The following topics are included in this section:
FortiGate VM models and licensing
Registering FortiGate VM with Customer Service & Support
Downloading the FortiGate VM deployment package
Deployment package contents
Deploying the FortiGate VM appliance
FortiGate VM models and licensing
Fortinet offers the FortiGate VM in five virtual appliance models determined by license. When configuring your FortiGate VM, be sure to configure hardware settings within the ranges outlined below. Contact your Fortinet Authorized Reseller for more information.
FortiGate VM model information
Technical Specification | FG-VM00 | FG-VM01 | FG-VM02 | FG-VM04 | FG-VM08 |
Virtual CPUs (min / max) | 1 / 1 | 1 / 1 | 1 / 2 | 1 / 4 | 1 / 8 |
Virtual Network Interfaces (min / max) | 2 / 10 | ||||
Virtual Memory (min / max) | 1GB / 1GB | 1GB / 2GB | 1GB / 4GB | 1GB / 6GB | 1GB /12GB |
Virtual Storage (min / max) | 32GB / 2TB | ||||
Managed Wireless APs (tunnel mode / global) | 32 / 32 | 32 / 64 | 256 / 512 | 256 / 512 | 1024 / 4096 |
Virtual Domains (default / max) | 1 / 1 | 10 / 10 | 10 / 25 | 10 / 50 | 10 / 250 |
After placing an order for FortiGate VM, a license registration code is sent to the email address used on the order form. Use the registration number provided to register the FortiGate VM with Customer Service & Support and then download the license file. Once the license file is uploaded to the FortiGate VM and validated, your FortiGate VM appliance is fully functional.
10
FortiGate VM Overview Registering FortiGate VM with Customer Service & Support
The number of Virtual Network Interfaces is not solely dependent on the FortiGate VM. Some virtual environments have their own limitations on the number of interfaces allowed. As an example, if you go to https://docs.microsoft.com/en-us/azure/virtualnetwork/virtual-networks-multiple-nics, you will find that Azure has its own restrictions for VMs, depending on the type of deployment or even the size of the VM.
FortiGate VM evaluation license
FortiGate VM includes a limited embedded 15-day trial license that supports: l 1 CPU maximum l 1024 MB memory maximum
l low encryption only (no HTTPS administrative access) l all features except FortiGuard updates
You cannot upgrade the firmware, doing so will lock the Web-based Manager until a license is uploaded. Technical support is not included. The trial period begins the first time you start FortiGate VM. After the trial license expires, functionality is disabled until you upload a license file.
Registering FortiGate VM with Customer Service & Support
To obtain the FortiGate VM license file you must first register your FortiGate VM with CustomerService& Support.
To register your FortiGate VM:
- Log in to the Customer Service & Support portal using an existing support account or select Sign Up to create a new account.
- In the main page, under Asset, select Register/Renew.
The Registration page opens.
- Enter the registration code that was emailed to you and select Register. A registration form will display.
- After completing the form, a registration acknowledgement page will appear.
- Select the License File Download
- You will be prompted to save the license file (.lic) to your local computer. See “Upload the license file” for instructions on uploading the license file to your FortiGate VM via the Web-based Manager.
Downloading the FortiGate VM deployment package
FortiGate VM deployment packages are included with FortiGate firmware images on the CustomerService& Support site. First, see the following table to determine the appropriate VM deployment package for your VM platform.
Downloading the FortiGate VM deployment package
Selecting the correct FortiGate VM deployment package for your VM platform
VM Platform | FortiGate VM Deployment File |
Citrix XenServer v5.6sp2, 6.0 and later | FGT_VM64-v500-buildnnnn-FORTINET. out.CitrixXen.zip |
OpenXen v3.4.3, 4.1 | FGT_VM64-v500-buildnnnn-FORTINET. out.OpenXen.zip |
Microsoft Hyper-V Server 2008R2 and 2012 | FGT_VM64-v500-buildnnnn-FORTINET. out.hyperv.zip |
KVM (qemu 0.12.1) | FGT_VM64-v500-buildnnnn-FORTINET. out.kvm.zip |
VMware ESX 4.0, 4.1 ESXi 4.0/4.1/5.0/5.1/5.5 | FGT_VM32-v500-buildnnnn-FORTINET. out.ovf.zip (32-bit) FGT_VM64-v500-buildnnnn-FORTINET. out.ovf.zip |
For more information see the FortiGate product datasheet available on the Fortinet web site, http://www.fortinet.com/products/fortigate/virtualappliances.html.
