FortiGate VM Deployment in VMware Workstation

Categories:

FortiGate virtual appliances allow you to provision Fortinet security inside a virtual environment. All the security and networking features we would expect in a hardware-based FortiGate are available in the VM too.  FortiGate VM software is available for 32-bit and 64-bit environments. Both an upgrade version for existing FortiGate VMs and a “greenfield” version are available. We will use the second solution, available as a downloadable zip archive file (the one we will use is a 64-bit version, FGT_VM64-v500-build0228-FORTINET.out.ovf.zip).

Note: it is required to have at least an access as a customer to the Fortinet support to be able to receive and use the aforementioned files.

The archive contains the following files (as stated in the latest “FortiGate VM (VMware)

Install Guidehttp://docs.fortinet.com/vm/FortiGate-VM-VMware-Install-Guide.pdf ):

Three Open Virtualization Format files

  • FortiGate-VMxx.ovf: Open Virtualization Format file for VMware
  • FortiGate-VMxx.hw04.ovf: Open Virtualization Format file for older VMware ESX hardware
  • FortiGate-VMxx.hw07_vmxnet.ovf: Open Virtualization Format file for VMware with the

Two VMware disk files

  • Fortios.vmdk: Virtual machine disk format file used by the OVF file
  • Datadrive.vmdk: Virtual machine disk format file used by the OVF file

From VMware Workstation we will open the FortiGate-VM64.ovf file and import it in a folder (in our example the destination is a directory located in an external storage).


FortiGate VM evaluation license

We will use the evaluation license that is included by default in the FortiGate VM. This type of free trial license (that includes all features except FortiGuard) expires after 15 days. The FortiGate VM must have only 1 virtual CPU and a maximum of 1Gb of RAM. Certificates are limited to 512 Bits.


First steps inside the FortiGate VM

As soon as the VM import is completed, we have to check the hardware granted to the virtual appliance (CPU and memory, as explained in the evaluation license explanation). We are also able to move the network interfaces of the FortiGate VM to any virtual network available in VMware Workstation (my suggestion, if we are going to build a lab environment, is to start with a “Host Only” network).

As soon as the VM is powered on we are able to login with admin (no password required) as we would do with a direct connection to a console port.

We will configure Port1, using CLI commands (note: I will configure an address on my VMnet1, that is 192.168.112.0/24). We have also to enable administrative accesses, using the set allowaccess command (note: I have enabled http, https, ssh, telnet and ping)

config system interface

edit port1

set ip 192.168.112.2/255.255.255.0

set allowaccess http https ssh telnet ping

end

Then we are able to test the connection to the VM using Putty both for telnet and SSH.

Our browser should be able to open the HTTP administrative page (as I said HTTPS with such a low level of encryption will not open in any recent Internet browser). My suggestion is to raise the “Idle timeout” value, to avoid frequent disconnection from the administrative interface.

So the HTTPS interface will not open in recent browsers (I was able to test it with a really old version of Firefox).