Installing FortiIsolator VM for AWS
The following section will cover three steps:
- Step 1: Install FortiIsolator on AWS
- Step 2: Accessing to FortiIsolator CLI via Ubuntu
- Step 3: Browsing sites through FortiIsolator
Step 1: Install FortiIsolator on AWS
- Verify the file has been uploaded in AWS: EC2 > Images > AMIs.
- Create instance from the file.
-
Select Instance Type:
Note: FortiIsolator High Availabilities (HA) have to run on AWS Instances that are built on the Nitro System.
-
Select VPC and Subnets:
-
Verify network interface, and proceed to Next Add Storage:
-
Select /dev/sdf, and assign size (GiB):
-
Select the Security Group that was created in the previous steps.
After clicking Launch Instance, stop the process, and go add another three interfaces. Make sure FortiIsolator has four interfaces:
- Internal Interface: 192.168.0.0/24
- External Interface: 192.168.2.0/24
- Management Interface: 192.168.1.0/24
- HA Interface: 192.168.3.0/24
Verify the interfaces are in this order.
Settings the 3rd interface as 192.168.1.0/24 subnet allows you to access default management IP 192.168.1.99.
-
Step 2: Accessing to FortiIsolator CLI via Ubuntu
Pre-requisites
- You need an Ubuntu in AWS that has same subnets as FortiIsolator
- You need an associated EIP as the public IP to the Ubuntu on 192.168.1.0/24 subnet.
- Connect to Ubuntu:
> ssh -i "fis_aws.pem" ubuntu@public_ip(EIP)
- From Ubuntu SSH to FIS via Mgmt Interface pre-defined IP (192.168.1.99).
> ssh admin@192.168.1.99
- Set Internal IP:
> set internal-ip 192.168.0.99/24
- Set DNS:
> set dns 192.168.0.2 192.168.0.2
- Set IP Mapping on FIS to public IP:
> set fis-ipmap 443 443 public_ip
- Overview:
e.g.
> set internal-ip 192.168.0.99/24
> set internal-gw 0.0.0.0/0 192.168.0.2
> set dns 192.168.0.2
> set fis-ipmap 443 443 public_ip
Step 3: Browsing sites through FortiIsolator
IP Forwarding:
https://<public_ip>/isolator/https://www.fortinet.com/
Proxy:
Browser Setting:
> HTTP Proxy: public_ip port 8888