The firmware images FTP directory is organized by firmware version, major release, and patch release. The firmware images in the directories follow a specific naming convention and each firmware image is specific to the device model. For example, the FGT_VM32-v500-build0151-FORTINET.out.ovf.zip image found in the v5.0 Patch Release 2 directory is specific to the FortiGate VM 32-bit environment.
You can also download the FortiOS Release Notes, FORTINET-FORTIGATE MIB file, FSSO images, and SSL VPN client in this directory. The Fortinet Core MIB file is located in the main FortiGate v5.00 directory.
To download the FortiGate VM deployment package:
- In the main page of the Customer Service & Support site, select Download > Firmware Images.
The Firmware Images page opens.
- In the Firmware Images page, select FortiGate.
- Browse to the appropriate directory on the FTP site for the version that you would like to download.
- Download the appropriate .zip file for your VM server platform.
You can also download the FortiGate Release Notes.
- Extract the contents of the deployment package to a new file folder.
FortiGate VM Overview Deployment package contents
Deployment package contents
Citrix XenServer
The FORTINET.out.CitrixXen.zip file contains:
- vhd: the FortiGate VM system hard disk in VHD format l fortios.xva: binary file containing virtual hardware configuration settings l in the ovf folder:
- FortiGate-VM64.ovf: Open Virtualization Format (OVF) template file, containing virtual hardware settings for
Xen l fortios.vmdk: the FortiGate VM system hard disk in VMDK format l datadrive.vmdk: the FortiGate VM log disk in VMDK format
The ovf folder and its contents is an alternative method of installation to the .xva and VHD disk image.
OpenXEN
The FORTINET.out.OpenXen.zip file contains only fortios.qcow2, the FortiGate VM system hard disk in qcow2 format. You will need to manually:
l create a 32GB log disk l specify the virtual hardware settings
Microsoft Hyper-V
The FORTINET.out.hyperv.zip file contains:
- in the Virtual Hard Disks folder:
- vhd: the FortiGate VM system hard disk in VHD format l DATADRIVE.vhd: the FortiGate VM log disk in VHD format
- In the Virtual Machines folder:
- xml: XML file containing virtual hardware configuration settings for Hyper-V. This is compatible with Windows Server 2012.
- Snapshots folder: optionally, Hyper-V stores snapshots of the FortiGate VM state here
KVM
The FORTINET.out.kvm.zip contains only fortios.qcow2, the FortiGate VM system hard disk in qcow2 format. You will need to manually:
l create a 32GB log disk l specify the virtual hardware settings
VMware ESX/ESXi
You will need to create a 32GB log disk.
Deploying the FortiGate VM appliance
The FORTINET.out.ovf.zip file contains:
- vmdk: the FortiGate VM system hard disk in VMDK format l datadrive.vmdk: the FortiGate VM log disk in VMDK format l Open Virtualization Format (OVF) template files:
- FortiGate-VM64.ovf: OVF template based on Intel e1000 NIC driver l FortiGate-VM64.hw04.ovf: OVF template file for older (v3.5) VMware ESX server l FortiGate-VMxx.hw07_vmxnet2.ovf: OVF template file for VMware vmxnet2 driver l FortiGate-VMxx.hw07_vmxnet3.ovf: OVF template file for VMware vmxnet3 driver
Deploying the FortiGate VM appliance
Prior to deploying the FortiGate VM appliance, the VM platform must be installed and configured so that it is ready to create virtual machines. The installation instructions for FortiGate VM assume that
- You are familiar with the management software and terminology of your VM platform.
