Fortinet black logo

Administration Guide

Home FortiPAM 1.1.0 Administration Guide
1.1.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Appendix G: Installation on Azure

Appendix G: Installation on Azure

Uploading the VHD file to an Azure storage account

To upload the VHD file to an Azure storage account:
  1. Unzip the FPA_AZURE-v100-buildXXXX-FORTINET.out.hyperv.zip file and store the fortipam.vhd file on your management computer.
  2. Go to your storage account on the Microsoft Azure Portal and click Upload.

    The Upload blob window opens.

  3. Select Browse for files and locate the fortipam.vhd file that you downloaded and unzipped in step 1.
  4. Click Upload.

Creating an image on Azure Images

To create an image:
  1. Go to Images on the Azure Portal and select Create.

    The Create an image wizard opens.

  2. From the Resource group dropdown, select a resource group.
  3. In Name, enter the name for the image.
  4. In the Region dropdown, select a region.
  5. In OS type, select Linux.
  6. In VM generation, you can select Gen 1 or Gen 2.

    Gen 1 VMs use BIOS-based architecture, whereas Gen 2 VMs use the new UEFI-based boot architecture.

  7. In the Storage blob, click Browse, locate the fortipam.vhd file that you uploaded to your storage account in Uploading the VHD file to an Azure storage account, and click Next : Tags.
  8. Optionally, in Tags, enter tags, and click Next : Review + Create.
  9. Review your settings and then click Create.

    Note: The deployment may take several minutes to finish.

Creating the FortiPAM-VM

To create the FortiPAM-VM:
  1. On the Azure Portal, open the image you created in Creating an image on Azure Images, and click Create VM.

    The Create a virtual machine wizard opens.

  2. In Virtual machine name, enter a name for the VM being created.
  3. In the Region dropdown, select a region if the region is not automatically selected.
  4. In the Image dropdown, select the image created in Creating an image on Azure Images if the image is not automatically selected.
  5. In the Size dropdown, select a size that supports the workload you intend to perform.

  6. In the Administrator account pane:
    1. In Authentication type, select Password.
    2. In Username, enter a username.
    3. In Password, enter the password.
    4. In Confirm password, enter the password again to confirm.

      5. The account is created with the Super Administrator role on FortiPAM.

  7. In the Inbound port rules pane:
    1. In Public inbound ports, select Allow selected ports.
    2. In the Select inbound ports dropdown, select HTTPS (443), SSH (22).
  8. In the License Type dropdown, select Other, and click Next.

  9. In Data disks for FPAM-demo-VM, select Create and attach a new disk.

  10. Create a disk for the log and another for the video, and click Next.

  11. In the Networking tab:
    1. In the Virtual network dropdown, select a virtual network.
    2. In the Subnet dropdown, select a subnet.
    3. In the Public IP dropdown, select a public IP address or create a new public IP address.
    4. In NIC network security group, select Basic.
    5. In Public inbound ports, select Allow selected ports.
    6. In the Select inbound ports dropdown, select HTTPS (443), SSH (22), and click Next.

  12. Click Next and navigate through the remaining tabs.
  13. Finally, review your settings and then click Create.

    Note: The VM deployment may take several minutes to finish.

Initial configuration

  1. On the FortiPAM-VM Networking page, copy and save the network interface's private and public IP addresses.

  2. In the VM serial console, log in as the default super admin set up in step 6 of Creating the FortiPAM-VM.
  3. Using the following CLI commands, configure port1:

    config system interface

    edit port1

    set mode static #by default, set as dhcp

    set ip 10.100.0.5/24 #set to the private IP address assigned by Azure in step 1

    set allowaccess ssh https #by default, only ssh

    next

    end

  4. Using the following CLI commands, configure a static route:

    config router static

    edit 1

    set gateway 10.100.0.1

    set device port1

    next

    end

  5. On a web browser, go to https://<Public IP> to access the FortiPAM-VM GUI.

    Note: The public IP address was saved in step 1.

  6. Log in with the super admin username and password as set up in step 6 of Creating the FortiPAM-VM.

    The FortiPAM VM license window appears immediately after you log in.

  7. In the Upload License File pane, select Upload and browse to the license file on your management computer.
  8. Click OK.

    After the boot up, the license status changes to valid.

    You can now use your FortiPAM-VM deployed on Azure.

