Fortigate-vm 1a1ou
This document was ed by and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this report form. Report l4457
Overview 6h3y3j
& View Fortigate-vm as PDF for free.
More details h6z72
- Words: 3,336
- Pages: 22
FortiGate VM (VMware) Install Guide
FortiGate VM (VMware) Install Guide May 29, 2013 01-502-203906-20130529 Copyright© 2013 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are ed trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation
docs.fortinet.com
Knowledge Base
kb.fortinet.com
Customer Service &
.fortinet.com
Training Services
training.fortinet.com
FortiGuard
fortiguard.com
Document
[email protected]
Table of Contents Change Log....................................................................................................... 4 Introduction....................................................................................................... 5 Document scope...................................................................................................... 5
FortiGate VM Overview .................................................................................... 6 Licensing.................................................................................................................. 6 System requirements ............................................................................................... 6 FortiGate VM with Customer Service & ....................................... 7 FortiGate VM software............................................................................ 8 FortiGate VM evaluation license .............................................................................. 9
FortiGate VM Deployment ............................................................................. 10 Deploy the FortiGate VM OVF file.......................................................................... 10 Configure FortiGate VM hardware settings ........................................................... 15 Power on your FortiGate VM ................................................................................. 15
FortiGate VM Initial Configuration ................................................................ 16 FortiGate VM console access................................................................................ 16 Connect to the FortiGate VM Web-based Manager .............................................. 18 the FortiGate VM license file ..................................................................... 18 Validate the FortiGate VM license with FortiManager............................................ 19 Configure your FortiGate VM ................................................................................. 21
Page 3
Change Log Date
Change Description
2013-05-01
Initial release.
2013-05-29
Minor document update.
Page 4
Introduction FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.
Document scope This document describes how to deploy a FortiGate virtual appliance disk image in a VMware virtualization server environment, and how to configure the virtual hardware settings of the virtual appliance. This document assumes you have already successfully installed a VMware virtualization server on the physical machine, and VMware vSphere client on your management computer. This document does not cover initial configuration of the virtual appliance itself, nor ongoing use and maintenance. After deploying the virtual appliance, for information on initial appliance configuration, see the FortiGate 5.0 Handbook. This document includes the following sections: • FortiGate VM Overview • FortiGate VM Deployment • FortiGate VM Initial Configuration
Introduction
Page 5
FortiGate VM (VMware) Install Guide
FortiGate VM Overview This section provides an overview of FortiGate VM. The following topics are included in this section: • Licensing • System requirements • FortiGate VM with Customer Service & • FortiGate VM software • FortiGate VM evaluation license
Licensing Fortinet offers the FortiGate VM in five virtual appliance models. When configuring your FortiGate VM, ensure to configure hardware settings as outlined in Table 1. your Fortinet Authorized Reseller for more information. Table 1: FortiGate VM model information Technical Specification
FG-VM00
FG-VM01
FG-VM02
FG-VM04
FG-VM08
1
1
2
4
8
Virtual Us Virtual Network Interfaces (Minimum / Maximum) Virtual Memory (Minimum / Maximum)
2 / 10 512 MB / 512MB 512 MB / 1 GB 512 MB / 3 GB 512 MB / 4 GB 512 MB / 12 GB
Virtual Storage (Minimum)
30 GB
Total Storage
2 TB After placing an order for FortiGate VM, a license registration code is sent to the email address used on the order form. Use the registration number provided to the FortiGate VM with Customer Service & at https://.fortinet.com. Upon registration, you can the license file. You will need this file to activate your FortiGate VM. You can configure basic network settings from the CLI to complete the deployment. Once the license file is ed and validated by FortiManager or the FortiGuard Distribution Network (FDN), the CLI and Web-based Manager are unlocked and fully functional.
System requirements Prior to deploying the FortiGate VM virtual appliance, VMware vSphere Hypervisor (ESX/ESXi versions 4.0, 4.1, 5.0, or 5.1) must be installed and configured. The installation instructions for FortiGate VM assume you are familiar with VMware ESX/ESXi server and terminology.
FortiGate VM Overview
Page 6
FortiGate VM (VMware) Install Guide
Ensure the following prerequisites are met before installing FortiGate VM: • The VMware vSphere ESX/ESXi Hypervisor software must be installed and configured. For more details, refer to http://www.vmware.com/products/vsphere-hypervisor/overview.html. • The VMware vSphere Client is installed on the management computer. • An Internet connection is available for FortiGate VM to FortiGuard to validate its license or, for closed environments, a FortiManager can be ed to validate the FortiGate VM license (please see the FortiManager Install and Configure guide for these prerequisites).
