Contents
Introduction
Document conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
IP addresses . . . . . . . . . . .
Example Network configuration .
Cautions, Notes and Tips . . . .
Typographical conventions . . . .
CLI command syntax conventions
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
5
6
8
8
8
10
.
.
.
.
10
11
11
11
11
12
Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12
12
12
12
12
FortiGate-VM
15
Installing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
16
Installing FortiGate-VM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
Downloading FortiGate-VM . . . . . . . . . . . . . . . . . . . . . . . . . .
Deploying the FortiGate-VM software . . . . . . . . . . . . . . . . . . . . . . .
17
17
Logging in. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
17
18
18
18
Powering on FortiGate-VM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
19
19
.
.
.
.
.
.
.
.
.
Contents
Introduction
Welcome and thank you for selecting Fortinet products for your network protection.
The firewall policies are the key component of FortiOS that allows, or disallows, traffic to
and from your network. It is through the firewall policies you define who, what and when
traffic goes between networks and the Internet.
This guide describes the basics of installing FortiGate-VM on a virual server and steps to
configure the basics.
This chapter contains the following topics:
Document conventions
Training
Documentation
Introduction
Document conventions
Document conventions
Fortinet technical documentation uses the conventions described below.
IP addresses
To avoid publication of public IP addresses that belong to Fortinet or any other
organization, the IP addresses used in Fortinet technical documentation are fictional and
follow the documentation guidelines specific to Fortinet. The addresses used are from the
private IP address ranges defined in RFC 1918: Address Allocation for Private Internets,
available at http://ietf.org/rfc/rfc1918.txt?number-1918.
Most of the examples in this document use the following IP addressing:
A - can be one of 192, 172, or 10 - the non-public addresses covered in RFC 1918.
Branch number can be 0xx, 1xx, 2xx - 0 is Head office, 1 is remote, 2 is other.
Device or virtual device - allows multiple FortiGate units in this address space
(VDOMs).
C - interface - FortiGate units can have up to 40 interfaces, potentially more than one
on the same subnet
The following gives 16 reserved, 140 users, and 100 servers in the subnet.
001 - 009 - reserved for networking hardware, like routers, gateways, etc.
190 - 199 - Other non-Fortinet servers (NAS, SQL, DNS, DDNS, etc.)
Document conventions
The following table shows some examples of how to choose an IP number for a device
based on the information given. For internal and dmz, it is assumed in this case there is
only one interface being used.
Table 1: Examples of the IP numbering
Location and device
Internal
Dmz
External
10.011.101.100
10.011.201.100
172.20.120.191
10.012.101.100
10.012.201.100
172.20.120.192
10.021.101.100
10.021.201.100
172.20.120.193
10.079.101.100
10.079.101.100
172.20.120.194
n/a
10.031.201.110
n/a
10.0.11.101.200
n/a
n/a
n/a
n/a
172.20.120.195
Document conventions
Linux PC
10.11.101.20
T 1.1
IN .1
10
01
.1
FortiWiFi-80CM
01
Windows PC
10.11.101.10
Internal network
10
10
1.
t2
or 2
P 10
1.
.1
od
rm
ff e 4 1
ni .1
(s 20
t 1 .1
or 0
P 2.2
17
10
1
t 2 10
or .
P .11
10
1.
.1
Switch
FortiGate-82C
30
e)
t2
or 0
P .10
1
10
.1
FortiAnalyzer-100B
10
1
P
o
(m rt
irr 8
or
of
14
po
0.
rts
an
17
3)
2
t 1 .1
or 0
P 2.2
t1
or 0
P .11
1
10
1.
.1
t2
or 3
P nd
a
FortiGate-620B
HA cluster
or
t1
FortiMail-100C
Switch
H
ea
d
of
fic
e
t 1 10
or .
P .21
10
1.
10
FortiGate-3810A
17
Linux PC
10.21.101.10
2.
.1
20
al 1.
rn 0
te .1
In .31
10
fic
of
fic
of
nc
ra
nc
ra
1
N
A 2
W .12
20
10
FortiGate-51B
P
10 ort
.2 1
1.
10
1
.1
60
0
Windows PC
10.31.101.10
10
.2
2.
10 Po
1. rt
10 4
0
FortiManager-3000B
Cluster
Port 1: 10.21.101.102
FortiGate-5005FA2
Port 1: 10.21.101.102
FortiGate-5005FA2
Port 1: 10.21.101.103
FortiSwitch-5003A
Port 1: 10.21.101.161
FortiGate-5050-SM
Port 1: 10.21.101.104
Engineering network
10.22.101.0
Document conventions
Note: Presents useful information, but usually focused on an alternative, optional method,
such as a shortcut, to perform a step.
Tip: Highlights useful additional information, often tailored to your workplace activity.
Typographical conventions
Fortinet documentation uses the following typographical conventions:
Table 2: Typographical conventions in Fortinet technical documentation
Convention
Example
Button, menu, text box, From Minimum log level, select Notification.
field, or check box label
CLI input
CLI output
Emphasis
File content
<HTML><HEAD><TITLE>Firewall
Authentication</TITLE></HEAD>
<BODY><H4>You must authenticate to use this
service.</H4>
Hyperlink
Keyboard entry
Navigation
Publication
Document conventions
Description
Square brackets [ ]
Description
Curly braces { }
Options
delimited by
vertical bars |
Options
delimited by
spaces
10
11
Training
Fortinet Training Services provides courses that orient you quickly to your new equipment,
and certifications to verify your knowledge level. Fortinet provides a variety of training
programs to serve the needs of our customers and partners world-wide.