    Evaluation license is not available on Azure.

Previous
Next

Appendix G: Installation on Azure

Uploading the VHD file to an Azure storage account

To upload the VHD file to an Azure storage account:
  1. Unzip the FPA_AZURE-v100-buildXXXX-FORTINET.out.hyperv.zip file and store the fortipam.vhd file on your management computer.
  2. Go to your storage account on the Microsoft Azure Portal and click Upload.

    The Upload blob window opens.

  3. Select Browse for files and locate the fortipam.vhd file that you downloaded and unzipped in step 1.
  4. Click Upload.

Creating an image on Azure Images

To create an image:
  1. Go to Images on the Azure Portal and select Create.

    The Create an image wizard opens.

  2. From the Resource group dropdown, select a resource group.
  3. In Name, enter the name for the image.
  4. In the Region dropdown, select a region.
  5. In OS type, select Linux.
  6. In VM generation, you can select Gen 1 or Gen 2.

    Gen 1 VMs use BIOS-based architecture, whereas Gen 2 VMs use the new UEFI-based boot architecture.

  7. In the Storage blob, click Browse, locate the fortipam.vhd file that you uploaded to your storage account in Uploading the VHD file to an Azure storage account, and click Next : Tags.
  8. Optionally, in Tags, enter tags, and click Next : Review + Create.
  9. Review your settings and then click Create.

    Note: The deployment may take several minutes to finish.

Creating the FortiPAM-VM

To create the FortiPAM-VM:
  1. On the Azure Portal, open the image you created in Creating an image on Azure Images, and click Create VM.

    The Create a virtual machine wizard opens.

  2. In Virtual machine name, enter a name for the VM being created.
  3. In the Region dropdown, select a region if the region is not automatically selected.
  4. In the Image dropdown, select the image created in Creating an image on Azure Images if the image is not automatically selected.
  5. In the Size dropdown, select a size that supports the workload you intend to perform.

  6. In the Administrator account pane:
    1. In Authentication type, select Password.
    2. In Username, enter a username.
    3. In Password, enter the password.
    4. In Confirm password, enter the password again to confirm.

      5. The account is created with the Super Administrator role on FortiPAM.

  7. In the Inbound port rules pane:
    1. In Public inbound ports, select Allow selected ports.
    2. In the Select inbound ports dropdown, select HTTPS (443), SSH (22).
  8. In the License Type dropdown, select Other, and click Next.

  9. In Data disks for FPAM-demo-VM, select Create and attach a new disk.

  10. Create a disk for the log and another for the video, and click Next.

  11. In the Networking tab:
    1. In the Virtual network dropdown, select a virtual network.
    2. In the Subnet dropdown, select a subnet.
    3. In the Public IP dropdown, select a public IP address or create a new public IP address.
    4. In NIC network security group, select Basic.
    5. In Public inbound ports, select Allow selected ports.
    6. In the Select inbound ports dropdown, select HTTPS (443), SSH (22), and click Next.

  12. Click Next and navigate through the remaining tabs.
  13. Finally, review your settings and then click Create.

    Note: The VM deployment may take several minutes to finish.

Initial configuration

  1. On the FortiPAM-VM Networking page, copy and save the network interface's private and public IP addresses.

  2. In the VM serial console, log in as the default super admin set up in step 6 of Creating the FortiPAM-VM.
  3. Using the following CLI commands, configure port1:

    config system interface

    edit port1

    set mode static #by default, set as dhcp

    set ip 10.100.0.5/24 #set to the private IP address assigned by Azure in step 1

    set allowaccess ssh https #by default, only ssh

    next

    end

  4. Using the following CLI commands, configure a static route:

    config router static

    edit 1

    set gateway 10.100.0.1

    set device port1

    next

    end

  5. On a web browser, go to https://<Public IP> to access the FortiPAM-VM GUI.

    Note: The public IP address was saved in step 1.

  6. Log in with the super admin username and password as set up in step 6 of Creating the FortiPAM-VM.

    The FortiPAM VM license window appears immediately after you log in.

  7. In the Upload License File pane, select Upload and browse to the license file on your management computer.
  8. Click OK.

    After the boot up, the license status changes to valid.

    You can now use your FortiPAM-VM deployed on Azure.

    Evaluation license is not available on Azure.

Previous
Next