Fortinet delivers both physical and virtualized security appliances to secure unique data planes. FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all the security and networking services common to traditional hardware based FortiGate appliances. In this blog we will see how we can deploy and do the basic configuration of a Fortinet VM series firewall.
Download the Binaries
FortiGate-VM deployment packages are found on the Customer Service & Support site. In the Download drop-down menu, select VM Images to access the available VM deployment packages.
Login with your Forti Cloud account to access the packages
In the support drop menu Click on VM Images
Form this console you can download multiple Fortinet VM products for different clouds or environments.
We have downloaded the FortiGate for the platform VMware ESXi with Forti OS version 7.2.1 for a new environment deployment.
Deploy VM Series
Now we have downloaded the VM series firewall image and deploying it in a VMware Workstation environment. Extract the RAR file you have downloaded, and you can see the FortiGate VM series deployment files.
Double Click on the OVF file with hardware version supported in your environment and this will open VMware workstation console.
Accept the License Agreement and Click Next
Provide the VM Name and Folder you want to save the VM files and Click Import
This will Import the VM into VMware Workstation and you can see the console as below
For this configuration I am going with minimum configuration of VM00 (1 vCPU and 2GB RAM) series and connecting two of my network interfaces.
Power On the appliances once you complete the virtual hardware configuration.
FortiGate VM Series firewall deployment is completed now and now we can proceed with further configuration.
Configure the Firewall
In Configuration section we will see how we can configure IP Address, DNS, and Default route before we access the Web GUI.
To start with this configuration access the VM console. The default credential is
Username – admin Password – no password
This will allow you to set the new password of FortiGate Firewall
To configure the first Uplink interface, use the below commands
config system interface edit port1 set mode static set ip 172.16.2.99 255.255.255.128 append allowaccess http https ssh ping next end
To configure the default gateway, enter the following CLI commands:
config router static edit 1 set device port1 set gateway 172.16.2.1 next end
To configure your DNS servers, enter the following CLI commands:
config system dns set primary <Primary DNS server> set secondary <Secondary DNS server> end
Now you can configure the remaining from the GUI. To access the Firewall GUI use the below URL and use the same credential you used in CLI.
Here you have two options to go with Full License or Evaluation License.
Form FortiOS 7.2.1 there is a major update in 15 days trial license.
A permanent evaluation VM license replaces the 15-day evaluation period for FortiGate-VM. The evaluation VM license applies to all private cloud (VMware ESXi, KVM, and so on) and all bring your own license (BYOL) public cloud instances.
When spinning up a new FortiGate-VM, you choose to log in to FortiCare to activate the VM trial or upload a new license.
Limitations of the evaluation VM license include the following:
Maximum of one free evaluation copy per FortiCare account
Support for low encryption operation only, except for GUI management access and Forti Manager communications
Maximum of 1 CPU and 2 GB of memory
Maximum of three interfaces, firewall policies, and routes
No FortiCare support
No FortiGuard support
Hence, I am going with Evaluation version with limited features.
Provide your FortiCare credential to avail this Evaluation feature and this is supported only one per account. This will download the new license and reboot your system
Once the appliance is up you can access the FortiGate GUI and proceed with remaining configuration.
If you have any comments, please drop me a line