Deploy UserGate VE in VMware-based clouds

You can deploy a UserGate VE virtual firewall in the public or VMware-based private cloud.

Create a vApp and virtual machine from the image⁠

From control panels open the Cloud Director panel: VMware-based cloud → Cloud Director.
Open the page of the virtual data center where you want to deploy the firewall.
Go to the section Compute → vApps.
Click NEW → Add vApp From OVF.
Download all the image files you received in the ticket when ordering the firewall.
In the section Review Details check the details of the image.
Optional: under Select vApp Name in the fields Name и Description Change the name and description of the vApp to be created.
Optional: under Configure Resources in the field Computer Name change the name of the virtual machine.
Optional: under Configure Resources in the field Storage Policy change the network disk type.
In the section Customize Hardware set the virtual machine configuration parameters, taking into account configuration requirements.
Check the data and press Finish.
At the bottom of the page in the block Tasks the process of creating a virtual machine from the image will start. Wait until the process completes — the virtual machine is created and ready to run.

Optional: if you do not have a Direct Connected subnet or want to use a new one, create a Direct Connected subnet.
From control panels open the Cloud Director panel: VMware-based cloud → Cloud Director.
Open the data center page → section Virtual Machines.
Open the virtual machine page → section Hardware → NICs.
Click Edit.
Click ADD NETWORK TO VAPP.
Specify Type — Direct.
In the table, select Direct Connected subnet.
Click Add.
Make sure that the line NIC 0 checkboxes Primary NIC и Connected.
On the line NIC 0 in the column Network select the same Direct Connected subnet.
On the line NIC 0 in the column IP Specify an IP address from the Direct Connected subnet that is different from its gateway address.
Click Save.

From control panels open the Cloud Director panel: VMware-based cloud → Cloud Director.
Open the virtual data center page → section Virtual Machines.
Open the virtual machine page.
Click POWER ON.
Click LAUNCH WEB CONSOLE.
Connect to the firewall:
- login — Admin;
- the password is. utm.
Switch the Internet port to the static:
```
iface config -name port0 -mode static
```
Assign an IP address to the port:
```
iface config -name port0 -ipv4 <ip/mask>
```
Specify <ip/mask> - The address from the Direct Connected subnet that you specified for the virtual machine at connecting to a public subnet.
Create a default route to the Internet:
```
gateway add -ipv4 <ip_address> -weight 1 -enabled true -default true
```
Specify <ip_address> — gateway of the Direct Connected subnet. You can view the gateway address in control panels under VMware-based cloud → data center page → tab Direct Connected subnets → field Gateway.

From control panels open the Cloud Director panel: VMware-based cloud → Cloud Director.
Open the page of the desired data center and go to the section Virtual Machines.
Open the virtual machine page.
Click POWER ON.
Click LAUNCH WEB CONSOLE.
Select the mode UGOS NGFW (serial console).
Connect to the firewall:
- login — Admin;
- password — leave the field blank.
Enter the configuration mode:
```
configure
```
Assign an IP address to the Internet port:
```
set network interface adapter port0 ip-addresses [ <ip/mask> ]
```
Specify <ip/mask> - The address from the Direct Connected subnet that you specified for the virtual machine at public network connection. Square brackets [ ] should be separated by spaces on both sides.
Create a default route to the Internet:
```
create network gateway interface port0 enabled on ip <ip_address> weight 1 default on
```
Specify <ip_address> — gateway of the Direct Connected subnet. You can view the gateway address in control panels under VMware-based cloud → data center page → tab Direct Connected subnets → field Gateway.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> — The IP address that assigned to access the firewall.
Go to the section Settings.
Select the language of the system.
Select the time zone.
Accept the license agreement.
Change the administrator password.
Wait for the installation procedure to complete.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> — The IP address that assigned to access the firewall.
Go to the section Settings → Network → DNS.
Click Add.
Specify the IP addresses of the DNS servers. We recommend using Selectel recursive DNS servers But you can specify any available DNS servers.
Click Save.
Go to the section Settings → Network → NTP.
Click Add.
Specify the IP addresses of the NTP servers. We recommend using Selectel NTP servers But you can specify any available NTP servers.
Click Save.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> — The IP address that assigned to access the firewall.
Go to the section License information → Registered version.
Enter the pin code received at ticket when ordering a firewall.
Click Further.
Fill out the registration form. We recommend that you provide the same information as in your Selectel account.
Click Further.
Wait until the device is registered. Information about the license composition and expiration dates of the components will be displayed in the section License information.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> — The IP address that assigned to access the firewall.
Go to the section License information → Registered version.
Enter the pin code received at ticket when ordering a firewall.
Click Further.
Wait until the device is registered. Information about the license composition and expiration dates of the components will be displayed in the section License information.