FortiGate VM with Customer Service & To obtain the FortiGate VM license file you must first your FortiGate VM with Customer Service & . To your FortiGate VM: 1. to the Customer Service & portal using an existing or select Sign Up to create a new . 2. In the main page, in the Asset Management quadrant, select /Renew. The Registration page opens. Figure 1: Registration page
3. Enter the registration number that was emailed to you and select . A registration form will appear. 4. After completing the form, a registration acknowledgement page will appear. 5. Select the License File link.
FortiGate VM Overview
Page 7
FortiGate VM (VMware) Install Guide
Figure 2: VM license link
6. You will be prompted to save the license file (.lic) to your local computer. See “ the FortiGate VM license file” on page 18 for instructions on ing the license file to your FortiGate VM via the Web-based Manager.
FortiGate VM software Fortinet provides the FortiGate VM software for both 32-bit and 64-bit environments in two formats: • FGT_VMxx-v500-build0xxx-FORTINET.out: either the 32-bit or 64-bit firmware image to upgrade your existing FortiGate VM installation. • FGT_VMxx-v500-build0xxx-FORTINET.out.ovf.zip: either the 32-bit or 64-bit package for a new FortiGate VM installation. For more information see the FortiGate product datasheet available on the Fortinet web site, http://www.fortinet.com/products/fortigate/virtualappliances.html. The FGT_VMxx-v500-build0xxx-FORTINET.out.ovf.zip file contains the following files: • FortiGate-VMxx.ovf: Open Virtualization Format file for VMware. • FortiGate-VMxx.hw04.ovf: Open Virtualization Format file for older VMware ESX hardware. • FortiGate-VMxx.hw07_vmxnet.ovf: Open Virtualization Format file for VMware with the VMware driver. • fortios.vmdk: Virtual machine disk format file used by the OVF file. • datadrive.vmdk: Virtual machine disk format file used by the OVF file. FortiGate VM firmware images on the Customer Service & site FTP directory are organized by firmware version, major release, and patch release. The firmware images in the directories follow a specific naming convention and each firmware image is specific to the device model. For example, the FGT_VM32-v500-build0151-FORTINET.out.ovf.zip image found in the v5.0 Patch Release 2 directory is specific to the FortiGate VM 32-bit environment.
You can also the FortiGate Release Notes, FORTINET-FORTIGATE MIB file, FSSO images, and SSL VPN client in this directory. The Fortinet Core MIB file is located in the main FortiGate v5.00 directory.
FortiGate VM Overview
Page 8
FortiGate VM (VMware) Install Guide
To the FortiGate VM .ovf.zip package: 1. In the main page of the Customer Service & site, in the quadrant, select Firmware Images. The Firmware Images page opens. Figure 3: Firmware image page
2. In the Firmware Images page, select FortiGate. 3. Browse to the appropriate directory on the FTP site for the version that you would like to . 4. the .ovf.zip file and FortiGate Release Notes, and save these files to your local computer. 5. Select the .ovf.zip file on your local computer and extract the files to a new file folder. See “Deploy the FortiGate VM OVF file” on page 10 for information on deploying the OVF file to your VMware environment.
FortiGate VM evaluation license FortiGate VM includes a free 15-day trial license that includes all features except FortiGuard updates. The trial period begins the first time you start FortiGate VM. Once the trial expires, functionality is disabled until you a license file.
Technical is not included with the 15-day evaluation.
The 15-day evaluation license limitations include: • Low encryption only. When configuring the port1 interface, you must configure set allowaccess http. • You can not upgrade the firmware, doing so will lock the Web-based Manager until a license is ed.
FortiGate VM Overview
Page 9
FortiGate VM (VMware) Install Guide
FortiGate VM Deployment Once you have ed the FGT_VMxx-v500-build0xxx-FORTINET.out.ovf.zip file and extracted the package contents to a folder on your local computer, you can deploy the OVF package to your VMware environment. The following topics are included in this section: • Deploy the FortiGate VM OVF file • Configure FortiGate VM hardware settings • Power on your FortiGate VM
Deploy the FortiGate VM OVF file To deploy the FortiGate VM OVF template: 1. Launch the VMware vSphere client, enter the IP address or host name of your server, enter your name and and select . The vSphere client home page opens. Figure 4: vSphere client home page
