Deploy UserGate VE on a cloud server

Save the firewall image⁠

В control panels go to Cloud platform → Images.
Click Create an image.
Enter a name for the image.
Select for the image pool segment In this case, you will need to deploy a firewall.
In the field Operating system select — Other.
In the field Source select — File.
Click Download and select the file on your device firewall image.
Select the image format and container format. If you do not know which formats to specify, specify the image format rawand the container — bare.
Click Create.

В control panels go to Cloud platform → Servers.
Click Create a server.
Enter the name of the cloud server — it will only appear in the control panel.
Select pool segment where you downloaded the firewall image.
In the block Source click on the name of the image.
Open the tab My images and select the firewall image.
Click Select.
Select the cloud server configuration. The configuration must match demands for the selected firewall model.
Select or create a subnet to which the server will connect. You need at least one public address to access the firewall from the Internet:
- public subnet — all IP addresses in the subnet will be accessible from the Internet;
- private subnet with public IP address — a private subnet and one static public IP address.
Select the rest of the server settings — more details in the instructions Create a cloud server.
Click Create.

Open the CLI.
Connect to the firewall:
- Admin;
- the password is utm.
Switch the Internet port to the static:
```
iface config -name port0 -mode static
```
Assign an IP address to the port:
```
iface config -name port0 -ipv4 <ip-address>/<mask>
```
Specify:
- <ip_address> — The IP address of the server's Internet port. You can view the address in control panels under Cloud platform → Servers → server page → tab Ports → field Public IP. The address is unmasked;
- <mask> — subnet mask.
Create a default route to the Internet:
```
gateway add -ipv4 <ip_address> -weight 1 -enabled true -default true
```
Specify <ip_address> — gateway of the server subnet in which the Internet port is located. You can view the gateway address in control panels under Cloud platform → Servers → server page → tab Ports → subnet name → tab Subnetworks → subnet card → field Subnet Gateway.

Open the CLI.
Select the mode UGOS NGFW (serial console).
Connect to the firewall:
- Admin;
- password — leave the field blank.
Enter the configuration mode:
```
configure
```
Assign an IP address to the port:
```
set network interface adapter port0 ip-addresses [ <ip_address>/<mask> ]
```
Specify <ip_address>/<mask> — IP address of the server's Internet port with subnet mask. Square brackets [ ] must be separated by spaces on both sides. You can view the address in control panels under Cloud platform → Servers → server page → tab Ports → field IP address.
Create a gateway:
```
create network gateway interface port0 enabled on ip <ip_address> weight 1 default on
```
Specify <ip_address> — gateway of the server subnet in which the Internet port is located. You can view the gateway address in control panels under Cloud platform → Servers → server page → tab Ports → click on the subnet name → tab Subnetworks → subnet card → field Subnet Gateway.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> — The IP address of the firewall. You can view the IP address in control panels under Cloud platform → Servers → server page → tab Ports → field Public IP.
Select the language of the system.
Select the time zone.
Accept the license agreement.
Optional: change the administrator login.
Change your password.
Click Start.
Wait for the installation procedure to complete.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> — The IP address of the firewall. You can view the IP address in control panels under Cloud platform → Servers → server page → tab Ports → field IP address.
Enter your username and password.
Go to the section Settings → Network → DNS.
Click Add.
Enter the IP addresses of the DNS servers. We recommend using Selectel recursive DNS servers But you can specify any available DNS servers.
Click Save.
Optional: go to the section Settings and in the block Configuring the server time change the value in the field Primary NTP server. We recommend using Selectel NTP servers But you can specify any available NTP servers.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> — The IP address of the firewall. You can view the IP address in control panels under Cloud platform → Servers → server page → tab Ports → field Public IP.
Enter your username and password.
At the top, click on the button Unregistered version.
Enter the pin code you received in the ticket at ordering a firewall.
Click Further.
Fill out the registration form. We recommend that you provide the same information as in your Selectel account.
Click Further.
Wait for the firewall to register. Information about the license composition and expiration dates of the components will be displayed under Dashboard en bloc License.

Open the page in your browser:
```
https://<ip_address>:8001
```
Specify <ip_address> — The IP address of the firewall. You can view the IP address in control panels under Cloud platform → Servers → server page → tab Ports → field Public IP or IP address.
Enter your username and password.
Go to the section License information → Registered version.
Enter the pin code you received in the ticket at ordering a firewall.
Click Further.
Wait for the firewall to register. Information about the license composition and expiration dates of the components will be displayed under License information.