Install Dimension on an Amazon EC2 Instance

You can deploy an instance of WatchGuard Dimension on an Amazon Elastic Compute Cloud (EC2) virtual computer, which is
available through Amazon Web Services (AWS).

Amazon EC2 is the AWS service that you can use to host one or more Dimension instances on AWS. To launch and manage
an EC2 instance, you use the AWS Management Console in a web browser.

After you install and start the Dimension virtual machine on an EC2 instance, you run the web-based WatchGuard Dimension
Setup Wizard to configure the basic settings for your new instance of Dimension.

EC2 instance resources run on-demand as virtual machines with:

n One or more virtual network interfaces

n One or more local IP addresses
n One or more local DNS names
n Zero or more public IP addresses
n Zero or more public DNS names
n Metadata (for introspection)

When an EC2 instance is created:

n Virtual network interfaces are assigned IP addresses with DHCP

n IP addresses are assigned DNS names through DNS
n Console connections to Dimension on an Amazon EC2 instance are not supported

Before You Begin

Before you can set up your Dimension VM on an EC2 instance, you must already have an Amazon Web Services (AWS)
account to log in to the AWS Management Console.

Select a Region
Amazon EC2 is hosted in many regions around the world. When you log in to the AWS Management Console to view an
existing EC2 instance, or launch a new EC2 instance for your Dimension VM, you must first select a region. Not all options are
available in all regions, and the costs associated with an EC2 instance can vary between regions.

Before you launch a new EC2 instance, see the Additional Information section on the AWS Management Console EC2
Dashboard page for information about options and pricing for the available regions and your EC2 instance.

Copyright © 2014 WatchGuard Technologies, Inc. All rights reserved.

 Estimate the Instance Size
When you launch a new Dimension VM, you must launch it on an EC2 instance. Because there are several EC2 instance
types available, before you can select an EC2 instance type, you must determine the necessary size of the EC2 instance. The
size depends on several factors, such as:

n Number of connected Firebox or XTM devices

n Estimated size of log traffic per device
n Amount of time log messages are stored on AWS
n Size of the backup log files on AWS

To help you determine how much memory, CPU, and bandwidth to allocate for Dimension, you must consider these factors.
For more information, see Install WatchGuard Dimension.

Choose an Instance Type

When you launch a new Dimension VM, you must select the EC2 instance type. Make sure to select an EC2 instance type that
is adequate for your size considerations. To determine which instance type to select, you must consider how much memory,
CPU, and bandwidth to allocate for Dimension, as described in the previous section. Do not select a micro instance. Instead,
select another instance type, such as small, medium, large, or xlarge.

Install the Dimension Virtual Machine

When you launch a new Amazon EC2 instance for your Dimension VM, you must add a new EBS volume for the EC2 instance.
You must also configure security rules to specify which traffic can connect to your instance of Dimension. To enable SSH
access for the wgsupport user to your Dimension VM, you must select whether to create a new key pair or use an existing pair.

Because EC2 instances use DHCP to assign the public IP address and DNS name to an instance, to make sure the address
you use to connect to Dimension does not change, you must allocate an Elastic IP address for the EC2 instance. This is
optional, but if you do not use an elastic IP address, each time the IP address for Dimension changes, you must update the IP
address for Dimension in the configurations for all your devices and servers that send log messages to Dimension.

2 WatchGuard Technologies, Inc.

 Connect to the AWS Management Console
To log in to the AWS Management Console:

1. Open a web browser and to to https://aws.amazon.com.

The Amazon Web Services page appears.
2. Specify your email address and password.
3. Click Sign in using our secure server.
The Amazon Web Services page appears.
4. From the Compute and Networking list, select EC2.
The EC2 Dashboard page appears.

5. From the region drop-down list at the top-right of the web page, select the region for your EC2 instance.

Connect to the AWS Management Console 3

 Deploy the Dimension VM
To deploy the WatchGuard Dimension VM:

1. From the EC2 Dashboard tree, expand Images and select AMIs.
The AMIs page appears.
2. From the first Filter drop-down list (Owned by me), select Private images.
The list of private AMI files you can select appears.

3. Select the file with the AMI Name watchguard-dimension_1_3.

4. At the top of the page, click Launch.
The Choose an Instance Type page appears.
5. Select any Type of size small or larger.
Do not select a micro instance type.

4 WatchGuard Technologies, Inc.

 6. Click Next: Configure Instance Details.
The Configure Instance Details page appears.
7. Keep the default settings.
8. Click Next: Add Storage.
The Add Storage page appears.
9. Click Add New Volume.
An EBS volume appears in the list.
10. In the Size GiB text box, specify the size of the EBS volume in GB.
Because you cannot change the EBS size later, make sure to specify the maximum GB allowed for the instance type you selected.
11. For the default storage type Root, make sure that the Delete on Termination check box is selected.

12. Click Next: Tag Instance.

The Tag Instance page appears.
13. In the Key text box, keep the default setting of Name.
14. In the Value text box, type a descriptive name for the new EC2 instance.
For example, type Dimension_PT-P.
15. Click Next: Configure Security Group.
The Configure Security Group page appears.
16. Select Create a new security group.
17. In the Security group name text box, type a descriptive name for the new security group.
You can also keep the default text.
18. (Optional) In the Description text box, type a descriptive name for the group.

