Deploy UserGate VE on a cloud server
- Save the firewall image.
- Upload the image to the image repository.
- Create a cloud server from the image.
- Assign an IP address to access the firewall.
- Initialize the firewall.
- Specify the DNS and NTP servers.
- Activate the license.
1. Save the firewall image
- Go to the ticket that was created when you ordered the firewall.
- Save the firewall image to the device from which you will configure it.
2. Upload the image to the image repository
- In the Dashboard, on the top menu, click Products and select Cloud Servers.
- Go to the Images section.
- Click Create Image.
- Enter a name for the image.
- Select the pool segment in which you want to deploy the firewall for the image.
- In the Operating System field, select — Other.
- In the Source field, select — File.
- Click Download and select the firewall image file on your device.
- Select the image format and container format. If you do not know which formats to specify, specify
raw
image format andbare
container format. - Click Create.
3. Create a cloud server from an image
-
In the dashboard, on the top menu, click Products and select Cloud Servers.
-
In the Servers section, click Create Server.
-
Enter the name of the cloud server — it will only appear in the control panel.
-
Select the pool segment to which you loaded the firewall image.
-
In the Source block, click the name of the image.
-
Open the My Images tab and select the firewall image.
-
Press Select.
-
Select a cloud server configuration. The configuration must match the requirements for the selected firewall model.
-
Select or create a subnet to which the server will connect. You need at least one public address to access the firewall from the Internet:
- public subnet — all IP addresses in the subnet will be accessible from the Internet;
- private subnet with public IP address — a private subnet and one static public IP address.
-
Select the rest of the server settings — see the Create Cloud Server instructions for details.
-
Click Create.
4. Assign an IP address to access the firewall
UGOS 6
UGOS 7
-
Open the CLI.
-
Connect to the firewall:
- Admin;
- the password is utm.
-
Switch the Internet port to
static
mode:iface config -name port0 -mode static
-
Assign an IP address to the port:
iface config -name port0 -ipv4 <ip-address>/<mask>
Specify:
<ip_address>
— The IP address of the server's Internet port. Can be copied from the control panel in the top menu click Products → Cloud Servers → Server page → tab Ports → in the port card, click next to the IP address. The address is specified without mask;<mask>
— subnet mask.
-
Create a default route to the Internet:
gateway add -ipv4 <ip_address> -weight 1 -enabled true -default true
Specify
<ip_address>
— the gateway of the server subnet in which the Internet port is located. You can view it in the control panel: in the top menu, click Products → Cloud Servers → Servers → Server → Server page → Ports tab → Subnet name → Subnets tab → Subnet card → Subnet Gateway field.
-
Open the CLI.
-
Select the UGOS NGFW (serial console) mode.
-
Connect to the firewall:
- Admin;
- password — leave the field blank.
-
Enter the configuration mode:
configure
-
Assign an IP address to the port:
set network interface adapter port0 ip-addresses [ <ip_address>/<mask> ]
Specify
<ip_address>/<
mask>
— IP address of the server's Internet port with subnet mask. Square brackets[ ]
must be separated by spaces on both sides.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Ports tab → in the port card click next to the IP address. -
Create a gateway:
create network gateway interface port0 enabled on ip <ip_address> weight 1 default on
Specify
<ip_address>
— the gateway of the server subnet in which the Internet port is located.You can view it in the control panel: in the top menu, click Products → Cloud Servers → Servers → Server page → Ports tab → click the subnet name → Subnets tab → Subnet card → Subnet Gateway field.
5. Initialize the firewall
-
Open the page in your browser:
https://<ip_address>:8001
Specify
<ip_address>
is the IP address of the firewall.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Ports tab → in the port card click next to the public IP address. -
Select the language of the system.
-
Select the time zone.
-
Accept the license agreement.
-
Optional: change the administrator login.
-
Change your password.
-
Press Start.
-
Wait for the installation procedure to complete.
6. Specify DNS and NTP servers
-
Open the page in your browser:
https://<ip_address>:8001
Specify
<ip_address>
is the IP address of the firewall.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Server page → Ports tab → in the port card click next to the IP address. -
Enter your username and password.
-
Go to Settings → Network → DNS.
-
Click Add.
-
Enter the IP addresses of the DNS servers. We recommend using Selectel recursive DNS servers, but you can specify any available DNS servers.
-
Click Save.
-
Optional: Go to Settings and in the Server Time Settings block, change the value in the Primary NTP Server field . We recommend using Selectel NTP servers, but you can specify any available NTP servers.
7. Activate the license
UGOS 6
UGOS 7
-
Open the page in your browser:
https://<ip_address>:8001
Specify
<ip_address>
is the IP address of the firewall.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Ports tab → in the port card click next to the public IP address. -
Enter your username and password.
-
At the top, click on Unregistered Version.
-
Enter the pin code you received on the ticket when ordering the firewall.
-
Press Next.
-
Fill out the registration form. We recommend that you provide the same information as in your Selectel account.
-
Press Next.
-
Wait for the firewall to register. Information about the license composition and expiration dates of the components will be displayed in the Dashboard section in the License block.
-
Open the page in your browser:
https://<ip_address>:8001
Specify
<ip_address>
is the IP address of the firewall.You can copy in the control panel in the top menu click Products → Cloud Servers → Server page → Ports tab → in the port card click next to the IP address or public IP address. -
Enter your username and password.
-
Go to License Information → Registered Version.
-
Enter the pin code you received on the ticket when ordering the firewall.
-
Press Next.
-
Wait for the firewall to register. Information about the license composition and component expiration dates is displayed in the License Information section.