify the EIP.
- Click Buy Now.
- Create an HaVip and bind the EIP and FortiProxy instances to the HaVip.
- In the AliCloud Virtual Private Cloud (VPC) console, select HaVip from the left side menu and click Create HaVip.
- Configure the following options.
Resource Group Select your resource group. Instance Name Specify a name to identify the HaVip. VPC
Select your VPC.
VSwitch
Select the external VSwitch of your VPC.
Whether to automatically assign private IP addresses Select No and specify the following IP address: 10.0.1.252
. You will need to use this IP as the port1 IP address of the FortiProxy instances when configuring HA settings later. - Click OK.
- Open the HaVip you just created.
- In the Resources section, click the Bind button near Elastic IP Address and select the EIP you just created.
- Click OK.
- Click the Bind button near ECS Instances.
- Select ECS Instances under Resource Type and select the primary FortiProxy instance under Bind Resource.
- Click OK.
- Click the Bind button near ECS Instances again.
- Select ECS Instances under Resource Type and select the secondary FortiProxy instance under Bind Resource.
- Click OK.