Fortinet black logo

Cloud Deployment Guide (AliCloud)

Home FortiProxy Public Cloud 7.2.3 Cloud Deployment Guide (AliCloud)
7.2.3
7.4.0
7.2.3

Creating two FortiProxy-VM instances - HaVip

Creating two FortiProxy-VM instances - HaVip

  1. In the AliCloud Elastic Compute Service (ECS) console, select Instances & Images > Images > Instances from the left side menu.
  2. Click Create Instance to create the primary FortiProxy instance.
  3. Select the Custom Launch tab.
  4. Set the Basic Configurations options.
    Billing MethodSelect Pay-as-you-go.
    RegionSelect the region and zone where the VSwitch is located.
    Instance TypeSelect an instance type with at least 4 vCPU and 8 GB memory.

    Image

    Select Custom Image and select the image you created earlier.

    Storage

    Select standard or enhanced SSD and specify a desired storage size. Add a data disk with desired SSD type and size.

  5. Click Next.
  6. Configure the Networking options.
    Network Type Select the VPC and the external VSwitch you created earlier.
    Public IP Address

    Enable Assign Public IPv4 Address. You will access FortiProxy's GUI and CLI through this IP address.

    Bandwidth Billing

    Select Pay-By-Traffic or Pay-By-Bandwidth as desired.

    Security GroupSelect the security group you created earlier.

    Elastic Network Interface

    Select the external VSwitch you created earlier. This is the default ENI, which will be port1 on FortiProxy-VM. It is for public access such as the traffic from the clients to your application and the FortiProxy administrative access.

    Click the Add icon to select the second VSwitch you created in the VPC. This will be port2 on FortiProxy-VM and be used for the connection between FortiWProxy and the back-end server.

    You are allowed to create only two ENIs during the deployment process. You will need to create the third ENI after the FortiProxy-VM is deployed in later steps.

  7. Click Next.
  8. Configure the System Configurations options.
    Logon CredentialsSelect Set Later.
    Instance Name

    Specify the instance name to identify the instance.

    Host

    Specify the host name to identify the FortiProxy VM.

    Advanced

    RAM Role—Select an RAM role that includes the following permissions:

    • AliyunECSReadOnlyAccess

    • AliyunEIPReadOnlyAccess

    • AliyunVPCReadOnlyAccess

    If you do not have such a role already, create one and add these permissions to the role before selecting the role here.

    Note Actual role configurations may differ depending on your environments. Check with your company's public cloud administrators for details.

    User Data—Copy the string in the license file (.lic) you obtained during License registration and paste it here. This ensures that the FortiProxy VM is licensed before you launch it and avoids the need to manually load the license file during your first login.

  9. Click Next.
  10. Configure the Grouping options as desired.
  11. Review the instance information. Go back and update any information if needed.
  12. Check ECS Terms of Service and Product Terms of Service Agreement.
  13. Click Create Instance and verify the status of the instance changes to Running.
  14. Create ENIs for the hasync and mngt (optional) interfaces and bind them to the instance:
    1. From the left side menu, select Network & Security > ENIs.
    2. Click Create ENI to create the third ENI for heartbeat traffic.
    3. Select the VPC you created.
    4. Select the VSwitch you created for the heartbeat traffic between HA members in the VPC. This ENI will be port3 on FortiProxy-VM.
    5. Specify the Primary Private IP. It should be in the same subnet as your back-end server. The following lists the IP address assignments for this sample deployment for FortiProxy-A (primary) and FortiProxy-B (secondary):

