Deploying the FortiWeb-VM Instance
- Go to Compute Engine > VM Instances. Click CREATE INSTANCE.
- In the Name field, enter the desired name for the VM. Select the desired zone and machine type.
- Under Boot disk, click Change.
- On the Custom images tab, select the newly created image. Change the boot disk type as needed. It's recommended to keep the default size or enter a larger size. Click Select. Ensure the new image is selected.
- Select Allow HTTPS traffic. If you allocate multiple network interfaces to the FortiWeb, this is nullified at this stage. You can configure this later. See Configuring Google Cloud Firewall Rules.
- Click Networking. Here you need to specify multiple network interfaces. One is located on the public-facing side of the Internet, the other facing a protected private network.
For Firewall, selected all, or allow at least HTTPS and TCP port 8443 if the strictest security is allowed in your network as the first setup. Change firewall settings as needed later on. Note these are the open ports allowed in Google Cloud to protect incoming access to the FortiWeb instance over the Internet and are not part of FortiWeb firewall features.
- For FortiWeb-VM 602 and later versions, port 80 , 443, 8080, 8443, and 22 are allowed by default. Port 8080 and 8443 are the default ports for accessing FortiWeb's GUI.
- For FortiWeb-VM version 601, port 8080 and 8443 are not allowed by default. You need to access FortiWeb's GUI through port 80 and 443. If you want to use these two ports for your application traffic, you can add firewall rules to allow more ports after the VM is created, then change the default administrative ports through FortiWeb's GUI (System > Admin > Settings > Web Administration Ports).
- Edit the first network interface. Preferably assign a static IP address. Under IP Forwarding, select On. Configure other items as needed and click Done.
- Click Add network interface to add the second interface for the private subnet. If you click Network there will be the list of pre-configured networks. Choose the one located in the same region as you chose to deploy the instance. Under External IP, select None.
- After configuring all elements, click Create.
- After 15-30 minutes, the instance should be up and running.