Deploy UserGate VE in cloud powered by VMwares
You can deploy a UserGate VE virtual firewall in the public or VMware-based private cloud.
- Save the firewall image.
- Create a vApp and virtual machine from the image.
- Connect the virtual machine to a public subnet.
- Assign an IP address to access the firewall.
- Initialize the firewall.
- Specify DNS and NTP servers.
- Activate the license.
Save the firewall image
- Navigate to the ticket that was created when ordering a firewall.
- Save the firewall image to the device from which you will perform the configuration.
Create a vApp and virtual machine from the image
- В control panels go to cloud powered by VMware → Cloud Director.
- Open the page of the virtual data center where you want to deploy the firewall.
- Go to the section Compute → vApps.
- Click NEW → Add vApp From OVF.
- Download saved firewall image files.
- In the section Review Details check the details of the image.
- Optional: under Select vApp Name in the fields Name и Description Change the name and description of the vApp.
- Optional: under Configure Resources in the field Computer Name change the name of the virtual machine.
- Optional: under Configure Resources in the field Storage Policy change the network disk type.
- In the section Customize Hardware set the virtual machine configuration parameters, taking into account configuration requirements.
- Check the data and press Finish.
- Wait for the virtual machine creation from the image to complete. The installation process will be displayed at the bottom of the page in the box labeled Tasks.
Connect the virtual machine to a public subnet
- Optional: if you do not have a Direct Connected subnet or want to use a new one, create a Direct Connected subnet.
- В control panels go to cloud powered by VMware → Cloud Director.
- Open the virtual data center page → section Virtual Machines.
- Open the virtual machine page → section Hardware → NICs.
- Click Edit.
- Click ADD NETWORK TO VAPP.
- In the field Type select — Direct.
- In the table, select Direct Connected subnet.
- Click Add.
- Make sure that in the line NIC 0 checkboxes Primary NIC и Connected.
- On the line NIC 0 in the column Network select the same Direct Connected subnet.
- On the line NIC 0 in the column IP Specify an IP address from the Direct Connected subnet that is different from its gateway address.
- Click Save.
Assign an IP address to access the firewall
UGOS 6
UGOS 7
-
В control panels go to cloud powered by VMware → Cloud Director.
-
Open the virtual data center page → section Virtual Machines.
-
Open the virtual machine page.
-
Click POWER ON.
-
Click LAUNCH WEB CONSOLE.
-
Connect to the firewall:
- Admin;
- the password is utm.
-
Switch the Internet port to the
static
:iface config -name port0 -mode static
-
Assign an IP address to the port:
iface config -name port0 -ipv4 <ip_address>/<mask>
Specify:
<ip_address>
— The IP address from the Direct Connected subnet that you assigned to the virtual machine when you connecting to a public subnet;<mask>
— subnet mask.
-
Create a default route to the Internet:
gateway add -ipv4 <ip_address> -weight 1 -enabled true -default true
Specify
<ip_address>
— gateway of the Direct Connected subnet. You can view the gateway address in control panels under cloud powered by VMware → data center page → tab Direct Connected subnets → field Gateway.
-
В control panels go to cloud powered by VMware → Cloud Director.
-
Open the virtual data center page → section Virtual Machines.
-
Open the virtual machine page.
-
Click POWER ON.
-
Click LAUNCH WEB CONSOLE.
-
Select the mode UGOS NGFW (serial console).
-
Connect to the firewall:
- Admin;
- password — leave the field blank.
-
Enter the configuration mode:
configure
-
Assign an IP address to the Internet port:
set network interface adapter port0 ip-addresses [ <ip_address>/<mask> ]
Specify:
<ip_address>
— The address from the Direct Connected subnet that you assigned to the virtual machine at the public network connection.<mask>
— subnet mask.
Square brackets
[ ]
should be separated by spaces on both sides. -
Create a default route to the Internet:
create network gateway interface port0 enabled on ip <ip_address> weight 1 default on
Specify
<ip_address>
— gateway of the Direct Connected subnet. You can view the gateway address in control panels under cloud powered by VMware → data center page → tab Direct Connected subnets → field Gateway.
Initialize the firewall
-
Open the page in your browser:
https://<ip_address>:8001
Specify
<ip_address>
— The IP address that you assigned to access the firewall. -
Go to the section Settings.
-
Select the language of the system.
-
Select the time zone.
-
Accept the license agreement.
-
Change the administrator password.
-
Wait for the installation procedure to complete.
Specify DNS and NTP servers
-
Open the page in your browser:
https://<ip_address>:8001
Specify
<ip_address>
— The IP address that you assigned to access the firewall. -
Go to the section Settings → Network → DNS.
-
Click Add.
-
Specify the IP addresses of the DNS servers. We recommend using Selectel recursive DNS servers But you can specify any available DNS servers.
-
Click Save.
-
Go to the section Settings → Network → NTP.
-
Click Add.
-
Specify the IP addresses of the NTP servers. We recommend using Selectel NTP servers But you can specify any available NTP servers.
-
Click Save.
Activate the license
UGOS 6
UGOS 7
-
Open the page in your browser:
https://<ip_address>:8001
Specify
<ip_address>
— The IP address that you assigned to access the firewall. -
Go to the section License information → Registered version.
-
Enter the pin code you received in the ticket at ordering a firewall.
-
Click Further.
-
Fill out the registration form. We recommend that you provide the same information as in your Selectel account.
-
Click Further.
-
Wait until the device is registered. Information about the license composition and expiration dates of the components will be displayed in the section License information.
-
Open the page in your browser:
https://<ip_address>:8001
Specify
<ip_address>
— The IP address that you assigned to access the firewall. -
Go to the section License information → Registered version.
-
Enter the pin code you received in the ticket at ordering a firewall.
-
Click Further.
-
Wait until the device is registered. Information about the license composition and expiration dates of the components will be displayed in the section License information.