- An Internet connection is available for FortiGate VM to contact FortiGuard to validate its license or, for closed environments, a FortiManager can be contacted to validate the FortiGate VM license. See “Validate the FortiGate VM license with FortiManager”.
For assistance in deploying FortiGate VM, refer to the deployment chapter in this guide that corresponds to your VMware environment. You might also need to refer to the documentation provided with your VM server. The deployment chapters are presented as examples because for any particular VM server there are multiple ways to create a virtual machine. There are command line tools, APIs, and even alternative graphical user interface tools.
Before you start your FortiGate VM appliance for the first time, you might need to adjust virtual disk sizes and networking settings. The first time you start FortiGate VM, you will have access only through the console window of your VM server environment. After you configure one FortiGate network interface with an IP address and administrative access, you can access the FortiGate VM web-based manager.
After deployment and license validation, you can upgrade your FortiGate VM appliance’s firmware by downloading either FGT_VM32-v500-buildnnnn-FORTINET.out (32-bit) or FGT_VM64-v500-buildnnnnFORTINET.out (64-bit) firmware. Firmware upgrading on a VM is very similar to upgrading firmware on a hardware FortiGate unit.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU
Custom FortiClient Installations
The FortiClient Configurator tool FortiClient is the recommended method of creating customized FortiClient installation files.
You can also customize which modules are displayed in the FortiClient dashboard in the FortiClient Profile. This will allow you to activate any of the modules at a later date without needing to re-install FortiClient. Any changes made to the FortiClient Profile are pushed to registered clients.
When creating VPN only installation files, you cannot enable other modules in the FortiClient Profile as only the VPN module is installed.
When deploying a custom FortiClient XML configuration, use the advanced FortiClient Profile options in FortiGate to ensure the FortiClient Profile settings do not overwrite your custom XML settings. For more information, see the FortiClient XML Reference and the CLI Reference forFortiOS.
The FortiClient Configurator tool is included with the FortiClient Tools file in FortiClient 5.2. This file is only available on the Customer Service & Support portal and is located in the same file directory as the FortiClient images.
The Configurator tool requires activation with a license file. Ensure that you have completed the following steps prior to logging in to your FortiCare product web portal:
- Purchased FortiClient Registration License l Activated the FortiClient license on a FortiGate
This video explains how to purchase and apply a FortiClient License: http://www.youtube.com/watch?feature=player_embedded&v=sIkWaUXK0Ok This chapter contains the following sections:
- Download the license file l Create a custom installer l Custom installation packages l Advanced FortiClient profiles
Download the license file
To retrieve your license file:
- Go to https://support.fortinet.com and log in to your FortiCare account.
- Under Asset select Manage/View Products. Select the FortiGate device that has the FortiClient registration license activated. You will see the Get the Key File link in the Available Key(s)
- Click the link and download license file to your management computer. This file will be needed each time you use the FortiClient Configurator tool.
Create a custom installer
Fortinet offers a repacking tool for both Microsoft Windows and Mac OS X operating systems. The following section provides instructions on creating a custom installer file using the FortiClient Configurator tool.
When selecting to install custom features, only modules selected are installed. To enable other features you will need to uninstall FortiClient, and reinstall an MSI file with these features included in the installer.
FortiClient (Windows) Configurator tool
To create a custom installer using the FortiClient Configurator tool:
- Unzip the FortiClientTools file, select the FortiClientConfigurator file folder, and double-click the exe application file to launch the tool.
The tool opens at the Welcome page.
Licensed | Licensed mode requires a FortiClient license file. |
Trial | In FortiClient 5.4, the FortiClient Configurator tool can be used in trial mode. In trial mode, all online updates are disabled. The trial installer is intended to be deployed in a test environment. |
- Browse and select the FortiClient Configurator Activation Key file (.lic) on your management computer.
- After entering the FortiClient Configurator license, select Next. The Configuration File page is displayed.
