If you've spent any time configuring user authentication on... Full Story
By Manny Fernandez
April 22, 2020
Deploying FortiAnalyzer in AWS
I have been playing with AWS a lot since the pandemic. I wrote another article about adding some VIPs using Elastic IPs. Here I will walk through deploying FAZ in my AWS lab environment.
Here is my AWS environment. Note: I am not an AWS master yet so don’t flame me so bad because of my design 😀
AWS Console
Lets connect to your AWS console. Once there you will need to make sure you are in the correct region. Go to your EC2 instances.
Here you can see my VPCs. I will be deploying this FAZ in VPC-A
Under my EC2 tab, I can see a FortiGate and an Ubuntu Desktop I use as a jump box.
Choose the Launch Instance button on the top.
In the search box, type Fortinet and hit Enter
You will see the following screen
Choose the AWS Marketplace option
Search for the BYOL option (if you are in fact bringing your license)
You will get the typical Instance Type and their associated costs.
Choose your instance type from the list.
As you can see, I chose the VPC-A from the Network drop down list. I also chose the subnet I want to use. In my case, I named them as priv and pub and referenced the Availability Zone
I like to add the IP Address myself and NOT use the DHCP option by AWS. In my case, 10.100.2.30.
Next, choose Review and Launch
Here you can review your info and hit Launch
You will need to either assign an existing key pair or create a new one. In my case, I reused one. Now hit Launch Instances
Once finished, you can choose the instance and on the bottom half of the screen, you will see the IP address you assigned to the instance.
If you follow my VIP article, it will show you how to provision an Elastic IP. In my case, the External subnet is 10.100.1.0/24 and the VIP is associated to an IP in that subnet. I will then map that external IP address to my internal FAZ IP address.
Ensure you have a policy that permits HTTPS. Also ensure that your Security Group is also permitting that traffic. I normally have a permit of SSH from my home IP only and then open everything else up to the FortiGate.
A couple of things you will need to do. First, register the license you received usually as a PDF for Fortinet or your partner. And the second thing is to copy the instance ID.
Once you have registered the key, you will need to enter the IP address
As this point, you should be able to download the lic file by choosing the link.
Choose the license file and choose Upload
If after a few minutes, the page does not refresh automatically, just manually refresh.
Note: Here, you will need the instance-id from your EC2 section.
This is a screenshot from my EC2 section. Copy the Instance ID
After logging in with USERNAME admin and PASSWORD %the_instance_id% you will receive the Change Password screen. Set your new password and click OK.
Hope this helps
Recent posts
-
-
DNS is one of those technologies that quietly underpins... Full Story
-
BGP issues on FortiGate firewalls usually trace back to... Full Story
-
Every time your laptop talks to your router, a... Full Story
-
If you've spent any time configuring NAT on a... Full Story
-
If you have spent any time configuring firewall policies... Full Story
-
High availability on FortiGate is one of those features... Full Story
-
If you've configured SD-WAN on a FortiGate, you've almost... Full Story
-
FortiLink is the management protocol that turns a FortiSwitch... Full Story
-
FortiSwitches are pretty rock solid from Mean Time Between... Full Story
-
This is a quicky tip. Have you ever gone... Full Story
-
DNS is one of those quiet pieces of internet... Full Story
-
This article is an updated version of the previous... Full Story
-
You will add ns2 as a secondary (slave) BIND9... Full Story
-
In the process of deploying my lab, I needed... Full Story
-
RFC 8805, used to be known as Self-Correcting IP... Full Story
-
Years back, I wrote an article about certificate pinning. ... Full Story
-
FortiGates have the ability to send alerts to Microsoft... Full Story
-
In this post, I am going to walk through... Full Story
-
Troubleshooting VoIP on a FortiGate can feel like trying... Full Story
-
Prior to FortiOS 7.0, there were three commands to... Full Story
-
In this post, I am going to go over... Full Story
-
What we are going to do: We are going... Full Story
-
Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story
-
Creating a VLAN on macOS (The "Pro" Move) A... Full Story
-
This blog post explores the logic behind how macOS... Full Story
-
Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story
-
Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story
-
ICMP introduces several security risks, but careful filtering, rate... Full Story
-
The command diag debug application dhcps -1 enables full... Full Story
-
In the world of FortiOS, execute tac report is... Full Story
-
LLDP; What is it The Link Layer Discovery Protocol... Full Story
-
What it actually does When you run diagnose fdsm... Full Story
-
Monkey Bites are bite-sized, high-impact security insights designed for... Full Story
-
I have run macOS in macOS with Parallels but... Full Story
-
Don't be confused with my other FortiNAC posts where... Full Story
-
This is the third session in a multi-part article... Full Story
-
Today I was configuring key-based authentication on a FortiGate... Full Story
-
Netcat, often called the "Swiss Army knife" of networking,... Full Story
-
At its core, IEEE 802.1X is a network layer... Full Story
-
In case you did not see the previous FortiNAC... Full Story
-
This is our 5th session where we are going... Full Story
-
Now that we have Wireshark installed and somewhat configured,... Full Story
-
The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story
-
Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story
-
These are two distinct mechanisms on FortiOS, and conflating... Full Story
-
Replacement messages are the pages and text blocks that... Full Story