To learn about the training services that Fortinet provides, visit the Fortinet Training
Services web site at http://campus.training.fortinet.com, or email training@fortinet.com.
Documentation
The Fortinet Technical Documentation web site, http://docs.fortinet.com, provides the
most up-to-date versions of Fortinet publications, as well as additional technical
documentation such as technical notes.
In addition to the Fortinet Technical Documentation web site, you can find Fortinet
technical documentation on the Fortinet Tools and Documentation CD, and on the Fortinet
Knowledge Center.
12
13
14
FortiGate-VM
FortiGate-VM works in conjunction with VMware vSphere to leverage the power of
virtualization to protect your business against network, content, and application-level
threats, without degrading network availability and uptime.
FortiGate-VM runs on the VMware ESX/ESXi server and is managed using the Web
Config GUI running on the management computer.
Figure 2: FortiGate-VM architecture.
iG
ua
rvi
ce
re
ES
erv
er
-VM
ate
rtiG
Fo
Vir
tua
l sw
i tc
h
VL
M
2
AN
t
pu
om
t C IC
en al N
em sic
ag hy
an P
VL
AN
rt
Fo
e
dS
a
Mw
S
Xi
AN
er
VL
15
Installing
FortiGate-VM
Installing
Before using FortiGate-VM, you need to install the VMware vSphere Hypervisor
(ESX/ESXi) server to host the FortiGate-VM device. The installation instructions for
FortiGate-VM assume you are familiar with VMware ESXi server and terminology.
VMware vSphere Hypervisor (ESX/ESXi) software must be installed prior to installing
FortiGate-VM.
Table 4: FortiGate-VM requirements.
Requirement
Value
Memory
CPU
10/100/1000 Interfaces
10 GB E Interface
Supported
Storage
A minimum of 30GB
Caution: VMware Player, VMware Fusion and VMware Workstation maybe used for
evaluation purposes, however they are not supported by Fortinet.
Licensing
When you placed an order for FortiGate-VM, a registration number is sent to the email
address used on the order form. Use the registration number provided when you
purchased FortiGate-VM to register at www.support.fortinet.com to obtain a license file.
You will need this file to activate FortiGate-VM.
For a new installations, the CLI and web-based manager are locked until you load the
license file. Once loaded and validated by FortiGuard services, the CLI and web-based
manager are unlocked and fully functional.
If FortiGuard discovers that the license has expired, pirated, or cloned, FortiGuard returns
an invalid status back to the FortiGate-VM and the device remains in locked state.
16
FortiGate-VM
Installing FortiGate-VM
Installing FortiGate-VM
Ensure the following prerequisites are met before installing FortiGate-VM:
Downloading FortiGate-VM
When you purchase FortiGate-VM, you will be provided a link to download the VM
software. From the link provided by Fortinet, save the FGT_VM-v400-buildxxxxFORTINET.out.ovf.zip file to the management computer and extract the files to a folder.
The files in the folder include:
1 Extract the zipped files to a folder. The following table describes the files in the folder:
Filename
Description
datadrive.vmdk
Virtual disk.
FortiGate-VM.hw04.ovf
FortiGate-VM.ovf
fgt.vmdk
Virtual disk.
Logging in
After installing the FortiGate-VM, log in and configure the FortiGate-VM.
To log in to the FortiGate-VM:
1 Open the vSphere client.
2 Enter the IP address, user name, and password and click Login.
3 When you login, the first screen shows the Getting Started tab. From here you can:
Select the + (plus) sign to see the FortiGate-VM you added during deployment.
Select Edit virtual machine settings to edit details of the CPUs, interfaces, video
cards and other hardware information.
17
FortiGate-VM
Note: If you want to configure the ports on the ESXi server, Do not power on the
FortiGate-VM.
FortiGate-VM OS Port
eth0
VM Network 1
Network Adapter 1
Port 1
eth1
VM Network 2
Network Adapter 2
Port 2
18
FortiGate-VM
Powering on FortiGate-VM
Powering on FortiGate-VM
Once FortiGate-VM has been deployed, you can power on the virtual machine and log in
using the Console. In the Console, you are limited to depth of CLI commands available for
set up until a valid license is entered through the Web-based manager. You can configure
the internal interface, system DNS, and the static router.
To power on FortiGate-VM:
1 Open the vSphere Client and enter the IP address, user name, and password and
select Login.
2 Select the FortiGate-VM.
3 In the Getting Started tab, select Power on the virtual machine.
4 Select the Console tab.
It may take a few minutes for the FortiGate-VM software to format.
5 At the FortiGate-VM login prompt, enter admin. There is no password.
6 Configure the FortiGate internal interface. Type:
config system interface
edit port1
set ip <intf_ip><netmask_ip>
end
7 Configure the primary and secondary DNS server IP addresses. Type:
config system dns
set primary <dns-server_ip>
set secondary <dns-server_ip>
end
8 Configure the default gateway. Type:
config router static
edit 1
set device port1
set gateway <gateway_ip>
end
Note: To access the web-based manager enter the IP address using HTTPS. For example,
https://192.168.1.99.
19
FortiGate-VM
For more information on how to set up and use the FortiGate-VM features, see the
FortiOS Handbook or visit http://docs.fortinet.com/fgt.html for all FortiOS documentation.
20