2. Select File > Deploy OVF Template to launch the OVF Template wizard.
FortiGate VM Deployment
Page 10
FortiGate VM (VMware) Install Guide
The OVF Template Source page opens. Figure 5: Source page
3. Select the source location of the OVF file. Select Browse and locate the file folder on your computer. Select the appropriate FortiGate VM OVF file and select Next to continue. The OVF Template Details page opens. Figure 6: Details page
FortiGate VM Deployment
Page 11
FortiGate VM (VMware) Install Guide
4. the OVF template details. This page details the product name, size, size on disk, and description. Select Next to continue. The OVF Template End License Agreement page opens. Figure 7: End license agreement page
5. Read the end license agreement for FortiGate VM. Select Accept and then select Next to continue.
FortiGate VM Deployment
Page 12
FortiGate VM (VMware) Install Guide
The OVF Template Name and Location page opens. Figure 8: Name and location page
6. Enter a name for this OVF template. The name can contain up to 80 characters and it must be unique within the inventory folder. Select Next to continue. The OVF Template Disk Format page opens. Figure 9: Disk format page
FortiGate VM Deployment
Page 13
FortiGate VM (VMware) Install Guide
7. Select one of the following: • Thick Provision Lazy Zeroed: Allocates the disk space statically (no other volumes can take the space), but does not write zeros to the blocks until the first write takes place to that block during runtime (which includes a full disk format). • Thick Provision Eager Zeroed: Allocates the disk space statically (no other volumes can take the space), and writes zeros to all the blocks. • Thin Provision: Allocates the disk space only when a write occurs to a block, but the total volume size is reported by VMFS to the OS. Other volumes can take the remaining space. This allows you to float space between your servers, and expand your storage when your size monitoring indicates there is a problem. Note that once a Thin Provisioned block is allocated, it remains on the volume regardless if you have deleted data, etc. 8. Select Next to continue. The OVF Template Network Mapping page opens. Figure 10:Network mapping page
9. Map the networks used in this OVF template to networks in your inventory. Network 1 maps to port1 of the FortiGate VM. You must set the destination network for this entry to access the device console. Select Next to continue.
FortiGate VM Deployment
Page 14
FortiGate VM (VMware) Install Guide
The OVF Template Ready to Complete page opens. Figure 11:Ready to complete page
10.Review the template configuration. To power on the FortiGate VM select the checkbox beside Power on after deployment. It is recommended to configure the FortiGate VM hardware settings prior to powering on the FortiGate VM. 11.Select Finish to deploy the OVF template. You will receive a Deployment Completed Successfully dialog box once the FortiGate VM OVF template wizard has finished.
Configure FortiGate VM hardware settings Before powering on your FortiGate VM you must configure the virtual memory, virtual U, and virtual disk configuration to match your FortiGate VM license. See Table 1 on page 6 for FortiGate VM model information.
Power on your FortiGate VM You can now proceed to power on your FortiGate VM. Select the name of the FortiGate VM you deployed in the inventory list and select Power on the virtual machine in the Getting Started tab. Optionally, you can select the name of the FortiGate VM you deployed, right-click and select Power > Power On.
FortiGate VM Deployment
Page 15
FortiGate VM (VMware) Install Guide
FortiGate VM Initial Configuration Before you can connect to the FortiGate VM Web-based Manager you must configure the port1 IP address and netmask via the console tab on your vSphere client. Once configured, you can connect to the FortiGate VM Web-based Manager and the FortiGate VM license file that you ed from the Customer Service & website. The following topics are included in this section: • FortiGate VM console access • Connect to the FortiGate VM Web-based Manager • the FortiGate VM license file • Configure your FortiGate VM
FortiGate VM console access To enable Web-based Manager access to the FortiGate VM you must configure the port1 IP address and netmask of the FortiGate VM in the vSphere Client Console tab. To configure the port1 IP address: 1. In the Inventory list, select the FortiGate VM that you deployed. In the Getting Started tab select Power on the virtual machine. Optionally, you can right-click the FortiGate VM and select Power > Power On. 2. Select the Console tab. The Console window appears Figure 12:FortiGate VM console access
FortiGate VM Initial Configuration
Page 16
FortiGate VM (VMware) Install Guide
3. At the FortiGate VM prompt enter the name and . The default is no . 4. To configure the port1 IP address and netmask, enter the following CLI commands: config system interface edit port1 set ip
end By default, ping, https, ssh, and fgfm are enabled on the port1 interface. Use the set allowaccess CLI command to enable auto-ipsec, http, probe-response, radius-acct, snmp, and telnet as required.