Select Config File (optional) | The configuration file (.conf, .sconf) settings will be included in the installer file. |
Password | If the configuration file is encrypted (.sconf), enter the password used to encrypt the file. |
You can use an XML editor to make changes to the FortiClient configuration file. For more information on FortiClient XML configuration, see the FortiClient XML Reference in the Fortinet Document Library, http://docs.fortinet.com.
- Browse and select the FortiClient configuration file on your management computer. This is an optional step. If you do not want to import settings from a configuration file, select Skip to continue. The Settings page is displayed.
The following options are available for custom installations:
Features to Install | |
Everything | All Security and VPN components will be installed. |
Client security only | Only AntiVirus, Web Filtering, and Application Firewall will be installed. |
VPN only | Only VPN components (IPsec and SSL) will be installed. |
Other | Select one of the following from the drop-down list: l AntiVirus & Web Filtering only l Web Filtering only l Application Firewall only l Application Firewall & Web Filtering only l Web Filtering, VPN and Application Firewall l Single Sign-On mobility agent only |
Options | |
Desktop Shortcut | Select to create a FortiClient desktop icon. |
Start Menu | Select to add FortiClient to the start menu. |
Enable Software Update | Select to enable software updates. This option is disabled when Rebrand FortiClient is selected. This option is also disabled when using Trial mode. |
Configure Single Sign-On mobility agent | Select to configure Singe Sign-On mobility agent for use with FortiAuthenticator. |
Features to Install | |
Rebrand FortiClient | Select to rebrand FortiClient. When selected, the option to enable software update is not available. For more information on rebranding FortiClient, see Appendix C – Rebranding FortiClient on page 137. |
- Select the features to install and options and select Next to continue.
If you selected to configure the single sign-on mobility agent, the Single Sign-On Mobility Agent Settings page is displayed.
- Configure the following settings:
Server IP/FQDN | Enter the IP address or FQDN of the FortiAuthenticator server. |
Port Number | Enter the port number. The default port is 8001. |
Pre-Shared Key | Enter the FortiAuthenticator pre-shared key. |
Confirm Pre-Shared Key | Enter the FortiAuthenticator pre-shared key confirmation. |
- Select Next to continue. If you selected to rebrand FortiClient, the Rebranding page is displayed.
- Rebrand FortiClient elements as required. The resources folder contains graphical elements. For more information, see Appendix C – Rebranding FortiClient on page 137.
- Select Next to continue. The Package Signing page is displayed.
- Configure the following settings:
Select Code Signing Certificate (optional) | If you have a code signing certificate, you can use it to digitally sign the installer package this tool generates. |
Password | If the certificate file is password protected, enter the password. |
- Browse and select the code signing certificate on your management computer. This is an optional step. If you do not want to digitally sign the installer package, select Skip to continue. The Execution page is displayed.
This page provides details of the installer file creation and the location of files for Active Directory deployment and manual distribution. The tool creates files for both 32-bit (x86) and 64-bit (x64) operating systems.
- When you select Finish, if Browse to output MSI file upon exit is selected, the folder containing the newly created MSI file will open.
Before deploying the custom MSI files, it is recommended that you test the packages to confirm that they install correctly. In FortiClient 5.2.0 and later, an .exe installation file is created for manual distribution.
Installation files are organized in folders within the FortiClientTools > FortiClient Configurator > FortiClient repackaged folder. Folder names identify the type of installation files that were created and the creation date.
FortiClient (Mac OS X) Configurator tool
To create a custom installer using the FortiClient Configurator tool:
- Unzip the FortiClientTools file, select the Configurator file folder, and double-click the
FortiClientConfigurator.dmg application file, and double-click the FCTConfigurator icon to launch the tool. The Configurator tool opens.