      Port

      AliCloud primary address for FortiProxy-A

      AliCloud primary address for FortiProxy-B

      port1

      10.0.1.11

      10.0.1.12

      port2

      10.0.2.11

      10.0.2.12

      port3

      10.0.3.11

      10.0.3.12

      (Optional) port4

      10.0.4.11

      10.0.4.12

    6. Select the security group you created.
    7. Click OK. The ENI should be listed in the table.
    8. From the left side menu, select Instances & Images > Images > Instances and find the instance you have created.
    9. Click the instance name.
    10. Select the ENI tab and click Bind Secondary ENI.
    11. Select the ENI you just created for hasync.
    12. Click OK.
    13. (Optional) Repeat the sub-steps above to create another ENI for the mngt interface and bind it to the related instance.
  15. Try logging in the FortiProxy VM instance using the default credentials: username is admin and password is the instance ID. You will be prompted to change the default password during the first login.
  16. Create the secondary FortiProxy VM instance and configure ENIs by repeating the previous steps. The only difference is that in step 6, do not enable Assign Public IPv4 Address as the secondary FortiProxy VM instance works as a backup of the primary instance and shares the public IP of the primary instance.
  17. Create an Elastic IP (EIP):
    1. In the AliCloud Virtual Private Cloud (VPC) console, select Elastic IP Addresses from the left side menu and click Create EIP.
    2. Configure the following options.
      Billing MethodSelect Pay-as-you-go.
      RegionSelect the region and zone where the instance is located.
      Line TypeSelect BGP (Multi-ISP).

      Network Type

      Select Internet.

      Security Protection

      Select Default.

      IP Address Pool

      Select Default.

      Data TransferSelect a desired method.

      Maximum Bandwidth

      Select a desired bandwidth.

      Name

      Specify a name to identify the EIP.

    3. Click Buy Now.
  18. Create an HaVip and bind the EIP and FortiProxy instances to the HaVip.
    1. In the AliCloud Virtual Private Cloud (VPC) console, select HaVip from the left side menu and click Create HaVip.
    2. Configure the following options.
      Resource GroupSelect your resource group.
      Instance NameSpecify a name to identify the HaVip.

      VPC

      Select your VPC.

      VSwitch

      Select the external VSwitch of your VPC.

      Whether to automatically assign private IP addressesSelect No and specify the following IP address: 10.0.1.252. You will need to use this IP as the port1 IP address of the FortiProxy instances when configuring HA settings later.
    3. Click OK.
    4. Open the HaVip you just created.
    5. In the Resources section, click the Bind button near Elastic IP Address and select the EIP you just created.
    6. Click OK.
    7. Click the Bind button near ECS Instances.
    8. Select ECS Instances under Resource Type and select the primary FortiProxy instance under Bind Resource.
    9. Click OK.
    10. Click the Bind button near ECS Instances again.
    11. Select ECS Instances under Resource Type and select the secondary FortiProxy instance under Bind Resource.
    12. Click OK.
Previous
Next

Creating two FortiProxy-VM instances - HaVip

  1. In the AliCloud Elastic Compute Service (ECS) console, select Instances & Images > Images > Instances from the left side menu.
  2. Click Create Instance to create the primary FortiProxy instance.
  3. Select the Custom Launch tab.
  4. Set the Basic Configurations options.
    Billing MethodSelect Pay-as-you-go.
    RegionSelect the region and zone where the VSwitch is located.
    Instance TypeSelect an instance type with at least 4 vCPU and 8 GB memory.

    Image

    Select Custom Image and select the image you created earlier.

    Storage

    Select standard or enhanced SSD and specify a desired storage size. Add a data disk with desired SSD type and size.

  5. Click Next.
  6. Configure the Networking options.
    Network Type Select the VPC and the external VSwitch you created earlier.
    Public IP Address

    Enable Assign Public IPv4 Address. You will access FortiProxy's GUI and CLI through this IP address.

    Bandwidth Billing

    Select Pay-By-Traffic or Pay-By-Bandwidth as desired.

    Security GroupSelect the security group you created earlier.

    Elastic Network Interface

    Select the external VSwitch you created earlier. This is the default ENI, which will be port1 on FortiProxy-VM. It is for public access such as the traffic from the clients to your application and the FortiProxy administrative access.

    Click the Add icon to select the second VSwitch you created in the VPC. This will be port2 on FortiProxy-VM and be used for the connection between FortiWProxy and the back-end server.

    You are allowed to create only two ENIs during the deployment process. You will need to create the third ENI after the FortiProxy-VM is deployed in later steps.

  7. Click Next.
  8. Configure the System Configurations options.
    Logon CredentialsSelect Set Later.
    Instance Name

    Specify the instance name to identify the instance.

    Host

    Specify the host name to identify the FortiProxy VM.

    Advanced

    RAM Role—Select an RAM role that includes the following permissions:

    • AliyunECSReadOnlyAccess

    • AliyunEIPReadOnlyAccess

    • AliyunVPCReadOnlyAccess

    If you do not have such a role already, create one and add these permissions to the role before selecting the role here.