5. To configure the default gateway, enter the following CLI commands: config router static edit 1 set device port1 set gateway
end
You must configure the default gateway with an IPv4 address. FortiGate VM needs to access the Internet to the FortiGuard Distribution Network (FDN) to validate its license.
6. To configure your DNS servers, enter the following CLI commands: config system dns set primary
set secondary <Secondary DNS server> end
The default DNS servers are 208.91.112.53 and 208.91.112.52.
7. To the FortiGate VM license from an FTP or TFTP server, use the following CLI command: execute restore vmlicense {ftp | tftp}
<Server IP or FQDN>[:server port]
You can also the license in the FortiGate VM Web-based Manager. See “ the FortiGate VM license file” on page 18.
FortiGate VM Initial Configuration
Page 17
FortiGate VM (VMware) Install Guide
Connect to the FortiGate VM Web-based Manager Once you have configured the port1 IP address and netmask, launch a web browser and enter the IP address you configured for port1. At the page, enter the name and field and select . The default is no . The Web-based Manager will appear with an Evaluation License dialog box, see Figure 13. Figure 13:Web-based Manager and Evaluation License dialog box
the FortiGate VM license file Every Fortinet VM includes a 15-day trial license. During this time the FortiGate VM operates in evaluation mode. Before using the FortiGate VM you must enter the license file that you ed from the Customer Service & website upon registration. To the FortiGate VM licence file: 1. In the Evaluation License dialog box, select Enter License. You can also the license file via the CLI using the following CLI command: execute restore vmlicense [ftp | tftp]
[:ftp port]
FortiGate VM Initial Configuration
Page 18
FortiGate VM (VMware) Install Guide
The license page opens. Figure 14:License page
2. Select Browse and locate the license file (.lic) on your computer. Select OK to the license file. 3. Refresh the browser to . 4. Enter in the Name field and select . The VM registration status appears as valid in the License Information widget once the license has been validated by the FortiGuard Distribution Network (FDN) or FortiManager for closed networks.
Validate the FortiGate VM license with FortiManager You can validate your FortiGate VM license with your FortiManager device. To validate your FortiGate VM with your FortiManager: 1. To configure your FortiManager as a closed network, enter the following CLI command on your FortiManager: config fmupdate publicnetwork set status disable end 2. To configure FortiGate VM to use FortiManager as its override server, enter the following CLI commands on your FortiGate VM: config system central-management set mode normal set type fortimanager set fmg
set fmg-source-ip <Source IPv4 address when connecting to the FortiManager device> set fortimanager-fds-override enable FortiGate VM Initial Configuration
Page 19
FortiGate VM (VMware) Install Guide
set vdom <Enter the name of the VDOM to use when communicating with the FortiManager device> end 3. Load the FortiGate VM license file in the Web-based Manager. Go to System > Dashboard > Status. In the License Information widget, in the Registration Status field, select Update. Browse for the .lic license file and select OK. 4. To activate the FortiGate VM license, enter the following CLI command on your FortiGate VM: execute update-now 5. To check the FortiGate VM license status, enter the following CLI commands on your FortiGate VM: get system status The following output is displayed: Version: Fortigate-VM v5.0,build0099,120910 (Interim) Virus-DB: 15.00361(2011-08-24 17:17) Extended DB: 15.00000(2011-08-24 17:09) Extreme DB: 14.00000(2011-08-24 17:10) IPS-DB: 3.00224(2011-10-28 16:39) FortiClient application signature package: 1.456(2012-01-17 18:27) Serial-Number: FGVM02Q105060000 License Status: Valid BIOS version: 04000002 Log hard disk: Available Hostname: Fortigate-VM Operation Mode: NAT Current virtual domain: root Max number of virtual domains: 10 Virtual domains status: 1 in NAT mode, 0 in TP mode Virtual domain configuration: disable FIPS-CC mode: disable Current HA mode: standalone Distribution: International Branch point: 511 Release Version Information: MR3 Patch 4 System time: Wed Jan 18 11:24:34 2012 diagnose hardware sysinfo vm full The following output is displayed: UUID: 564db33a29519f6b1025bf8539a41e92 valid: 1 status: 1 code: 200 (If the license is a duplicate, code 401 will be displayed) warn: 0 copy: 0 received: 45438 warning: 0 recv: 201201201918 dup: FortiGate VM Initial Configuration
Page 20
FortiGate VM (VMware) Install Guide
Configure your FortiGate VM Once the FortiGate VM license has been validated you can begin to configure your device. You can use the Wizard located in the top toolbar for basic configuration including enabling central management, setting the , setting the time zone, and port configuration. For more information on configuring your FortiGate VM see the FortiOS Handbook at http://docs.fortinet.com.
