Deploying FortiManager-VM on IBM Cloud 7.0.4
FortiManager can be deployed as a Bring Your Own License (BYOL) FortiManager-VM on IBM Cloud. The following describes the steps to create, access, and license a FortiManager-VM instance in the IBM Cloud.
Deployment Information:
Below is a high level overview of what will be used or created:
- Cloud Object Storage Service and a Bucket of your choice will be used.
- A custom image will be created.
- A VPC and a subnet in the region of your choice will be used or created if needed.
- SSH Keys will be used or created.
- Network Security Groups of your choice will be used or created as needed.
- A Floating IP of your choice will be used or created as needed to access the FortiManager GUI.
- A FortiManager Virtual Server instance will be created using the VPC network, Custom image, Floating IP, and SSH Keys in your IBM Cloud environment.
To deploy FortiManager-VM on IBM Cloud using the GUI:
- Obtain the .qcow2 image file:
- Log in to the Fortinet Support site.
- Go to Support > Firmware Download.
- From the Select Product dropdown list, select FortiManager.
- Select the Download tab and navigate to the version needed.
Support for IBM Cloud began with FortiManager version 7.0.4.
- Download the FortiManager-VM deployment file (
FMG _VM64_IBM-vX-buildXXXX-FORTINET.out.kvm.zip). - Extract the ZIP file to get a .qcow2 file.
- Log in to the IBM Cloud portal.
- Prepare an object storage bucket on IBM VPC.
For more information about creating an object storage bucket on IBM Cloud, see Getting started with IBM Cloud Object Storage.
- Upload the .qcow2 image file to cloud object storage.
- Create the custom image:
- Go to VPC Infrastructure > Compute > Custom images.
- Click Create +.
- Enter the required information:
- Specify the Geography and Region of the custom image.
- Name the custom image (e.g. FortiManager Server Instance).
- Specify the Cloud Object Storage Location where the source .qcow2 file was uploaded to.
- Choose Debian GNU/Linux as the operating system, and select debian-10-amd64, then click Create Custom Image.
- Create a new virtual server instance based on the custom image:
- Enter the required information:
- Name of the FortiManager Server Instance.
- Specify the Resource group.
- Specify the Region.
- From the Operating System dropdown:
- Select Custom image.
- Select the custom image previously created in step 5.
- In the Profile section:
- Select View All Profiles.
- Select the desired instance profile (for example, bx2-4x16).
- Select SSH Keys or create them as needed.
- Add a data volume:
- In the Data volumes section, select Create +.
- Name the volume accordingly.
- Size the volume accordingly (for example, 10 GB).
- Use existing VPC and subnets or create a VPC and subnets as necessary.
- Add network interfaces as desired:
- In the Network interfaces section, select Create +.
- Name the interface accordingly.
- Select the desired subnet.
- Click Create Virtual Server.
- Enter the required information:
- Use an existing Security Group or create a new Security Group with the following Inbound Rules:
Protocol
Source Type
Source
Value
ICMP
Any
0.0.0.0/0
Type:Any, Code:Any
TCP
Any
0.0.0.0/0
Ports: 22-22
TCP
Any
0.0.0.0/0
Ports: 9443-9443
TCP
Any
0.0.0.0/0
Ports: 443-443
TCP
Any
0.0.0.0/0
Ports: 80-80
TCP & UDP
Any
0.0.0.0/0
Ports: 514-514
TCP
Any
0.0.0.0/0
Ports: 541-541
TCP
Any
0.0.0.0/0
Ports: 2032-2032
TCP
Any
0.0.0.0/0
Ports: 3000-3000
TCP
Any
0.0.0.0/0
Ports: 5199-5199
TCP
Any
0.0.0.0/0
Ports: 6020-6020
TCP
Any
0.0.0.0/0
Ports: 6028-6028
TCP
Any
0.0.0.0/0
Ports: 8080-8080
The Source CIDR range can be changed to be more restrictive based on the IBM Cloud Environment and/or customer networks. 0.0.0.0/0 is used in this document as an example.
- Reserve a floating IP for GUI access:
- Go to VPC Infrastructure.
- Select Floating IPs.
- Select Create +.
- Specify the values for: Geography, Region, Zone, Name of the IP, and Resource Group.
- Specify the instance (created from step 6) to bind with the Floating IP.
- In a browser, use the floating IP to access the FortiManager-VM instance by HTTPS or SSH.
- Log in with the default username
admin
and the initial password ofinstance-id
.