In this recipe, you will deploy FortiAnalyzer VM in Amazon Web Services (AWS) in one of two ways:
- 1-Click Launch on the AWS Marketplace
- Manual Launch on the AWS Marketplace (for those who require custom configuration)
Note 1-Click Launch creates the minimum size of EBS storage for quick setup and viewing. For production purposes, you will need more storage later. To have more storage initially, use Manual Launch. You can also manually add storage after the launch as described in step 2.
FortiAnalyzer VMs can be deployed on the AWS Elastic Compute Cloud (EC2). Prior to deploying the VM, an Amazon EC2 account is required. You can deploy the FortiAnalyzer VM using the AWS Marketplace launch or directly from the EC2 console.
1a. Deploying FortiAnalyzer VM using 1-Click Launch
Go to the AWS Marketplace’s page for FortiAnalyzer VM. Select Continue.
Select the desired region and instance type. Ensure the instance type fits the size of your deployment and potential future growth. Note t2.small is intended for free preview and its device support is limited to FortiGate-90 or smaller and FortiGate-VM 1vCPU models (VM00 and VM01).
Under Security Group, ensure Create new based on seller settings is selected from the dropdown list. The only open port required for the VM’s initial configuration is port 443, which allows for an HTTPS connection to the GUI. The remaining ports can also be opened to allow for all potential FortiAnalyzer communication.
Provide the Key Pair, then click Accept Terms & Launch with 1-Click to deploy the instance. The next page displays a thank you message, and you also receive an email from AWS Marketplace about the subscription. Close the page and go to the EC2 console.
The public DNS address is used to connect to and configure the FortiAnalyzer VM via the GUI.
To connect to the FortiAnalyzer VM management GUI, open a web browser and use the public DNS IPv4 address as the URL: https://<public DNS IPv4 address>. Log in with the default username admin and the instance ID as the password to configure your FortiAnalyzer VM.
1b. Deploying FortiAnalyzer VM using Manual Launch
Go to the AWS Marketplace’s page for FortiAnalyzer VM. Select Continue, then select Manual Launch.
Click the Launch with EC2 Console button beside your desired region.
Select an instance type. Ensure the instance type fits the size of your deployment and potential future growth. Note t2.small is intended for free preview and its device support is limited to FortiGate-90 or smaller and FortiGate-VM 1vCPU models (VM00 and VM01). Click Next: Configure Instance Details.
Configure the various attributes:
- Network (ensure to select a VPC connected to Internet Gateway; by default, VPCs are connected to Internet Gateway)
- Subet
- Enable Auto-assign Public IP
- Others as needed depending on your IT infrastructure requirements
Continue to adding storage. You can configure the volume type as EBS and the device as /dev/sdb and the size based on your requirements. Also consider the FortiAnalyzer license type as corresponding to the following storage amounts:
- t2.small: 500 GB
- c4.large: 4 TB
- m4.large: 8 TB
- m4.xlarge: 12 TB
- c4.2xlarge: 24 TB
- m4.2xlarge: 36 TB
- m4.4xlarge: 48 TB
- d2.4xlarge: 48 TB
The FortiAnalyzer system reserves a certain portion of disk space for system use and unexpected quota overflow. The remaining space is available for allocation to devices. Reports are stored in the reserved space. The following describes the reserved disk quota relative to the total available disk size (other than the root device):
- Small disk (less than or equal to 500 GB): system reserves 20% or 50 GB of disk space, whichever is smaller.
- Medium disk (less than or equal to 1 TB): system reserves 15% or 100 GB of disk space, whichever is smaller.
- Medium to large disk (less than or equal to 5 TB): system reserves 10% or 200 GB of disk space, whichever is smaller.
- Large disk (less than 5 TB): system reserves 5% or 300 GB of disk space, whichever is smaller.
To add additional storage at this point, follow the instructions in step 2.
Click Next: Tag Instance. A tag consists of a key-value pair. It is useful to create tags to quickly identify instances in the EC2 console.
Click Next: Configure Security Group. The default provided security group is based on recommended settings for the FortiAnalyzer VM.
Click Review and Launch. If there is no change needed, click Launch.
You are prompted to choose a key pair. Click the checkbox, then click Launch Instances.
The public DNS address is used to connect to and configure the FortiAnalyzer VM via the GUI.
To connect to the FortiAnalyzer VM management GUI, open a web browser and use the public DNS IPv4 address as the URL: https://<public DNS IPv4 address>. Log in with the default username admin and the instance ID as the password to configure your FortiAnalyzer VM.
2. Adding additional storage (optional)
It is possible to add additional storage to FortiAnalyzer after launch. Create an EBS storage and attach it to the FortiAnalyzer instance on EC2 console, then access FortiAnalyzer via SSH to run the command exec lvm extend to add the storage.
For details, refer to http://kb.fortinet.com/kb/viewContent.do?externalId=FD34953.
Log into the FortiAnalyzer GUI and add the volume.
3. Uploading the license file via the GUI
Go to System Settings.
The License Information widget on the Dashboard displays as AWS-On-Demand.
Unlike perpetual BYOL licensing, there is no interface to upload a license file for on-demand use. For on-demand deployments, contact Fortinet Customer Support as indicated on the AWS Marketplace product listing page and notify your deployment. When contacting Fortinet Support, be ready to provide your FortiAnalyzer VM instance’s serial number and your Fortinet account’s email ID.
4. Configuring your FortiAnalyzer VM
Click the top-right menu icon to access FortiAnalyzer Online Help and the Basic Setup Video. Refer to these and the FortiAnalyzer Administration Guide for more detailed configuration: http://docs.fortinet.com/d/fortianalyzer-5.6.0-administration-guide.
The post Deploying FortiAnalyzer VM in AWS (On-Demand) appeared first on Fortinet Cookbook.