Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.1
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    VM Installation - OpenStack

    Home FortiADC Private Cloud VM Installation - OpenStack

    Installation procedures

    Installation procedures

    Follow the steps below to install the FortiADC software package in your OpenStack environment.

    Step 1: Verify your OpenStack environment

    Ensure that the system is running OpenStack version 2023.2 with Octavia properly installed and configured.

    Step 2: Download and extract the fadc-octavia-provider

    1. Download the fadc-octavia-provider.tar.gz file from https://github.com/fortinet/fortiadc-openstack.

    2. Extract the contents in your OpenStack installation environment using the command: tar -zxvf fadc-octavia-provider.tar.gz.

    Step 3: Install the FortiADC Driver and Agent

    1. Install the driver and agent:

      If the openstack installed on python virtual environment, it needs to go to virtual environment to install package.
Run the “./install.sh” to install both driver and agent.

    2. Modify octavia.conf in /etc/oectavia/:

      enabled_provider_drivers = amphora:The Octavia Amphora driver.,octavia:Deprecated alias of the Octavia Amphora driver.,ovn:Octavia OVN driver.,fortiadc_driver:fortiadc driver.
default_provider_driver = fortiadc_driver

Restart uwsgi service. It can enable Fortiadc driver.

    Step 4: Start the FortiADC Agent

    1. Configure the FortiADC Agent:
      The package includes an example configuration file named fadc_octavia_example.conf. Copy this file to /etc/octavia/fadc_octavia.conf and modify it with the appropriate values.
      Please ensure that the content of the fadc_devices section remains in JSON format after making any changes.

      fadc_devices = [
              {
               "fadc_FQDN": "172.24.4.223",
               "fadc_username": "admin",
               "fadc_password": "fortinet",
               "fadc_vdom_network_mapping": "port2",
               "fadc_bind_vip_port_id": "69dd6263-203f-46ed-835d-327b9f0baf8d",
               "fadc_vdom_network_allowAccess": {"port2":"http ping telnet https"},
               "fadc_vdom_network_ip": {"port2":"10.20.2.23/24"},
               "fadc_vdom_default_gw": "10.20.2.1",
               "fadc_vs_dev_intf": "port2",
               "fadc_vs_packet_forward_method": "FullNAT",     
               "fadc_vs_persistency": "LB_PERSIS_HASH_SRC_ADDR",
               "fadc_get_stats_interval": "2",
               "fadc_vs_nat_pool": ["10.20.2.190","10.20.2.199"],
               "fadc_vs_nat_intf": "port2",
               "fadc_healthcheck_port": “80”,
               "certificate_verify": false,
               "projects": [
                             "fe6cb031d610420394ba134f670488a6"
                           ]
              }
         ]

    2. Install the FortiADC Agent Service:
      Locate the FortiADC agent path by executing the command: which fortiadc_agent in the environment where the fadc-octavia-provider package is installed.
      Then, run the installation script with the following command:

      sudo ./install_service.sh /path/to/fortiadc_agent

      To verify that the service has started successfully, use the command:
      ps -ef | grep fortiadc_agent
    FortiADC Configuration Parameters for Deployment within an OpenStack Container:
    Parameter Description
    Debug
    debug_mode

    Enable or disable debug messages for fadc_api.

    True = enable

    False = disable
    Device information
    fadc_FQDN

    The FortiADC's IP address that OpenStack uses to communicate with it.
    fadc_username

    The FortiADC global user log-in name.

    Note: The default password is admin.
    fadc_password

    The FortiADC log-in password.

    Note: It's blank (no password) by default.
    Network
    fadc_vdom_network_mapping

    The interfaces assigned to the virtual domain.
    fadc_bind_vip_port_id

    The bind virtual interface port ID.
    fadc_vdom_network_allowAccess

    The applications that the interface allows to access. The value can be HTTPS, HTTP, SNMP, SSH, Ping, and Telnet.
    fadc_vdom_network_ip

    The IP addresses of the assigned interfaces.
    fadc_default_gw

    The static route with destination 0.0.0.0/0 in the VDOM.
    Virtual server
    fadc_vs_dev_intf

    The virtual server interface.
    fadc_vs_persistency

    The name of the persistence profile in the virtual server.
    fadc_vs_packet_forward_method

    The packet-forwarding method in Layer-4 virtual servers. It can be NAT or FullNAT.

    Note: This applies to Layer-4 virtual servers only.
    fadc_vs_nat_pool

    The IP address range of the NAT source pool.

    Note: This applies to Layer-4 virtual servers with NAT only.
    fadc_vs_nat_intf

    The interface of the NAT source pool.

    Note: This applies to Layer-4 virtual servers with NAT only.
    fadc_get_stats_interval

    The amount of data shown on the FortiADC's FortiView page:

    • 0=One hour's worth of data
    • 1=Six hours' worth of data
    • 2=One day's worth of data
    • 3=One week's worth of data
    • 4=One month's worth of data
    • 5=One year's worth of data
    Health check monitor port
    fadc_healthcheck_port

    The port number for FortiADC to create healthcheck profiles. The default is 80. Valid values range from 0 to 65535.

