Deploying FortiIsolator on AWS
The deployment of FortiIsolator on AWS includes three steps:
- Step 1: Install FortiIsolator on AWS
- Step 2: Accessing to FortiIsolator CLI via Ubuntu
- Step 3: Browsing sites through FortiIsolator
Step 1: Install FortiIsolator on AWS
- Verify the file has been uploaded in AWS: EC2 > Images > AMIs.
- Create instance from the file.
- Select an instance type:
FortiIsolator High Availabilities (HA) have to run on AWS Instances that are built on the Nitro System.
- Select VPC and Subnets:
- Verify network interface, and click Next: Add Storage:
- Select /dev/sdf, and assign size (GiB):
- Select the security group that was created in the previous steps.
After clicking Launch Instance, stop the process, and go add another three interfaces. Make sure FortiIsolator has four interfaces:
- Internal Interface: 192.168.0.0/24
- External Interface: 192.168.2.0/24
- Management Interface: 192.168.1.0/24
- HA Interface: 192.168.3.0/24
- Verify the interfaces are in this order.
Settings the third interface as
192.168.1.0/24
subnet allows you to access default management IP192.168.1.99
. - Select an instance type:
Step 2: Accessing FortiIsolator CLI via Ubuntu
Pre-requisites
-
You need an Ubuntu in AWS that has same subnets as FortiIsolator
-
You need an associated EIP as the public IP to the Ubuntu on
192.168.1.0/24
subnet.
- Connect to Ubuntu:
> ssh -i "fis_aws.pem" ubuntu@public_ip(EIP)
- From Ubuntu SSH to FIS via Mgmt Interface pre-defined IP (
192.168.1.99
).> ssh admin@192.168.1.99
- Set Internal IP:
> set internal-ip 192.168.0.99/24
- Set DNS:
> set dns 192.168.0.2 192.168.0.2
- Set IP Mapping on FIS to public IP:
> set fis-ipmap 443 443 public_ip
- Overview:
e.g.
> set internal-ip 192.168.0.99/24
> set internal-gw 0.0.0.0/0 192.168.0.2
> set dns 192.168.0.2
> set fis-ipmap 443 443 public_ip
Step 3: Browsing sites through FortiIsolator
IP Forwarding:
https://<public_ip>/isolator/https://www.fortinet.com/
Proxy:
Browser Setting:
> HTTP Proxy: public_ip port 8888