To download the FortiGate VM deployment package: In the main page of the Customer Service & Support site, select Download Firmware Images. The Firmware Images page opens. In the Firmware Images page, select FortiGate. Browse to the appropriate directory on the FTP site for the version that you would like to download.
FortiGate VM Initial Configuration
Before you can connect to the FortiGate VM web-based manager you must configure a network interface in the FortiGate VM console. Once an interface with administrative access is configured, you can connect to the FortiGate VM web-based Manager and upload the FortiGate VM license file that you downloaded from the Customer Service & Support website.
The following topics are included in this section: Set FortiGate VM port1 IP address
- Connect to the FortiGate VM Web-based Manager
- Upload the FortiGate VM license file
- Validate the FortiGate VM license with FortiManager
- Configure your FortiGate VM
Set FortiGate VM port1 IP address
Hypervisor management environments include a guest console window. On the FortiGate VM, this provides access to the FortiGate console, equivalent to the console port on a hardware FortiGate unit. Before you can access the Web-based manager, you must configure FortiGate VM port1 with an IP address and administrative access.
To configure the port1 IP address:
1. In your hypervisor manager, start the FortiGate VM and access the console window.
You might need to press Return to see a login prompt.
Example of FortiGate VM console access:
2. At the FortiGate VM login prompt enter the username admin. By default there is no password. Just press Return.
3. Using CLI commands, configure the port1 IP address and netmask. Also, HTTP access must be enabled because until it is licensed the FortiGate VM supports only low-strength encryption. HTTPS access will not work.
For example:
config system interface edit port1
set ip 192.168.0.100 255.255.255.0 append allowaccess http
end
You can also use the append allowaccess CLI command to enable other access protocols, such as auto-ipsec, http, probe-response, radius-acct, snmp, and telnet. The ping, https, ssh, and fgfm protocols are enabled on the port1 interface by default.
4. To configure the default gateway, enter the following CLI commands:
config router static edit 1
set device port1
end
set gateway <class_ip>
You must configure the default gateway with an IPv4 address. FortiGate VM needs to access the Internet to contact the FortiGuard Distribution Network (FDN) to validate its license.
5. To configure your DNS servers, enter the following CLI commands:
config system dns
set primary <Primary DNS server>
set secondary <Secondary DNS server>
end
The default DNS servers are 208.91.112.53 and 208.91.112.52.
![Download fortigate vm for vmware workstation Download fortigate vm for vmware workstation](https://media.cackle.me/f/89/afff154ae78a33324b6db9044b4b089f.png)
6. To upload the FortiGate VM license from an FTP or TFTP server, use the following CLI command:
execute restore vmlicense {ftp | tftp} <VM license file name> <Server IP or FQDN> [:server port]
You can also upload the license in the FortiGate VM Web-based Manager. See Set FortiGate VM port1 IP address on page 2728.
Web–based Manager and Evaluation License dialog box
Connect to the FortiGate VM Web-based Manager
When you have configured the port1 IP address and netmask, launch a web browser and enter the IP address that you configured for port1. At the login page, enter the username admin and password field and select Login. The default password is no password. The Web-based Manager will appear with an Evaluation License dialog box.
Upload the FortiGate VM license file
Every Fortinet VM includes a 15-day trial license. During this time the FortiGate VM operates in evaluation mode. Before using the FortiGate VM you must enter the license file that you downloaded from the Customer Service & Support website upon registration.
To upload the FortiGate VM licence file:
1. In the Evaluation License dialog box, select Enter License.
You can also upload the license file via the CLI using the following CLI command:
execute restore vmlicense [ftp | tftp] <filenmame string>
<ftp server>[:ftp port]
The license upload page opens.
License upload page:
2. Select Browse and locate the license file (.lic) on your computer. Select OK to upload the license file.
3. Refresh the browser to login.
4. Enter admin in the Name field and select Login. The VM registration status appears as valid in the License Information widget once the license has been validated by the FortiGuard Distribution Network (FDN) or FortiManager for closed networks.
Validate the FortiGate VM license with FortiManager
You can validate your FortiGate VM license with some models of FortiManager. To determine whether your FortiManager unit has the VM Activation feature, see Features section of the FortiManager Product Data sheet.
To validate your FortiGate VM with your FortiManager:
1. To configure your FortiManager as a closed network, enter the following CLI command on your FortiManager:
config fmupdate publicnetwork set status disable
end
2. To configure FortiGate VM to use FortiManager as its override server, enter the following CLI commands on your
FortiGate VM:
config system central-management set mode normal
set type fortimanager
set fmg <IPv4 address of the FortiManager device>
set fmg-source-ip <Source IPv4 address when connecting to the FortiManager device>
set include-default-servers disable
set vdom <Enter the name of the VDOM to use when communicating with the FortiManager device>
end
3. Load the FortiGate VM license file in the Web-based Manager. Go to System > Dashboard > Status. In the License Information widget, in the Registration Status field, select Update. Browse for the .lic license file and select OK.
