vExpert

Deep Dive in to Virtualization & Cloud


Deploy and Configure FortiGate VM Series Firewall

Fortinet delivers both physical and virtualized security appliances to secure unique data planes. FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all the security and networking services common to traditional hardware based FortiGate appliances. In this blog we will see how we can deploy and do the basic configuration of a Fortinet VM series firewall.

Download the Binaries

FortiGate-VM deployment packages are found on the Customer Service & Support site. In the Download drop-down menu, select VM Images to access the available VM deployment packages.

Login with your Forti Cloud account to access the packages

In the support drop menu Click on VM Images

Form this console you can download multiple Fortinet VM products for different clouds or environments.

We have downloaded the FortiGate for the platform VMware ESXi with Forti OS version 7.2.1 for a new environment deployment.

Deploy VM Series

Now we have downloaded the VM series firewall image and deploying it in a VMware Workstation environment. Extract the RAR file you have downloaded, and you can see the FortiGate VM series deployment files.

Double Click on the OVF file with hardware version supported in your environment and this will open VMware workstation console.

Accept the License Agreement and Click Next

Provide the VM Name and Folder you want to save the VM files and Click Import

This will Import the VM into VMware Workstation and you can see the console as below

For this configuration I am going with minimum configuration of VM00 (1 vCPU and 2GB RAM) series and connecting two of my network interfaces.

Power On the appliances once you complete the virtual hardware configuration.

FortiGate VM Series firewall deployment is completed now and now we can proceed with further configuration.

Configure the Firewall

In Configuration section we will see how we can configure IP Address, DNS, and Default route before we access the Web GUI.

To start with this configuration access the VM console. The default credential is

Username – admin 
Password – no password

This will allow you to set the new password of FortiGate Firewall

To configure the first Uplink interface, use the below commands

config system interface
edit port1
set mode static
set ip 172.16.2.99 255.255.255.128
append allowaccess http https ssh ping
next
end

To configure the default gateway, enter the following CLI commands:

config router static
edit 1
set device port1
set gateway 172.16.2.1
next
end

To configure your DNS servers, enter the following CLI commands:

config system dns
set primary <Primary DNS server>
set secondary <Secondary DNS server>
end

Now you can configure the remaining from the GUI. To access the Firewall GUI use the below URL and use the same credential you used in CLI.

https://<IP Address>

Here you have two options to go with Full License or Evaluation License.

Form FortiOS 7.2.1 there is a major update in 15 days trial license.

A permanent evaluation VM license replaces the 15-day evaluation period for FortiGate-VM. The evaluation VM license applies to all private cloud (VMware ESXi, KVM, and so on) and all bring your own license (BYOL) public cloud instances.

When spinning up a new FortiGate-VM, you choose to log in to FortiCare to activate the VM trial or upload a new license.

Limitations of the evaluation VM license include the following:

Maximum of one free evaluation copy per FortiCare account
Support for low encryption operation only, except for GUI management access and Forti Manager communications
Maximum of 1 CPU and 2 GB of memory
Maximum of three interfaces, firewall policies, and routes
No FortiCare support
No FortiGuard support

Hence, I am going with Evaluation version with limited features.

Provide your FortiCare credential to avail this Evaluation feature and this is supported only one per account. This will download the new license and reboot your system

Once the appliance is up you can access the FortiGate GUI and proceed with remaining configuration.

Thanks,

If you have any comments, please drop me a line.
I hope this article was informative, and don’t forget to buy me a coffee if you found this worth reading.



Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.