{"id":543,"date":"2013-10-11T06:34:36","date_gmt":"2013-10-11T04:34:36","guid":{"rendered":"http:\/\/blog.lync2013.org\/?p=543"},"modified":"2014-05-08T09:18:43","modified_gmt":"2014-05-08T09:18:43","slug":"fortigate-vm-deployment-vmware-workstation","status":"publish","type":"post","link":"https:\/\/modern-workplace.uk\/?p=543","title":{"rendered":"FortiGate VM Deployment in VMware Workstation"},"content":{"rendered":"<p><iframe loading=\"lazy\" src=\"\/\/www.youtube.com\/embed\/eOJRbzvQmoA?list=UUREnpjKgVEWhBxLU9yEDmXQ\" width=\"560\" height=\"315\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">FortiGate virtual appliances allow you to provision Fortinet security inside a virtual environment. All the security and networking features we would expect in a hardware-based FortiGate are available in the VM too.\u00a0 FortiGate VM software is available for 32-bit and 64-bit environments. Both an upgrade version for existing FortiGate VMs and a \u201cgreenfield\u201d version are available. We will use the second solution, available as a downloadable zip archive file (the one we will use is a 64-bit version, FGT_VM64-v500-build0228-FORTINET.out.ovf.zip).<\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">Note: it is required to have at least an access as a customer to the Fortinet support to be able to receive and use the aforementioned files.<\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">The archive contains the following files (as stated in the latest \u201c<i>FortiGate VM (VMware)<\/i><\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\"><i>Install Guide<\/i>\u201d <a href=\"http:\/\/docs.fortinet.com\/vm\/FortiGate-VM-VMware-Install-Guide.pdf\">http:\/\/docs.fortinet.com\/vm\/FortiGate-VM-VMware-Install-Guide.pdf<\/a> ):<\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">Three Open Virtualization Format files<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Georgia, Palatino;\">FortiGate-VMxx.ovf: Open Virtualization Format file for VMware<\/span><\/li>\n<li><span style=\"font-family: Georgia, Palatino;\">FortiGate-VMxx.hw04.ovf: Open Virtualization Format file for older VMware ESX hardware<\/span><\/li>\n<li><span style=\"font-family: Georgia, Palatino;\">FortiGate-VMxx.hw07_vmxnet.ovf: Open Virtualization Format file for VMware with the<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: Georgia, Palatino;\">Two VMware disk files<\/span><\/p>\n<ul>\n<li><span style=\"font-family: Georgia, Palatino;\">Fortios.vmdk: Virtual machine disk format file used by the OVF file<\/span><\/li>\n<li><span style=\"font-family: Georgia, Palatino;\">Datadrive.vmdk: Virtual machine disk format file used by the OVF file<\/span><\/li>\n<\/ul>\n<p><span style=\"font-family: Georgia, Palatino;\">From VMware Workstation we will open the FortiGate-VM64.ovf file and import it in a folder (in our example the destination is a directory located in an external storage).<\/span><\/p>\n<hr \/>\n<p><strong><span style=\"font-family: Georgia, Palatino;\">FortiGate VM evaluation license<\/span><\/strong><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">We will use the evaluation license that is included by default in the FortiGate VM. This type of free trial license (that includes all features except FortiGuard) expires after 15 days. The FortiGate VM must have only 1 virtual CPU and a maximum of 1Gb of RAM. Certificates are limited to 512 Bits.<\/span><\/p>\n<hr \/>\n<p><strong><span style=\"font-family: Georgia, Palatino;\">First steps inside the FortiGate VM<\/span><\/strong><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">As soon as the VM import is completed, we have to check the hardware granted to the virtual appliance (CPU and memory, as explained in the evaluation license explanation). We are also able to move the network interfaces of the FortiGate VM to any virtual network available in VMware Workstation (my suggestion, if we are going to build a lab environment, is to start with a \u201cHost Only\u201d network).<\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">As soon as the VM is powered on we are able to login with admin (no password required) as we would do with a direct connection to a console port.<\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">We will configure Port1, using CLI commands (note: I will configure an address on my VMnet1, that is 192.168.112.0\/24). We have also to enable administrative accesses, using the set allowaccess command (note: I have enabled http, https, ssh, telnet and ping)<\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\"><em>config system interface<\/em><\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\"><em>edit port1<\/em><\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\"><em>set ip 192.168.112.2\/255.255.255.0<\/em><\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\"><em>set allowaccess http https ssh telnet ping<\/em><\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\"><em>end<\/em><\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">Then we are able to test the connection to the VM using Putty both for telnet and SSH.<\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">Our browser should be able to open the HTTP administrative page (as I said HTTPS with such a low level of encryption will not open in any recent Internet browser). My suggestion is to raise the \u201cIdle timeout\u201d value, to avoid frequent disconnection from the administrative interface.<\/span><\/p>\n<p><span style=\"font-family: Georgia, Palatino;\">So the HTTPS interface will not open in recent browsers (I was able to test it with a really old version of Firefox).<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FortiGate virtual appliances allow you to provision Fortinet security inside a virtual environment. All the security and networking features we would expect in a hardware-based FortiGate are available in the VM too.\u00a0 FortiGate VM software is available for 32-bit and 64-bit environments. Both an upgrade version for existing FortiGate VMs and a \u201cgreenfield\u201d version are [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1250,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","twitterCardType":"","cardImageID":0,"cardImage":"","cardTitle":"","cardDesc":"","cardImageAlt":"","cardPlayer":"","cardPlayerWidth":0,"cardPlayerHeight":0,"cardPlayerStream":"","cardPlayerCodec":"","footnotes":""},"categories":[18,198],"tags":[197,704,199,200,201,202,203,204,205,206,207,208,209],"class_list":["post-543","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-english","category-fortigate","tag-firewall-test-lab","tag-fortigate","tag-fortigate-firewall","tag-fortigate-vm","tag-fortigate-vmware","tag-fortinet","tag-fortinet-vm","tag-fortinet-vmware","tag-virtual-appliance","tag-virtual-firewall","tag-vmware-firewall","tag-vmware-fortigate","tag-workstation-firewall"],"_links":{"self":[{"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/posts\/543","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=543"}],"version-history":[{"count":2,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/posts\/543\/revisions"}],"predecessor-version":[{"id":1251,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/posts\/543\/revisions\/1251"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=\/wp\/v2\/media\/1250"}],"wp:attachment":[{"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/modern-workplace.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}