Deploy UserGate VE in VMware-based clouds

Last update: June 04 2025

You can deploy a UserGate VE virtual firewall in a VMware-based public or private cloud.

1. Save the firewall image.
2. Create a vApp and virtual machine from the image.
3. Connect the virtual machine to a public subnet.
4. Assign an IP address to access the firewall.
5. Initialize the firewall.
6. Specify the DNS and NTP servers.
7. Activate the license.

1. Save the firewall image⁠

1. Go to the ticket that was created when you ordered the firewall.
2. Save the firewall image to the device from which you will perform the configuration.

2. Create a vApp and virtual machine from the image⁠

1. In the Control Panel, on the top menu, click Products and select → VMware-based Cloud.
2. Navigate to the Cloud Director section.
3. Open the page of the virtual data center where you want to deploy the firewall.
4. Go to Compute → vApps.
5. Click NEW → Add vApp From OVF.
6. Download the saved firewall image files.
7. In the Review Details section, check the details of the image.
8. Optional: In the Select vApp Name section, in the Name and Description fields, change the name and description of the vApp.
9. Optional: In the Configure Resources section, in the Computer Name field, change the name of the virtual machine.
10. Optional: In the Configure Resources section, in the Storage Policy field, change the network disk type.
11. In the Customize Hardware section, set the virtual machine configuration parameters, keeping in mind the configuration requirements.
12. Verify the data and click Finish.
13. Wait until the creation of the virtual machine from the image is complete. The installation process will be displayed at the bottom of the page in the Tasks block.

3. Connect the virtual machine to a public subnet⁠

1. Optional: If you do not have a Direct Connected subnet or want to use a new one, create a Direct Connected subnet.
2. In the Dashboard, on the top menu, click Products and select VMware-based Cloud.
3. Navigate to the Cloud Director section.
4. Open the Virtual Data Center page → Virtual Machines section.
5. Open the virtual machine page → Hardware → NICs.
6. Click Edit.
7. Click ADD NETWORK TO VAPP.
8. In the Type field, select — Direct.
9. In the table, select Direct Connected subnet.
10. Click Add.
11. Make sure the Primary N IC and Connected checkboxes are selected in the NIC 0 row.
12. In the NIC 0 row in the Network column, select the same Direct Connected subnet.
13. In the NIC 0 row in the IP column, specify an IP address from the Direct Connected subnet that is different from its gateway address.
14. Click Save.

4. Assign an IP address to access the firewall⁠

UGOS 6

1. In the Dashboard, on the top menu, click Products and select VMware-based Cloud.

2. Navigate to the Cloud Director section.

3. Open the Virtual Data Center page → Virtual Machines section.

4. Open the virtual machine page.

5. Press POWER ON.

6. Press LAUNCH WEB CONSOLE.

7. Connect to the firewall:

   • Admin;
   • the password is utm.

8. Switch the Internet port to static mode:

   iface config -name port0 -mode static

9. Assign an IP address to the port:

   iface config -name port0 -ipv4 <ip_address>/<mask>

   Specify:

   • <ip_address> — The IP address from the Direct Connected subnet that you assigned to the virtual machine when it was connected to the public subnet;
   • <mask> — subnet mask.

10. Create a default route to the Internet:

    gateway add -ipv4 <ip_address> -weight 1 -enabled true -default true

    Specify <ip_address> — the gateway of the Direct Connected subnet. You can view the gateway address in the Control Panel: in the top menu, click Products → VMware Cloud → VMware Cloud → Data Center page → Direct Connected subnet tab → Gateway field.

UGOS 7

1. In the Dashboard, on the top menu, click Products and select VMware-based Cloud.

2. Navigate to the Cloud Director section.

3. Open the Virtual Data Center page → Virtual Machines section.

4. Open the virtual machine page.

5. Press POWER ON.

6. Press LAUNCH WEB CONSOLE.

7. Select the UGOS NGFW (serial console) mode.

8. Connect to the firewall:

   • Admin;
   • password — leave the field blank.

9. Enter the configuration mode:

   configure

10. Assign an IP address to the Internet port:

    set network interface adapter port0 ip-addresses [ <ip_address>/<mask> ]

    Specify:

    • <ip_address> — the address from the Direct Connected subnet that you assigned to the virtual machine when it was connecting to the public network.
    • <mask> — subnet mask.

    Square brackets [ ] must be separated by spaces on both sides.

11. Create a default route to the Internet:

    create network gateway interface port0 enabled on ip <ip_address> weight 1 default on

    Specify <ip_address> — the gateway of the Direct Connected subnet. You can view the gateway address in the Control Panel: in the top menu, click Products → VMware Cloud → VMware Cloud → Data Center page → Direct Connected subnet tab → Gateway field.

5. Initialize the firewall⁠

1. Open the page in your browser:

   https://<ip_address>:8001

   Specify <ip_address> is the IP address you assigned to access the firewall.

2. Go to Settings.

3. Select the language of the system.

4. Select the time zone.

5. Accept the license agreement.

6. Change the administrator password.

7. Wait for the installation procedure to complete.

6. Specify DNS and NTP servers⁠

1. Open the page in your browser:

   https://<ip_address>:8001

   Specify <ip_address> is the IP address you assigned to access the firewall.

2. Go to Settings → Network → DNS.

3. Click Add.

4. Specify the IP addresses of the DNS servers. We recommend using Selectel recursive DNS servers, but you can specify any available DNS servers.

5. Click Save.

6. Go to Settings → Network → NTP.

7. Click Add.

8. Specify the IP addresses of the NTP servers. We recommend using Selectel NTP servers, but you can specify any available NTP servers.

9. Click Save.

7. Activate the license⁠

UGOS 6

2. Open the page in your browser:

   https://<ip_address>:8001

   Specify <ip_address> is the IP address you assigned to access the firewall.

3. Go to License Information → Registered Version.

4. Enter the pin code you received on the ticket when ordering the firewall.

5. Press Next.

6. Fill out the registration form. We recommend that you provide the same information as in your Selectel account.

7. Press Next.

8. Wait until the device is registered. Information about the license composition and component expiration dates will be displayed in the License Information section.

UGOS 7

1. Open the page in your browser:

   https://<ip_address>:8001

   Specify <ip_address> is the IP address you assigned to access the firewall.

2. Go to License Information → Registered Version.

3. Enter the pin code you received on the ticket when ordering the firewall.

4. Press Next.

5. Wait until the device is registered. Information about the license composition and component expiration dates will be displayed in the License Information section.