    Note: This applies to HTTP, HTTPS, and TCP only.
    Previous
    Next

    Installation procedures

    Installation procedures

    Follow the steps below to install the FortiADC software package in your OpenStack environment.

    Step 1: Verify your OpenStack environment

    Ensure that the system is running OpenStack version 2023.2 with Octavia properly installed and configured.

    Step 2: Download and extract the fadc-octavia-provider

    1. Download the fadc-octavia-provider.tar.gz file from https://github.com/fortinet/fortiadc-openstack.

    2. Extract the contents in your OpenStack installation environment using the command: tar -zxvf fadc-octavia-provider.tar.gz.

    Step 3: Install the FortiADC Driver and Agent

    1. Install the driver and agent:

      If the openstack installed on python virtual environment, it needs to go to virtual environment to install package.
Run the “./install.sh” to install both driver and agent.

    2. Modify octavia.conf in /etc/oectavia/:

      enabled_provider_drivers = amphora:The Octavia Amphora driver.,octavia:Deprecated alias of the Octavia Amphora driver.,ovn:Octavia OVN driver.,fortiadc_driver:fortiadc driver.
default_provider_driver = fortiadc_driver

Restart uwsgi service. It can enable Fortiadc driver.

    Step 4: Start the FortiADC Agent

    1. Configure the FortiADC Agent:
      The package includes an example configuration file named fadc_octavia_example.conf. Copy this file to /etc/octavia/fadc_octavia.conf and modify it with the appropriate values.
      Please ensure that the content of the fadc_devices section remains in JSON format after making any changes.

      fadc_devices = [
              {
               "fadc_FQDN": "172.24.4.223",
               "fadc_username": "admin",
               "fadc_password": "fortinet",
               "fadc_vdom_network_mapping": "port2",
               "fadc_bind_vip_port_id": "69dd6263-203f-46ed-835d-327b9f0baf8d",
               "fadc_vdom_network_allowAccess": {"port2":"http ping telnet https"},
               "fadc_vdom_network_ip": {"port2":"10.20.2.23/24"},
               "fadc_vdom_default_gw": "10.20.2.1",
               "fadc_vs_dev_intf": "port2",
               "fadc_vs_packet_forward_method": "FullNAT",     
               "fadc_vs_persistency": "LB_PERSIS_HASH_SRC_ADDR",
               "fadc_get_stats_interval": "2",
               "fadc_vs_nat_pool": ["10.20.2.190","10.20.2.199"],
               "fadc_vs_nat_intf": "port2",
               "fadc_healthcheck_port": “80”,
               "certificate_verify": false,
               "projects": [
                             "fe6cb031d610420394ba134f670488a6"
                           ]
              }
         ]

    2. Install the FortiADC Agent Service:
      Locate the FortiADC agent path by executing the command: which fortiadc_agent in the environment where the fadc-octavia-provider package is installed.
      Then, run the installation script with the following command:

      sudo ./install_service.sh /path/to/fortiadc_agent

      To verify that the service has started successfully, use the command:
      ps -ef | grep fortiadc_agent
    FortiADC Configuration Parameters for Deployment within an OpenStack Container:
    Parameter Description
    Debug
    debug_mode

    Enable or disable debug messages for fadc_api.

    True = enable

    False = disable
    Device information
    fadc_FQDN

    The FortiADC's IP address that OpenStack uses to communicate with it.
    fadc_username

    The FortiADC global user log-in name.

    Note: The default password is admin.
    fadc_password

    The FortiADC log-in password.

    Note: It's blank (no password) by default.
    Network
    fadc_vdom_network_mapping

    The interfaces assigned to the virtual domain.
    fadc_bind_vip_port_id

    The bind virtual interface port ID.
    fadc_vdom_network_allowAccess

    The applications that the interface allows to access. The value can be HTTPS, HTTP, SNMP, SSH, Ping, and Telnet.
    fadc_vdom_network_ip

    The IP addresses of the assigned interfaces.
    fadc_default_gw

    The static route with destination 0.0.0.0/0 in the VDOM.
    Virtual server
    fadc_vs_dev_intf

    The virtual server interface.
    fadc_vs_persistency

    The name of the persistence profile in the virtual server.
    fadc_vs_packet_forward_method

    The packet-forwarding method in Layer-4 virtual servers. It can be NAT or FullNAT.

    Note: This applies to Layer-4 virtual servers only.
    fadc_vs_nat_pool

    The IP address range of the NAT source pool.

    Note: This applies to Layer-4 virtual servers with NAT only.
    fadc_vs_nat_intf

    The interface of the NAT source pool.

    Note: This applies to Layer-4 virtual servers with NAT only.
    fadc_get_stats_interval

    The amount of data shown on the FortiADC's FortiView page:

    • 0=One hour's worth of data
    • 1=Six hours' worth of data
    • 2=One day's worth of data
    • 3=One week's worth of data
    • 4=One month's worth of data
    • 5=One year's worth of data
    Health check monitor port
    fadc_healthcheck_port

    The port number for FortiADC to create healthcheck profiles. The default is 80. Valid values range from 0 to 65535.

    Note: This applies to HTTP, HTTPS, and TCP only.
    Previous
    Next