FortiGate VM Initial Configuration
Page 21
FortiGate VM (VMware) Install Guide
FortiGate VM (VMware) Install Guide May 29, 2013 01-502-203906-20130529 Copyright© 2013 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, and FortiGuard®, are ed trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
Technical Documentation
docs.fortinet.com
Knowledge Base
kb.fortinet.com
Customer Service &
.fortinet.com
Training Services
training.fortinet.com
FortiGuard
fortiguard.com
Document
[email protected]
Table of Contents Change Log....................................................................................................... 4 Introduction....................................................................................................... 5 Document scope...................................................................................................... 5
FortiGate VM Overview .................................................................................... 6 Licensing.................................................................................................................. 6 System requirements ............................................................................................... 6 FortiGate VM with Customer Service & ....................................... 7 FortiGate VM software............................................................................ 8 FortiGate VM evaluation license .............................................................................. 9
FortiGate VM Deployment ............................................................................. 10 Deploy the FortiGate VM OVF file.......................................................................... 10 Configure FortiGate VM hardware settings ........................................................... 15 Power on your FortiGate VM ................................................................................. 15
FortiGate VM Initial Configuration ................................................................ 16 FortiGate VM console access................................................................................ 16 Connect to the FortiGate VM Web-based Manager .............................................. 18 the FortiGate VM license file ..................................................................... 18 Validate the FortiGate VM license with FortiManager............................................ 19 Configure your FortiGate VM ................................................................................. 21
Page 3
Change Log Date
Change Description
2013-05-01
Initial release.
2013-05-29
Minor document update.
Page 4
Introduction FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.
Document scope This document describes how to deploy a FortiGate virtual appliance disk image in a VMware virtualization server environment, and how to configure the virtual hardware settings of the virtual appliance. This document assumes you have already successfully installed a VMware virtualization server on the physical machine, and VMware vSphere client on your management computer. This document does not cover initial configuration of the virtual appliance itself, nor ongoing use and maintenance. After deploying the virtual appliance, for information on initial appliance configuration, see the FortiGate 5.0 Handbook. This document includes the following sections: • FortiGate VM Overview • FortiGate VM Deployment • FortiGate VM Initial Configuration
Introduction
Page 5
FortiGate VM (VMware) Install Guide
FortiGate VM Overview This section provides an overview of FortiGate VM. The following topics are included in this section: • Licensing • System requirements • FortiGate VM with Customer Service & • FortiGate VM software • FortiGate VM evaluation license
Licensing Fortinet offers the FortiGate VM in five virtual appliance models. When configuring your FortiGate VM, ensure to configure hardware settings as outlined in Table 1. your Fortinet Authorized Reseller for more information. Table 1: FortiGate VM model information Technical Specification
FG-VM00
FG-VM01
FG-VM02
FG-VM04
FG-VM08
1
1
2
4
8
Virtual Us Virtual Network Interfaces (Minimum / Maximum) Virtual Memory (Minimum / Maximum)
2 / 10 512 MB / 512MB 512 MB / 1 GB 512 MB / 3 GB 512 MB / 4 GB 512 MB / 12 GB
Virtual Storage (Minimum)
30 GB
Total Storage
2 TB After placing an order for FortiGate VM, a license registration code is sent to the email address used on the order form. Use the registration number provided to the FortiGate VM with Customer Service & at https://.fortinet.com. Upon registration, you can the license file. You will need this file to activate your FortiGate VM. You can configure basic network settings from the CLI to complete the deployment. Once the license file is ed and validated by FortiManager or the FortiGuard Distribution Network (FDN), the CLI and Web-based Manager are unlocked and fully functional.
System requirements Prior to deploying the FortiGate VM virtual appliance, VMware vSphere Hypervisor (ESX/ESXi versions 4.0, 4.1, 5.0, or 5.1) must be installed and configured. The installation instructions for FortiGate VM assume you are familiar with VMware ESX/ESXi server and terminology.
FortiGate VM Overview
Page 6
FortiGate VM (VMware) Install Guide
Ensure the following prerequisites are met before installing FortiGate VM: • The VMware vSphere ESX/ESXi Hypervisor software must be installed and configured. For more details, refer to http://www.vmware.com/products/vsphere-hypervisor/overview.html. • The VMware vSphere Client is installed on the management computer. • An Internet connection is available for FortiGate VM to FortiGuard to validate its license or, for closed environments, a FortiManager can be ed to validate the FortiGate VM license (please see the FortiManager Install and Configure guide for these prerequisites).