4. To activate the FortiGate VM license, enter the following CLI command on your FortiGate VM:
execute update-now
5. To check the FortiGate VM license status, enter the following CLI commands on your FortiGate VM:
get system status
The following output is displayed:
Version: Fortigate-VM v5.0,build0099,120910 (Interim) Virus-DB: 15.00361(2011-08-24 17:17)
Extended DB: 15.00000(2011-08-24 17:09) Extreme DB: 14.00000(2011-08-24 17:10) IPS-DB: 3.00224(2011-10-28 16:39)
FortiClient application signature package: 1.456(2012-01-17 18:27) Serial-Number: FGVM02Q105060000
License Status: Valid
BIOS version: 04000002
Log hard disk: Available Hostname: Fortigate-VM Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable Current HA mode: standalone Distribution: International Branch point: 511
Release Version Information: MR3 Patch 4
System time: Wed Jan 18 11:24:34 2012
diagnose hardware sysinfo vm full
The following output is displayed: UUID: 564db33a29519f6b1025bf8539a41e92 valid: 1
status: 1
code: 200 (If the license is a duplicate, code 401 will be displayed)
warn: 0 copy: 0 received: 45438 warning: 0
recv: 201201201918 dup:
Configure your FortiGate VM
nce the FortiGate VM license has been validated you can begin to configure your device. You can use the Wizard located in the top toolbar for basic configuration including enabling central management, setting the admin password, setting the time zone, and port configuration.
For more information on configuring your FortiGate VM see the FortiOS Handbook at http://docs.fortinet.com.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU
In this post we describe how to run Fortigate FW VM appliance inside of the GNS3 (local or remote).
Prerequisities and environment
- GNS3
- In my case of version 2.1.1 running on a remote linux server (physical HW, not GSN3 VM).
- Fortigate VM Image for KVM
- In my case FortiGate for KVM platform Version 6.2.
- Download from HERE using Fortigate.ONE account (may create for free).
- GNS3 Fortigate Appliance
- Download from HERE.
Note: FortiGate VM evaluation license
FortiGate VM includes a limited embedded 15-day trial license that supports:
- 1 CPU maximum
- 1024 MB memory maximum
- low encryption only (no HTTPS administrative access)
- all features except FortiGuard updates
- You cannot upgrade the firmware, doing so will lock the Web-based Manager until a license is uploaded. Technical support is not included. The trial period begins the first time you start FortiGate VM. After the trial license expires, functionality is disabled until you upload a license file.
Steps
There are only few steps and the process is straightforward:
- Download and save the fortigate VM image.
- Import appliance into GNS3.
- Run a project and use the appliance!
Step 1) Download the Fortigate VM Image
- Go on the Fortinet support page and login. To proceed you need a Fortinet.ONE account (available to create and register for free).
- Then use the menu Download -> VM Images.
- Select Product -> Fortigate
- Select Platform -> KVM and download
- Select version
- And download ” New deployment of FortiGate for KVM …. ” not the “Upgrade from previous version …”
- Downloaded zip file contains the only one file -> fortios.qcow2
- We may uncompress it somewhere on our PC, I prefer your Download folder which the GSN3 appliance will search through.
Step 2) Import the image into GNS3
- Download the GNS3 Fortinet appliance at
https://www.gns3.com/marketplace/appliance/fortigate and place it into your download folder. The file is named fortigate.gns3a. - Start your GNS3 software
- Import the GNS3 appliance, into the GNS3 software. It requires
- Click File and then Import appliance
- Goto your Downloads folder, select the Fortigate appliance and then click Open
- The Add appliance window will display where click Next
- Now we need to select the Server type used. From the official GNS3 tutorial the GNS3 VM is recommended and it should work. However, we are using remote GNS3 server so only this option is available in our case, so no selection and click Next
- GSN3 will check some requirements and if they are OK, we may click Next
- Now the GNS3 will search various directories, including our Download directory, to attempt to find the correct image ( in our case
fortios.qcow2, which we put there). GNS3 has found it with the version of operating system file.
- As we may see, for FortiGate 6.2.0 it found the qcow2 file {the line with FGT_VM….), but the file named “empty30G.qcow2” is missing.
- Now we cannot proceed, because the import will terminate with the message “Sorry you can not install FortiGate with missing files”.
- Therefore select within of the Add appliance window the line with empty30G.qcow2 file and click on the Download. button (bottom left.) .
- The GNS3 will direct you to the web page, from which we may download the file and save it into Download directory too.
- Now we may select the version of file to install (in our case 6.2.0) and then click Next.
- And then click on Yes
- As the next step GNS3 will ask for the version of Qemu Binary, which is X86_64 in our case
- Inform us about the machine import summary, click Next
- Than it tell us that the machine is using the default username admin with empty password
- click Next
- and it finish the import process. Now we have finished.
- The Fortigate VM we may see either between the list of Qemu machine (Edit -> Preferences -> Qemu -> Qemu VMs)
- or between all All devices
Step 3) Run the project and use the appliance!
- Now we may start to use our Fortigate, so open a new project, simply drug the device onto your GNS3 Workspace and start it.
- Opening the console we may see that the FG is booting
- And after putting correct username/pass (admin and empty) we are in!
Notes: Once you create a GNS3 project with this Forti VM and you did first login, elapsing 15days the VM will block you and you are unable to login again. However, you may drop/delete VM and create a new one and another 15 days are available again.