Deploy UserGate VE on a Cloud Server

Deploy UserGate VE on a cloud server

1. Save the firewall image⁠

In the Dashboard, on the top menu, click Products and select Cloud Servers.
Go to the Images section.
Click Create Image.
Enter a name for the image.
Select the pool segment in which you want to deploy the firewall for the image.
In the Operating System field, select — Other.
In the Source field, select — File.
Click Download and select the firewall image file on your device.
Select the image format and container format. If you do not know which formats to specify, specify raw image format and bare container format.
Click Create.

In the dashboard, on the top menu, click Products and select Cloud Servers.
In the Servers section, click Create Server.
Enter the name of the cloud server — it will only appear in the control panel.
Select the pool segment to which you loaded the firewall image.
In the Source block, click the name of the image.
Open the My Images tab and select the firewall image.
Press Select.
Select a cloud server configuration. The configuration must match the requirements for the selected firewall model.
Select or create a subnet to which the server will connect. You need at least one public address to access the firewall from the Internet:
- public subnet — all IP addresses in the subnet will be accessible from the Internet;
- private subnet with public IP address — a private subnet and one static public IP address.
Select the rest of the server settings — see the Create Cloud Server instructions for details.
Click Create.

Open the CLI.
Connect to the firewall:
- Admin;
- the password is utm.
Switch the Internet port to static mode:
```
iface config -name port0 -mode static
```
Assign an IP address to the port:
```
iface config -name port0 -ipv4 <ip-address>/<mask>
```
Specify:
- <ip_address> — The IP address of the server's Internet port. Can be copied from the control panel in the top menu click Products → Cloud Servers → Server page → tab Ports → in the port card, click next to the IP address. The address is specified without mask;
- <mask> — subnet mask.
Create a default route to the Internet:
```
gateway add -ipv4 <ip_address> -weight 1 -enabled true -default true
```
Specify <ip_address> — the gateway of the server subnet in which the Internet port is located. You can view it in the control panel: in the top menu, click Products → Cloud Servers → Servers → Server → Server page → Ports tab → Subnet name → Subnets tab → Subnet card → Subnet Gateway field.

Open the CLI.
Select the UGOS NGFW (serial console) mode.
Connect to the firewall:
- Admin;
- password — leave the field blank.
Enter the configuration mode:
```
configure
```
Assign an IP address to the port:
```
set network interface adapter port0 ip-addresses [ <ip_address>/<mask> ]
```
Specify <ip_address>/< mask > — IP address of the server's Internet port with subnet mask. Square brackets [ ] must be separated by spaces on both sides.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Ports tab → in the port card click next to the IP address.
Create a gateway:
```
create network gateway interface port0 enabled on ip <ip_address> weight 1 default on
```
Specify <ip_address> — the gateway of the server subnet in which the Internet port is located.You can view it in the control panel: in the top menu, click Products → Cloud Servers → Servers → Server page → Ports tab → click the subnet name → Subnets tab → Subnet card → Subnet Gateway field.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> is the IP address of the firewall.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Ports tab → in the port card click next to the public IP address.
Select the language of the system.
Select the time zone.
Accept the license agreement.
Optional: change the administrator login.
Change your password.
Press Start.
Wait for the installation procedure to complete.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> is the IP address of the firewall.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Server page → Ports tab → in the port card click next to the IP address.
Enter your username and password.
Go to Settings → Network → DNS.
Click Add.
Enter the IP addresses of the DNS servers. We recommend using Selectel recursive DNS servers, but you can specify any available DNS servers.
Click Save.
Optional: Go to Settings and in the Server Time Settings block, change the value in the Primary NTP Server field . We recommend using Selectel NTP servers, but you can specify any available NTP servers.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> is the IP address of the firewall.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Ports tab → in the port card click next to the public IP address.
Enter your username and password.
At the top, click on Unregistered Version.
Enter the pin code you received on the ticket when ordering the firewall.
Press Next.
Fill out the registration form. We recommend that you provide the same information as in your Selectel account.
Press Next.
Wait for the firewall to register. Information about the license composition and expiration dates of the components will be displayed in the Dashboard section in the License block.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> is the IP address of the firewall.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Ports tab → in the port card click next to the IP address or public IP address.
Enter your username and password.
Go to License Information → Registered Version.
Enter the pin code you received on the ticket when ordering the firewall.
Press Next.
Wait for the firewall to register. Information about the license composition and component expiration dates is displayed in the License Information section.