- Configure the following settings:
Licensed | Trial | Licensed mode requires a FortiClient 5.2 license file. In FortiClient v5.2, the FortiClient Configurator tool can be used in trial mode. In trial mode, all online updates are disabled. The trial installer is intended to be deployed in a test environment. |
Source | Select the FortiClient Installer file on your management computer. You must use the full installer file, otherwise FortiClient Configurator will fail to create a custom installation file. The FortiClient Installer version and FortiClient Configurator version must match, otherwise the Configurator will fail to create a custom installation file. |
Destination | Enter a name for the custom installation file and select a destination to save the file on your management computer. |
Features to Install | Select to install all FortiClient modules, VPN only, or SSO only. If SSO only is selected, you must configure the SSO settings in the attached configuration file. |
Server IP/FQDN | Enter the IP address or FQDN of the FortiAuthenticator server. This option is available when selecting SSO only for features to install. |
Port Number | Enter the port number. The default port is 8001. This option is available when selecting SSO only for features to install. |
Pre-Shared Key | Enter the FortiAuthenticator pre-shared key. This option is available when selecting SSO only for features to install. |
Confirm Pre-Shared Key | Enter the FortiAuthenticator pre-shared key confirmation. This option is available when selecting SSO only for features to install. |
Custom installation packages
Config file | Optionally, select a pre-configured FortiClient backup configuration file. If you selected Everything or VPN only for features to install, you must use a configuration file to configure the related settings. |
Software Update | Select to enable or disable software updates. |
Rebrand | Select to rebrand FortiClient. When selected, the option to enable software update is not available. For more information on rebranding FortiClient, see Appendix C – Rebranding FortiClient on page 137. |
Rebranding resources | Select the FortiClient resources file on your management computer. |
- Select the Start button to create the custom FortiClient installation file.
- You can now deploy the repackaged FortiClient .dmg file to your Mac OS X systems.
Custom installation packages
When deploying a custom FortiClient XML configuration, use the advanced FortiClient Profile options in FortiGate to ensure the FortiClient Profile settings do not overwrite your custom XML settings. For more information, see the FortiClient XML Reference and the CLI Reference forFortiOS.
Advanced FortiClient profiles
FortiClient (Windows)
After the configurator tool generates the custom installation packages, it can be used to deploy the FortiClient software either manually, or using Active Directory. Both options can be found in the …/FortiClient_packaged directory. Files are created for both x86 (32-bit) and x64 (64-bit) operating systems.
If Active Directory is being used to deploy FortiClient, you can use the custom installer with the MST file found in the …/ActiveDirectory folder.
For manual distribution, use the .exe file in the …/ManualDistribution folder.
Advanced FortiClient profiles
When creating custom FortiClient MSI files for deployment, you will need to configure advanced FortiClient profiles on the FortiGate/EMS to ensure that settings in the FortiClient profile do not overwrite your custom XML settings. You can configure the FortiClient profile to deliver the full XML configuration, VPN only, or specific FortiClient XML configurations. For more information on customizing the FortiClient XML configuration file, see the Appendix C – Rebranding FortiClient on page 137.
Fortinet recommends creating OS specific endpoint profiles when provisioning XML settings. When creating a new FortiClient profile, select the device group as either Windows PC or Mac. If a FortiClient (Windows) XML configuration is pushed to a FortiClient (Mac OS X) system, FortiClient (Mac OS X) will ignore settings which are not supported.
Provision a full XML configuration file
You can deploy the full XML configuration file from the CLI or GUI.
To deploy the full XML configuration via the CLI:
- Log in to the FortiGate Command-line Interface.
- Enter the following CLI commands: config endpoint-control profile edit <profile_name>
config forticlient-winmac-settings set forticlient-advanced-cfg enable
set forticlient-advanced-cfg-buffer “Copy & Paste your FortiClient XML configuration here”
Advanced FortiClient profiles
Copy directly from your XML editor, preserving the XML file format. Copy all information from the <?xml version=”1.0″ encoding=”UTF-8″ ?> start of syntax to the </forticlient_configuration> end of syntax XML tags. Add double quotes at the start and end of the XML syntax statements.
To deploy the full XML configuration via the FortiGate GUI:
- Go to Security Profiles > FortiClient Profiles.
- Select the FortiClient Profile and select Edit from the toolbar. The Edit FortiClient Profile page is displayed.