    Note Actual role configurations may differ depending on your environments. Check with your company's public cloud administrators for details.

    User Data—Copy the string in the license file (.lic) you obtained during License registration and paste it here. This ensures that the FortiProxy VM is licensed before you launch it and avoids the need to manually load the license file during your first login.

  9. Click Next.
  10. Configure the Grouping options as desired.
  11. Review the instance information. Go back and update any information if needed.
  12. Check ECS Terms of Service and Product Terms of Service Agreement.
  13. Click Create Instance and verify the status of the instance changes to Running.
  14. Create ENIs for the hasync and mngt (optional) interfaces and bind them to the instance:
    1. From the left side menu, select Network & Security > ENIs.
    2. Click Create ENI to create the third ENI for heartbeat traffic.
    3. Select the VPC you created.
    4. Select the VSwitch you created for the heartbeat traffic between HA members in the VPC. This ENI will be port3 on FortiProxy-VM.
    5. Specify the Primary Private IP. It should be in the same subnet as your back-end server. The following lists the IP address assignments for this sample deployment for FortiProxy-A (primary) and FortiProxy-B (secondary):

      Port

      AliCloud primary address for FortiProxy-A

      AliCloud primary address for FortiProxy-B

      port1

      10.0.1.11

      10.0.1.12

      port2

      10.0.2.11

      10.0.2.12

      port3

      10.0.3.11

      10.0.3.12

      (Optional) port4

      10.0.4.11

      10.0.4.12

    6. Select the security group you created.
    7. Click OK. The ENI should be listed in the table.
    8. From the left side menu, select Instances & Images > Images > Instances and find the instance you have created.
    9. Click the instance name.
    10. Select the ENI tab and click Bind Secondary ENI.
    11. Select the ENI you just created for hasync.
    12. Click OK.
    13. (Optional) Repeat the sub-steps above to create another ENI for the mngt interface and bind it to the related instance.
  15. Try logging in the FortiProxy VM instance using the default credentials: username is admin and password is the instance ID. You will be prompted to change the default password during the first login.
  16. Create the secondary FortiProxy VM instance and configure ENIs by repeating the previous steps. The only difference is that in step 6, do not enable Assign Public IPv4 Address as the secondary FortiProxy VM instance works as a backup of the primary instance and shares the public IP of the primary instance.
  17. Create an Elastic IP (EIP):
    1. In the AliCloud Virtual Private Cloud (VPC) console, select Elastic IP Addresses from the left side menu and click Create EIP.
    2. Configure the following options.
      Billing MethodSelect Pay-as-you-go.
      RegionSelect the region and zone where the instance is located.
      Line TypeSelect BGP (Multi-ISP).

      Network Type

      Select Internet.

      Security Protection

      Select Default.

      IP Address Pool

      Select Default.

      Data TransferSelect a desired method.

      Maximum Bandwidth

      Select a desired bandwidth.

      Name

      Specify a name to identify the EIP.

    3. Click Buy Now.
  18. Create an HaVip and bind the EIP and FortiProxy instances to the HaVip.
    1. In the AliCloud Virtual Private Cloud (VPC) console, select HaVip from the left side menu and click Create HaVip.
    2. Configure the following options.
      Resource GroupSelect your resource group.
      Instance NameSpecify a name to identify the HaVip.

      VPC

      Select your VPC.

      VSwitch

      Select the external VSwitch of your VPC.

      Whether to automatically assign private IP addressesSelect No and specify the following IP address: 10.0.1.252. You will need to use this IP as the port1 IP address of the FortiProxy instances when configuring HA settings later.
    3. Click OK.
    4. Open the HaVip you just created.
    5. In the Resources section, click the Bind button near Elastic IP Address and select the EIP you just created.
    6. Click OK.
    7. Click the Bind button near ECS Instances.
    8. Select ECS Instances under Resource Type and select the primary FortiProxy instance under Bind Resource.
    9. Click OK.
    10. Click the Bind button near ECS Instances again.
    11. Select ECS Instances under Resource Type and select the secondary FortiProxy instance under Bind Resource.
    12. Click OK.
Previous
Next