This post is to summarize the steps to download and install Fortigate Firewall VM into your VMware workstation for your lab testing.
Related Post:
Diagram
Download VM
You will need to create your own account for Fortinet website to continue downloading VM images.
Example image file: FGT_VM64-v7.4.3.F-build2573-FORTINET.out (93.47 MB)
Please download VM start with FGT and not start with FOS. FOS-VMs are meant to work only in closed environments without Internet access. FOS-VMs license validation process is exclusively taken care of by the FortiMeter module of FortiManager, not by FortiGuard. Upon instantiation, a FOS-VM is provided with a permanent Serial Number. The FOS-VM license status is “Valid”, and is set with a “FortiMeter grace period” value of 1 hour. (From: FOS-VM License management, validation, and troubleshooting)
FOS-VMs can get a evaluated license from your FortiCloud account. It will show in your FortiCloud account’s Asset management product list page:
Launch VM into VMWare Workstation
Unzip download zip file: e.g. FGT_VM64-v7.0.3-build0237-FORTINET.out.ovf.zip
You will get 2 VMDK disk files and 6 different OVF files. To import it into your VMWare Workstation, just double click one of ovf file then the import wizard will show up.
|
Component |
Description |
|---|---|
|
fortios.vmdk |
FortiGate-VM system hard disk in VMDK format. |
|
datadrive.vmdk |
FortiGate-VM log disk in VMDK format. |
|
Open Virtualization Format (OVF) template files |
|
|
FortiGate-VM64.ovf |
OVF template based on Intel e1000 NIC driver. |
|
FortiGate-VM64.hw04.ovf |
OVF template file for older (v3.5) VMware ESX server. This file will be deprecated in future releases. |
|
FortiGate-VMxx.hw07_vmxnet2.ovf |
OVF template file for VMware vmxnet2 driver. |
|
FortiGate-VMxx.hw07_vmxnet3.ovf |
OVF template file for VMware vmxnet3 driver. |
|
FortiGate-VM64.hw13.ovf |
OVF template file for VMware ESXi 6.5 and later versions. |
|
|
OVF template file for VMware ESXi 6.7 and later versions. |
|
FortiGate-VM64.vapp.ovf |
OVF template file for VMware vSphere, vCenter, and vCloud. |
Configuration Port 1 (Mgmt) Interface
After VM complete loaded, it might need to reboot it once then you will be prompted to login:
Default username : admin
config system interface
edit ?
show system interface ?
config system interface
edit port1
set mode static
set ip 192.168.2.18 255.255.255.0
append allowaccess http
end
- Show system interface
- Get system status
config router static
edit 1
set device port1
set gateway 192.168.2.1
end
Config Fortigate WAN, LAN & DMZ Interfaces
LAN and DMZ
Configure Firewall Rule
Basic rule is from LAN to WAN for Internet traffic.
License Reset for Evaluation
Videos
References
- FortiGate Private Cloud
- Hardening your FortiGate
- FortiGate / FortiOS 7.0.0 Best Practices
- FortiGate / FortiOS
- Single FortiGate-VM Deployment
- Launching FortiGate on Azure
- GitHub FortiGate Azure templates.
- FortiGate Azure datasheet.
- Tehnical Tip: Installing and configuring FortiGate Autoscale for Azure.
- Technical Tip: Resizing an Azure FortiGate VM instance
- Upload VHD
- Deployment Guide
- Datasheet – FortiGate Next Generation Firewall for Azure
- FortiOS Handbook
- ARM and Terraform template on GitHub
- Register your license