FortiGate VM with Customer Service & To obtain the FortiGate VM license file you must first your FortiGate VM with Customer Service & . To your FortiGate VM: 1. to the Customer Service & portal using an existing or select Sign Up to create a new . 2. In the main page, in the Asset Management quadrant, select /Renew. The Registration page opens. Figure 1: Registration page
3. Enter the registration number that was emailed to you and select . A registration form will appear. 4. After completing the form, a registration acknowledgement page will appear. 5. Select the License File link.
FortiGate VM Overview
Page 7
FortiGate VM (VMware) Install Guide
Figure 2: VM license link
6. You will be prompted to save the license file (.lic) to your local computer. See “ the FortiGate VM license file” on page 18 for instructions on ing the license file to your FortiGate VM via the Web-based Manager.
FortiGate VM software Fortinet provides the FortiGate VM software for both 32-bit and 64-bit environments in two formats: • FGT_VMxx-v500-build0xxx-FORTINET.out: either the 32-bit or 64-bit firmware image to upgrade your existing FortiGate VM installation. • FGT_VMxx-v500-build0xxx-FORTINET.out.ovf.zip: either the 32-bit or 64-bit package for a new FortiGate VM installation. For more information see the FortiGate product datasheet available on the Fortinet web site, http://www.fortinet.com/products/fortigate/virtualappliances.html. The FGT_VMxx-v500-build0xxx-FORTINET.out.ovf.zip file contains the following files: • FortiGate-VMxx.ovf: Open Virtualization Format file for VMware. • FortiGate-VMxx.hw04.ovf: Open Virtualization Format file for older VMware ESX hardware. • FortiGate-VMxx.hw07_vmxnet.ovf: Open Virtualization Format file for VMware with the VMware driver. • fortios.vmdk: Virtual machine disk format file used by the OVF file. • datadrive.vmdk: Virtual machine disk format file used by the OVF file. FortiGate VM firmware images on the Customer Service & site FTP directory are organized by firmware version, major release, and patch release. The firmware images in the directories follow a specific naming convention and each firmware image is specific to the device model. For example, the FGT_VM32-v500-build0151-FORTINET.out.ovf.zip image found in the v5.0 Patch Release 2 directory is specific to the FortiGate VM 32-bit environment.
You can also the FortiGate Release Notes, FORTINET-FORTIGATE MIB file, FSSO images, and SSL VPN client in this directory. The Fortinet Core MIB file is located in the main FortiGate v5.00 directory.
FortiGate VM Overview
Page 8
FortiGate VM (VMware) Install Guide
To the FortiGate VM .ovf.zip package: 1. In the main page of the Customer Service & site, in the quadrant, select Firmware Images. The Firmware Images page opens. Figure 3: Firmware image page
2. In the Firmware Images page, select FortiGate. 3. Browse to the appropriate directory on the FTP site for the version that you would like to . 4. the .ovf.zip file and FortiGate Release Notes, and save these files to your local computer. 5. Select the .ovf.zip file on your local computer and extract the files to a new file folder. See “Deploy the FortiGate VM OVF file” on page 10 for information on deploying the OVF file to your VMware environment.
FortiGate VM evaluation license FortiGate VM includes a free 15-day trial license that includes all features except FortiGuard updates. The trial period begins the first time you start FortiGate VM. Once the trial expires, functionality is disabled until you a license file.
Technical is not included with the 15-day evaluation.
The 15-day evaluation license limitations include: • Low encryption only. When configuring the port1 interface, you must configure set allowaccess http. • You can not upgrade the firmware, doing so will lock the Web-based Manager until a license is ed.
FortiGate VM Overview
Page 9
FortiGate VM (VMware) Install Guide
FortiGate VM Deployment Once you have ed the FGT_VMxx-v500-build0xxx-FORTINET.out.ovf.zip file and extracted the package contents to a folder on your local computer, you can deploy the OVF package to your VMware environment. The following topics are included in this section: • Deploy the FortiGate VM OVF file • Configure FortiGate VM hardware settings • Power on your FortiGate VM
Deploy the FortiGate VM OVF file To deploy the FortiGate VM OVF template: 1. Launch the VMware vSphere client, enter the IP address or host name of your server, enter your name and and select . The vSphere client home page opens. Figure 4: vSphere client home page
