Section 2: Deploying FortiManager in AWS
In this section, you will deploy FortiManager-VM in AWS using the Fortinet CSE INTL GitHub repository.
Important
Before launching the CloudFormation template, you must subscribe to the FortiManager BYOL image in AWS Marketplace. If this step is skipped, the CloudFormation deployment may fail.
2.1 Subscribe FortiGate & FortiManager BYOL AMI
You will subscribe FortiGate and FortiManager BYOL AMI before deployment. The following procedure should be completed for both products. Click the links below.
AWS Marketplace : FortiManager BYOL AMI Listing
AWS Marketplace : FortiGate BYOL AMI Listing
Follow the steps below:
- Click "View purchase options"
View purchase options- Go down a little and click "Subscribe"
SubscribeWait couple of minutes for subsccription to be completed.
2.2 FortiManager deployment in AWS
Deployment selection:
FortiManager Standalone (New VPC)GitHub Repository for deploying FortiManager
This deployment creates a new AWS VPC and deploys FortiManager-VM into that new VPC.
Objectives
By the end of this section, you will be able to:
- Launch the FortiManager New VPC CloudFormation template.
- Deploy FortiManager in AWS.
- Collect the FortiManager access information.
- Log in to the FortiManager GUI.
Before You Begin
Confirm that you have the following information from your instructor:
| Item | Example / Notes |
|---|---|
| EC2 key pair | Created in Section 1 |
| Allowed management CIDR | Your public IP or instructor-provided CIDR |
| FortiFlex token ID | Provided by instructor |
Important
Do not share AWS credentials, FortiManager passwords, API keys, FortiFlex credentials, or license information.
2.3 FortiManager Deployment Template
Open the Fortinet CSE INTL FortiManager repository:
GitHub Repository for deploying FortiManager
Locate:
FortiManager Standalone (New VPC)2.4 Launch the CloudFormation Stack
Under FortiManager Standalone (New VPC), click:
textLaunch StackConfirm that the CloudFormation page opens in:
texteu-central-1Click:
textNext
2.5 Configure Stack Parameters
Use the values provided by your instructor.
Suggested values:
| Parameter | Value |
|---|---|
| Stack name | student<number> |
| VPCCIDR | Default |
| PublicSubnet | Default |
| PublicSubnetRouterIP | Default |
| AZForFMG | AZ in eu-central-1 |
| FMGInstanceType | Default |
| FortiManager version | 7.6.x |
| LicenseType | FortiFlex |
| FortiFlexTokenID | Provided by instructor (Column E) |
| CIDRForFMGccess | Default |
| Key pair | Created EC2 key pair in Section 1 |
| EncryptVolumes | false |
2.6 Create the Stack
Review the stack configuration.
Confirm that:
- Region is
eu-central-1. - Deployment option is New VPC.
LicenseTypeis set toFortiFlex.- Key pair is correct.
- Region is
Click the box
I acknowledge that AWS CloudFormation might create IAM resources.Click:
textCreate stackWait until the stack status becomes:
textCREATE_COMPLETE
2.7 Collect FortiManager Access Information
After the stack is complete:
Open the EC2 stack, click Instances.
Find the public IP assigned to FortiManager.
Access the FortiManager GUI using the assigned public IP.
The first password is the EC2 instance ID. You will need to change it after first login.
Example:
FortiManager URL: https://<fortimanager-public-ip>
FortiManager Username: admin
FortiManager Password: <Instance-ID>- Record the FortiManager access information in your private notes.
Do Not Share
Do not share FortiManager credentials.
2.8 Enable FortiManager Management of VM Devices
Before continuing with the UMS and Auto Scaling configuration, FortiManager must be configured to allow management of VM devices.
This is required so FortiManager can manage the FortiGate-VM instances that will be deployed later by the Auto Scaling Group.
Log in to the FortiManager CLI via GUI or SSHv2 session, and run the following commands:
config sys global
set fgfm-allow-vm enable
endAfter this command is applied, FortiManager is ready to manage FortiGate-VM devices created during the UMS Auto Scaling deployment.