- Configure the following settings:
Profile Name | Enter a unique name to identify the FortiClient profile. |
Comments | Optionally, enter a comment. |
Assign Profile To | For more information on configuring device groups, user groups, and users, see the FortiOSHandbook. These options are only available when creating a new FortiClient profile. You can assign the profile to user groups and users when using Active Directory authentication or RADIUS authentication for VPN. FortiClient does not support nested groups in FortiOS. |
XML text window | Copy and paste the FortiClient XML configuration file in the text window. The XML syntax must be preserved. |
- Select Apply to save the FortiClient profile settings.
To deploy the full XML configuration via EMS:
- Go to Endpoint Profiles and either select a profile to edit, or create a new profile.
- Select the Advanced option to the right of the profile name.
- Select Yes in the confirmation dialog box.
- Copy and paste the XML configuration file text into the text box.
- Select Save to save the FortiClient profile settings.
Partial configuration
The current buffer size is 32kB. This may not be large enough to accommodate your FortiClient XML configuration. As a workaround, you can use the FortiClient Configurator tool to create a custom MSI installation file using a .confFortiClient backup configuration that contains static custom configurations. You can then include a partial configuration in the advanced FortiClient profile. This will push the partial configuration when the client registers with the FortiGate. The partial configuration will be merged with the existing XML configuration on the client.
To provision specific FortiClient XML configuration while preserving custom XML configurations in your MSI file, cut & paste the specific XML configuration into the FortiClient Profile in the following format:
<?xml version=”1.0″ encoding=”UTF-8″ ?>
Advanced FortiClient profiles
<forticlient_configuration>
<partial_configuration>1</partial_configuration>
<system>
<ui>
The gameplay of Rise of Nations revolves around the concept of territory. Download rise of nations full version free. You can also download.has got 18 different civilizations which are playable through eight different ages of world history. This game is considered as one of the best real time strategy game of all times. Territory is the area near the settlement of the player.
<ads>0</ads>
<default_tab>VPN</default_tab>
<flashing_system_tray_icon>0</flashing_system_tray_icon>
<hide_system_tray_icon>0</hide_system_tray_icon>
<suppress_admin_prompt>0</suppress_admin_prompt>
<culture_code>os-default</culture_code>
</ui>
<update>
<use_custom_server>0</use_custom_server>
<port>80</port>
<timeout>60</timeout>
<failoverport>8000</failoverport>
<fail_over_to_fdn>1</fail_over_to_fdn>
<scheduled_update>
<enabled>0</enabled>
<type>interval</type>
<daily_at>03:00</daily_at>
<update_interval_in_hours>3</update_interval_in_hours>
</scheduled_update>
</update>
</system>
</forticlient_configuration>
Ensure that the <partial_configuration>1</partial_configuration> tag is set to 1 to indicate that this partial configuration will be deployed upon registration with the FortiGate. All other XML configuration will be preserved.
Advanced VPN provisioning
You need to enable VPN provisioning and advanced VPN from the FortiOS CLI to import the FortiClient XML VPN configuration syntax. You can import the XML VPN configuration in the CLI or the GUI.
Import XML VPN configuration into the FortiClient Profile via the CLI:
- Log in to your FortiGate command-line interface.
- Enter the following CLI commands: config endpoint-control profile edit <profile_name>
config forticlient-winmac-settings set forticlient-vpn-provisioning enable set forticlient-advanced-vpn enable set auto-vpn-when-off-net enable set auto-vpn-name <VPN name to connect to automatically when off-net> set forticlient-advanced-vpn-buffer <Copy & paste the advanced VPN configuration>
end
end
After the forticlient-vpn-provisioning and forticlient-advancedvpn CLI commands are enabled, the forticlient-advanced-vpn-buffer CLI command is available from the CLI.
Advanced FortiClient profiles
Copy directly from your XML editor, preserving the XML file format. Copy all information from the <vpn> start of syntax to the </vpn> end of syntax XML tags. Add double quotes before the <vpn> tag and after the </vpn> tag.