2. Select File > Deploy OVF Template to launch the OVF Template wizard.
FortiGate VM Deployment
Page 10
FortiGate VM (VMware) Install Guide
The OVF Template Source page opens. Figure 5: Source page
3. Select the source location of the OVF file. Select Browse and locate the file folder on your computer. Select the appropriate FortiGate VM OVF file and select Next to continue. The OVF Template Details page opens. Figure 6: Details page
FortiGate VM Deployment
Page 11
FortiGate VM (VMware) Install Guide
4. the OVF template details. This page details the product name, size, size on disk, and description. Select Next to continue. The OVF Template End License Agreement page opens. Figure 7: End license agreement page
5. Read the end license agreement for FortiGate VM. Select Accept and then select Next to continue.
FortiGate VM Deployment
Page 12
FortiGate VM (VMware) Install Guide
The OVF Template Name and Location page opens. Figure 8: Name and location page
6. Enter a name for this OVF template. The name can contain up to 80 characters and it must be unique within the inventory folder. Select Next to continue. The OVF Template Disk Format page opens. Figure 9: Disk format page
FortiGate VM Deployment
Page 13
FortiGate VM (VMware) Install Guide
7. Select one of the following: • Thick Provision Lazy Zeroed: Allocates the disk space statically (no other volumes can take the space), but does not write zeros to the blocks until the first write takes place to that block during runtime (which includes a full disk format). • Thick Provision Eager Zeroed: Allocates the disk space statically (no other volumes can take the space), and writes zeros to all the blocks. • Thin Provision: Allocates the disk space only when a write occurs to a block, but the total volume size is reported by VMFS to the OS. Other volumes can take the remaining space. This allows you to float space between your servers, and expand your storage when your size monitoring indicates there is a problem. Note that once a Thin Provisioned block is allocated, it remains on the volume regardless if you have deleted data, etc. 8. Select Next to continue. The OVF Template Network Mapping page opens. Figure 10:Network mapping page
9. Map the networks used in this OVF template to networks in your inventory. Network 1 maps to port1 of the FortiGate VM. You must set the destination network for this entry to access the device console. Select Next to continue.
FortiGate VM Deployment
Page 14
FortiGate VM (VMware) Install Guide
The OVF Template Ready to Complete page opens. Figure 11:Ready to complete page
10.Review the template configuration. To power on the FortiGate VM select the checkbox beside Power on after deployment. It is recommended to configure the FortiGate VM hardware settings prior to powering on the FortiGate VM. 11.Select Finish to deploy the OVF template. You will receive a Deployment Completed Successfully dialog box once the FortiGate VM OVF template wizard has finished.
Configure FortiGate VM hardware settings Before powering on your FortiGate VM you must configure the virtual memory, virtual U, and virtual disk configuration to match your FortiGate VM license. See Table 1 on page 6 for FortiGate VM model information.
Power on your FortiGate VM You can now proceed to power on your FortiGate VM. Select the name of the FortiGate VM you deployed in the inventory list and select Power on the virtual machine in the Getting Started tab. Optionally, you can select the name of the FortiGate VM you deployed, right-click and select Power > Power On.
FortiGate VM Deployment
Page 15
FortiGate VM (VMware) Install Guide
FortiGate VM Initial Configuration Before you can connect to the FortiGate VM Web-based Manager you must configure the port1 IP address and netmask via the console tab on your vSphere client. Once configured, you can connect to the FortiGate VM Web-based Manager and the FortiGate VM license file that you ed from the Customer Service & website. The following topics are included in this section: • FortiGate VM console access • Connect to the FortiGate VM Web-based Manager • the FortiGate VM license file • Configure your FortiGate VM
FortiGate VM console access To enable Web-based Manager access to the FortiGate VM you must configure the port1 IP address and netmask of the FortiGate VM in the vSphere Client Console tab. To configure the port1 IP address: 1. In the Inventory list, select the FortiGate VM that you deployed. In the Getting Started tab select Power on the virtual machine. Optionally, you can right-click the FortiGate VM and select Power > Power On. 2. Select the Console tab. The Console window appears Figure 12:FortiGate VM console access
FortiGate VM Initial Configuration
Page 16
FortiGate VM (VMware) Install Guide
3. At the FortiGate VM prompt enter the name and . The default is no . 4. To configure the port1 IP address and netmask, enter the following CLI commands: config system interface edit port1 set ip
5. To configure the default gateway, enter the following CLI commands: config router static edit 1 set device port1 set gateway
You must configure the default gateway with an IPv4 address. FortiGate VM needs to access the Internet to the FortiGuard Distribution Network (FDN) to validate its license.
6. To configure your DNS servers, enter the following CLI commands: config system dns set primary
The default DNS servers are 208.91.112.53 and 208.91.112.52.
