Fortinet black logo

Initial deployment

Copy Link
Copy Doc ID 69c31672-f2ec-11e8-b86b-00505692583a:195813

Initial deployment

FortiWeb-VM support Cloud-init on Google Cloud. It enables you to deploy a FortiWeb-VM with preset configurations and license. To use this feature, you need to upload the command file and license file to GCP Cloud Storage. If you prefer a clean FortiWeb-VM with no preset configurations, you can directly launch the VM.

Uploading command file and license file to GCP Cloud Storage

Create a .txt file containing the commands to be executed when FortiWeb-VM is launched. For example, add the following commands in the file to configure FortiWeb to use timezone 03 and record logs with a severity of notification or higher.

Upload the command file and license file to the bucket under Google Cloud Storage.

Deploying FortiWeb-VM

  1. In the Google Cloud marketplace, find Fortinet FortiWeb Web Application Firewall WAF VM.
  2. Click LAUNCH.
  3. Select the variables as required.



    Deployment nameEnter the name of the FortiWeb-VM to appear in the Compute Engine portal.
    ZoneChoose the zone to deploy the FortiWeb to.
    Machine typeChoose the instance type required.
    Boot disk typeLeave as-is.
    Boot disk size in GBLeave as-is.
    Network interfacesSelect the network located in the selected zone. Currently a one-arm setup in one subnet is supported on the Cloud Launcher solution.
    Firewall

    Selected all, or allow at least HTTPS and TCP port 8443 if the strictest security is allowed in your network as the first setup. Change firewall settings as needed later on. Note these are the open ports allowed in Google Cloud to protect incoming access to the FortiWeb instance over the Internet and are not part of FortiWeb firewall features.

    Notes:

    • For FortiWeb-VM 602 and later versions, port 80 , 443, 8080, 8443, and 22 are allowed by default. Port 8080 and 8443 are the default ports for accessing FortiWeb's GUI.
    • For FortiWeb-VM version 601, port 8080 and 8443 are not allowed by default. You need to access FortiWeb's GUI through port 80 and 443. If you want to use these two ports for your application traffic, you can add firewall rules to allow more ports after the VM is created, then change the default administrative ports through FortiWeb's GUI (System > Admin > Settings > Web Administration Ports).
    Additional Networks

    Select additional network interface.

    2 to 4 additional network interfaces can be added in the FortiWeb-VM instance. Make sure the selected Machine type supports correct number of vNICs. For more information on Maximum number of network interface, see this article.

    MetaData

    License for FWB: You can enter the path of the license file (for example: gs://fwb-bucket/FVVM08TM21000998.lic).

    Enable initial bootup using user data: You can paste the path of Cloud-init file, for example, gs://fwb-bucket/fwb-cloudinit.txt.

  4. Click Deploy. When deployment is done, the screen displays an overview of the FortiWeb including the admin URL, admin user account name and password.
When you deploy the FortiWeb-VM package, network adapters are created automatically. If you want to delete network adapters, do it during the deployment process. It's not recommended to delete network adapters once the FortiWeb is deployed, otherwise unexpected error will occur.

Initial deployment

FortiWeb-VM support Cloud-init on Google Cloud. It enables you to deploy a FortiWeb-VM with preset configurations and license. To use this feature, you need to upload the command file and license file to GCP Cloud Storage. If you prefer a clean FortiWeb-VM with no preset configurations, you can directly launch the VM.

Uploading command file and license file to GCP Cloud Storage

Create a .txt file containing the commands to be executed when FortiWeb-VM is launched. For example, add the following commands in the file to configure FortiWeb to use timezone 03 and record logs with a severity of notification or higher.

Upload the command file and license file to the bucket under Google Cloud Storage.

Deploying FortiWeb-VM

  1. In the Google Cloud marketplace, find Fortinet FortiWeb Web Application Firewall WAF VM.
  2. Click LAUNCH.
  3. Select the variables as required.



    Deployment nameEnter the name of the FortiWeb-VM to appear in the Compute Engine portal.
    ZoneChoose the zone to deploy the FortiWeb to.
    Machine typeChoose the instance type required.
    Boot disk typeLeave as-is.
    Boot disk size in GBLeave as-is.
    Network interfacesSelect the network located in the selected zone. Currently a one-arm setup in one subnet is supported on the Cloud Launcher solution.
    Firewall

    Selected all, or allow at least HTTPS and TCP port 8443 if the strictest security is allowed in your network as the first setup. Change firewall settings as needed later on. Note these are the open ports allowed in Google Cloud to protect incoming access to the FortiWeb instance over the Internet and are not part of FortiWeb firewall features.

    Notes:

    • For FortiWeb-VM 602 and later versions, port 80 , 443, 8080, 8443, and 22 are allowed by default. Port 8080 and 8443 are the default ports for accessing FortiWeb's GUI.
    • For FortiWeb-VM version 601, port 8080 and 8443 are not allowed by default. You need to access FortiWeb's GUI through port 80 and 443. If you want to use these two ports for your application traffic, you can add firewall rules to allow more ports after the VM is created, then change the default administrative ports through FortiWeb's GUI (System > Admin > Settings > Web Administration Ports).
    Additional Networks

    Select additional network interface.

    2 to 4 additional network interfaces can be added in the FortiWeb-VM instance. Make sure the selected Machine type supports correct number of vNICs. For more information on Maximum number of network interface, see this article.

    MetaData

    License for FWB: You can enter the path of the license file (for example: gs://fwb-bucket/FVVM08TM21000998.lic).

    Enable initial bootup using user data: You can paste the path of Cloud-init file, for example, gs://fwb-bucket/fwb-cloudinit.txt.

  4. Click Deploy. When deployment is done, the screen displays an overview of the FortiWeb including the admin URL, admin user account name and password.
When you deploy the FortiWeb-VM package, network adapters are created automatically. If you want to delete network adapters, do it during the deployment process. It's not recommended to delete network adapters once the FortiWeb is deployed, otherwise unexpected error will occur.