goldgenerous

Aeg santo no frost. FortiGate virtual appliances allow you to provision Fortinet security inside a virtual environment. All the security and networking features we would expect in a hardware-based FortiGate are available in the VM too. FortiGate VM software is available for 32-bit and 64-bit environments. Both an upgrade version for existing FortiGate VMs and a “greenfield” version are available. We will use the second solution, available as a downloadable zip archive file (the one we will use is a 64-bit version, FGT_VM64-v500-build0228-FORTINET.out.ovf.zip).

Note: it is required to have at least an access as a customer to the Fortinet support to be able to receive and use the aforementioned files.

The archive contains the following files (as stated in the latest “FortiGate VM (VMware)

Install Guide” http://docs.fortinet.com/vm/FortiGate-VM-VMware-Install-Guide.pdf ):

Three Open Virtualization Format files

Latest adventure Movies: Check out the list of all latest adventure movies. World Of Vedas City. Users' Rating:3.0. Hindi Animation, Action, Adventure| U. Mahesh babu movies list dubbed in hindi.

• FortiGate-VMxx.ovf: Open Virtualization Format file for VMware
• FortiGate-VMxx.hw04.ovf: Open Virtualization Format file for older VMware ESX hardware
• FortiGate-VMxx.hw07_vmxnet.ovf: Open Virtualization Format file for VMware with the

Two VMware disk files

• Fortios.vmdk: Virtual machine disk format file used by the OVF file
• Datadrive.vmdk: Virtual machine disk format file used by the OVF file

From VMware Workstation we will open the FortiGate-VM64.ovf file and import it in a folder (in our example the destination is a directory located in an external storage).

FortiGate VM evaluation license

We will use the evaluation license that is included by default in the FortiGate VM. This type of free trial license (that includes all features except FortiGuard) expires after 15 days. The FortiGate VM must have only 1 virtual CPU and a maximum of 1Gb of RAM. Certificates are limited to 512 Bits.

First steps inside the FortiGate VM

As soon as the VM import is completed, we have to check the hardware granted to the virtual appliance (CPU and memory, as explained in the evaluation license explanation). We are also able to move the network interfaces of the FortiGate VM to any virtual network available in VMware Workstation (my suggestion, if we are going to build a lab environment, is to start with a “Host Only” network).

As soon as the VM is powered on we are able to login with admin (no password required) as we would do with a direct connection to a console port.

We will configure Port1, using CLI commands (note: I will configure an address on my VMnet1, that is 192.168.112.0/24). We have also to enable administrative accesses, using the set allowaccess command (note: I have enabled http, https, ssh, telnet and ping)

config system interface

edit port1

set ip 192.168.112.2/255.255.255.0

set allowaccess http https ssh telnet ping

end

Then we are able to test the connection to the VM using Putty both for telnet and SSH.

Our browser should be able to open the HTTP administrative page (as I said HTTPS with such a low level of encryption will not open in any recent Internet browser). My suggestion is to raise the “Idle timeout” value, to avoid frequent disconnection from the administrative interface.

So the HTTPS interface will not open in recent browsers (I was able to test it with a really old version of Firefox).

FortiGate VM in VirtualBox

I'm looking to see if anyone has had any success getting an evaluation VM running in VirtualBox. I've gotten very close myself, but I'm running into some strange obstacles. pfSense and Cumulus were buttery smooth in importing their OVA file, booting up, attaching network interfaces, etc. It'd be great to get one of those Fortinet Cookbook articles made up for this. (hint, hint :P)

I did have to take a little bit of a round about way to get a FortiGate VM to even boot in VirtualBox. I had to download the OpenXen VM version to get the qcow2 file format then use the qemu-img Linux utility to convert it to a vmdk file (or VDI), which I could then boot from successfully. Interestingly too, I'm getting a license error with this VM as well even though I only gave the VM one CPU and 1024Mb of RAM as stated here.

Mainly, it has issues communicating with my other VMs. I see it's learning ARP and LLDP shows active and connecting to my expected ports, but no luck pinging where I should be able to ping. I'm using the 'Internal Network' type and 'Intel PRO/1000 MT Server' adapter type to simulate ethernet connections. Can't image it's a problem with VirtualBox since I have two pairs of MLAGed Cumulus switches, a pair of HA pfSense boxes hanging off my 'spine' switches, a CentOS box with a teamed interface hanging off the 'leaf' switches, and three other Cumulus VMs running as BGP peers acting as the Internet.