7. To the FortiGate VM license from an FTP or TFTP server, use the following CLI command: execute restore vmlicense {ftp | tftp}
You can also the license in the FortiGate VM Web-based Manager. See “ the FortiGate VM license file” on page 18.
FortiGate VM Initial Configuration
Page 17
FortiGate VM (VMware) Install Guide
Connect to the FortiGate VM Web-based Manager Once you have configured the port1 IP address and netmask, launch a web browser and enter the IP address you configured for port1. At the page, enter the name and field and select . The default is no . The Web-based Manager will appear with an Evaluation License dialog box, see Figure 13. Figure 13:Web-based Manager and Evaluation License dialog box
the FortiGate VM license file Every Fortinet VM includes a 15-day trial license. During this time the FortiGate VM operates in evaluation mode. Before using the FortiGate VM you must enter the license file that you ed from the Customer Service & website upon registration. To the FortiGate VM licence file: 1. In the Evaluation License dialog box, select Enter License. You can also the license file via the CLI using the following CLI command: execute restore vmlicense [ftp | tftp]
FortiGate VM Initial Configuration
Page 18
FortiGate VM (VMware) Install Guide
The license page opens. Figure 14:License page
2. Select Browse and locate the license file (.lic) on your computer. Select OK to the license file. 3. Refresh the browser to . 4. Enter in the Name field and select . The VM registration status appears as valid in the License Information widget once the license has been validated by the FortiGuard Distribution Network (FDN) or FortiManager for closed networks.
Validate the FortiGate VM license with FortiManager You can validate your FortiGate VM license with your FortiManager device. To validate your FortiGate VM with your FortiManager: 1. To configure your FortiManager as a closed network, enter the following CLI command on your FortiManager: config fmupdate publicnetwork set status disable end 2. To configure FortiGate VM to use FortiManager as its override server, enter the following CLI commands on your FortiGate VM: config system central-management set mode normal set type fortimanager set fmg
Page 19
FortiGate VM (VMware) Install Guide
set vdom <Enter the name of the VDOM to use when communicating with the FortiManager device> end 3. Load the FortiGate VM license file in the Web-based Manager. Go to System > Dashboard > Status. In the License Information widget, in the Registration Status field, select Update. Browse for the .lic license file and select OK. 4. To activate the FortiGate VM license, enter the following CLI command on your FortiGate VM: execute update-now 5. To check the FortiGate VM license status, enter the following CLI commands on your FortiGate VM: get system status The following output is displayed: Version: Fortigate-VM v5.0,build0099,120910 (Interim) Virus-DB: 15.00361(2011-08-24 17:17) Extended DB: 15.00000(2011-08-24 17:09) Extreme DB: 14.00000(2011-08-24 17:10) IPS-DB: 3.00224(2011-10-28 16:39) FortiClient application signature package: 1.456(2012-01-17 18:27) Serial-Number: FGVM02Q105060000 License Status: Valid BIOS version: 04000002 Log hard disk: Available Hostname: Fortigate-VM Operation Mode: NAT Current virtual domain: root Max number of virtual domains: 10 Virtual domains status: 1 in NAT mode, 0 in TP mode Virtual domain configuration: disable FIPS-CC mode: disable Current HA mode: standalone Distribution: International Branch point: 511 Release Version Information: MR3 Patch 4 System time: Wed Jan 18 11:24:34 2012 diagnose hardware sysinfo vm full The following output is displayed: UUID: 564db33a29519f6b1025bf8539a41e92 valid: 1 status: 1 code: 200 (If the license is a duplicate, code 401 will be displayed) warn: 0 copy: 0 received: 45438 warning: 0 recv: 201201201918 dup: FortiGate VM Initial Configuration
Page 20
FortiGate VM (VMware) Install Guide
Configure your FortiGate VM Once the FortiGate VM license has been validated you can begin to configure your device. You can use the Wizard located in the top toolbar for basic configuration including enabling central management, setting the , setting the time zone, and port configuration. For more information on configuring your FortiGate VM see the FortiOS Handbook at http://docs.fortinet.com.
FortiGate VM Initial Configuration
Page 21
FortiGate VM (VMware) Install Guide
More Documents from "Hoang NguyenHuy" 2k1e1e
Fortigate-vm 1a1ou
November 2019 47
Process Dynamics And Control - Seborg.pdf 6d335t
November 2019 187
Astm B443 6b3l4n
April 2023 0
Health Show Note - Kien Tran 61411o
January 2021 0
11482j
December 2019 162