Deploy the Dimension VM 5

 19. Click Add Rule and add these rules to the EC2 instance:

Type Protocol Port Range Purpose

SSH TCP 22 Support access for diagnostics

HTTPS TCP 443 Dimension UI access

Custom TCP Rule TCP 4115 Device and server access to send log messages to Dimension

To further refine who can connect to your EC2 instance, you can add rules that specify which IP addresses are allowed to connect.

20. Click Review and Launch.

The Review Instance Launch page appears.
21. Click Launch.
The Select an existing key pair or create a new key pair dialog box appears.
22. Select a key pair option:
n To add a key pair:
a. From the first drop-down list, select Create a new key pair.
b. In the Key pair name text box, type the name for the key pair.
c. Click Download Key Pair.
d. Save the .pem file to a location where you can easily find it later.

6 WatchGuard Technologies, Inc.

 n To use an existing key pair:
a. From the first drop-down list, select Choose existing key pair.
b. From the Select a key pair drop-down list, select the name of the key pair.
c. Select the acknowledgment message check box.

23. Click Launch Instances.

The new EC2 instance launches and the Launch Status page appears.
24. Click View Instances.

When the launch process for your EC2 instance completes, the EC2 instance is automatically powered on, and the new EC2
instance appears in the Instances list.

Allocate an Elastic IP Address

To make sure the public IP address and public DNS name for Dimension do not change, you must allocate an Elastic IP
address and use that IP address when you add an EC2 instance for your Dimension VM.

From the EC2 Dashboard page:

1. Expand the Network & Security tree and select Elastic IPs.

Allocate an Elastic IP Address 7

 2. To add a new elastic IP address, click Allocate New Address.
The Allocate New Address dialog box appears.The options available in the dialog box depend on the region you selected.

3. If the EIP used in drop-down list is available for your region, select EC2.
4. Click Yes, Allocate.
The elastic IP address is created and appears in the Address list.
5. To associate the new elastic IP address with your Dimension EC2 instance, select the IP address and click Associate
Address.
The Associate Address dialog box appears.
6. In the Instance text box, type the first letters in the name of the EC2 instance.
The EC2 instance names with those characters appear in a list.
7. Select the name of the correct EC2 instance.
8. Click Associate.
The EC2 instance name appears in the Instance column for the elastic IP address.

The elastic IP address you added is now associated with the EC2 instance for your Dimension VM. When you review the
settings for the Dimension VM, the Public IP address and Public DNS name will be associated with this elastic IP address.

8 WatchGuard Technologies, Inc.

 Review the Dimension VM Settings
After you have deployed your new Dimension EC2 instance, you can review the settings for the VM, and find the public
IP address or DNS name to use to connect to the WatchGuard Dimension web UI to run the Dimension Setup Wizard.

From the AWS Management Console:

1. From the EC2 Dashboard tree, expand Instances and select Instances.
The Instances page appears.
2. From the Instances list, select the new Dimension EC2 instance.
The details for the instance appear with the Description tab selected by default.

3. On the Description tab, find the Public IP address or the Public DNS name.

Because you associated an elastic IP address with your Dimension EC2 instance, the public IP address and DNS name for
Dimension will not change. The public, elastic IP address for your Dimension EC2 instance appears at the top of the
Dimension EC2 instance information section, above the tabs.

Review the Dimension VM Settings 9

 The public IP address or DNS name are the addresses you use to connect to the WatchGuard Dimension web UI to launch the
Dimension Setup Wizard. These are also the addresses you specify in the logging settings on your Firebox or XTM devices or
WatchGuard servers to enable them to send log messages to the Dimension Log Server.

Run the WatchGuard Dimension Setup Wizard

After your Dimension VM is set up on the new EC2 instance, you can connect to Dimension to run the Dimension Setup Wizard
and complete the configuration for your Dimension system. Because your Dimension VM is hosted on an Amazon EC2
instance, you do not have to specify a host name or IP address for Dimension in the wizard; both are configured when you
created the EC2 instance and appear automatically in the wizard.

Before you start the Dimension Setup Wizard, make sure you have this information to add in the wizard:

n Log Encryption Key

n Administrator passphrase

To run the Dimension Setup Wizard:

1. Open a web browser and connect to Dimension at https://<Dimension IP address>.

For example, if the IP address assigned to your instance of Dimension is 203.0.113.201, you connect to Dimension at
https://203.0.113.201.
If a security warning appears, select the option to proceed anyway for your web browser. The login page appears.
2. Type the default user credentials:
n User Name — admin
n Password — readwrite
You will change the administrator passphrase when you run the Setup Wizard. The WatchGuard Dimension Setup Wizard starts.
3. Click Next.
The System Information page appears.
4. Review the system settings that the wizard received from the Amazon EC2 instance configuration. Click Next.
5. Complete the wizard to configure the remainder of the Dimension settings.
After you finish the wizard, the Dimension login page appears.
6. Use the new administrator passphrase that you specified in the wizard to log in to Dimension.

After you have completed the wizard and logged in to Dimension, you can complete the configuration settings for your
Dimension system and Log Server, create report schedules, and manage users, as described in these topics in the
WatchGuard Dimension Help:

n Manage System Settings

n Log Server Management
n Schedule Reports
n Manage Users

10 WatchGuard Technologies, Inc.