- You can also choose to copy & paste the XML content in the GUI, go to Security Profiles > FortiClient Profiles and select the VPN
- Configure the following settings:
Profile Name | Enter a unique name to identify the FortiClient profile. |
Comments | Optionally, enter a comment. |
Assign Profile To | For more information on configuring device groups, user groups, and users, see the FortiOSHandbook. These options are only available when creating a new endpoint profile. You can assign the profile to user groups and users when using Active Directory authentication or RADIUS authentication for VPN. FortiClient does not support nested groups in FortiOS. |
VPN | Enable Client VPN Provisioning. Cut and paste the FortiClient XML configuration <vpn> to </vpn> tags in the text window. The XML syntax must be preserved. Enable Auto-connect when Off-Net and select a VPN name from the dropdown list. |
- Select Apply to save the FortiClient profile settings.
For more information, see Appendix A – Deployment Scenarios on page 127.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU
FortiGate VM Initial Configuration
Before you can connect to the FortiGate VM web-based manager you must configure a network interface in the FortiGate VM console. Once an interface with administrative access is configured, you can connect to the FortiGate VM web-based Manager and upload the FortiGate VM license file that you downloaded from the Customer Service & Support website.
The following topics are included in this section: Set FortiGate VM port1 IP address
- Connect to the FortiGate VM Web-based Manager
- Upload the FortiGate VM license file
- Validate the FortiGate VM license with FortiManager
- Configure your FortiGate VM
Set FortiGate VM port1 IP address
Hypervisor management environments include a guest console window. On the FortiGate VM, this provides access to the FortiGate console, equivalent to the console port on a hardware FortiGate unit. Before you can access the Web-based manager, you must configure FortiGate VM port1 with an IP address and administrative access.
To configure the port1 IP address:
1. In your hypervisor manager, start the FortiGate VM and access the console window.
You might need to press Return to see a login prompt.
Example of FortiGate VM console access:
2. At the FortiGate VM login prompt enter the username admin. By default there is no password. Just press Return.
3. Using CLI commands, configure the port1 IP address and netmask. Also, HTTP access must be enabled because until it is licensed the FortiGate VM supports only low-strength encryption. HTTPS access will not work.
For example:
config system interface edit port1
set ip 192.168.0.100 255.255.255.0 append allowaccess http
end
You can also use the append allowaccess CLI command to enable other access protocols, such as auto-ipsec, http, probe-response, radius-acct, snmp, and telnet. The ping, https, ssh, and fgfm protocols are enabled on the port1 interface by default.
4. To configure the default gateway, enter the following CLI commands:
config router static edit 1
set device port1
end
set gateway <class_ip>
You must configure the default gateway with an IPv4 address. FortiGate VM needs to access the Internet to contact the FortiGuard Distribution Network (FDN) to validate its license.
5. To configure your DNS servers, enter the following CLI commands:
config system dns
set primary <Primary DNS server>
set secondary <Secondary DNS server>
end
The default DNS servers are 208.91.112.53 and 208.91.112.52.
6. To upload the FortiGate VM license from an FTP or TFTP server, use the following CLI command:
execute restore vmlicense {ftp | tftp} <VM license file name> <Server IP or FQDN> [:server port]
You can also upload the license in the FortiGate VM Web-based Manager. See Set FortiGate VM port1 IP address on page 2728.
Web–based Manager and Evaluation License dialog box
Connect to the FortiGate VM Web-based Manager
When you have configured the port1 IP address and netmask, launch a web browser and enter the IP address that you configured for port1. At the login page, enter the username admin and password field and select Login. The default password is no password. The Web-based Manager will appear with an Evaluation License dialog box.
Upload the FortiGate VM license file
Every Fortinet VM includes a 15-day trial license. During this time the FortiGate VM operates in evaluation mode. Before using the FortiGate VM you must enter the license file that you downloaded from the Customer Service & Support website upon registration.
To upload the FortiGate VM licence file:
1. In the Evaluation License dialog box, select Enter License.
You can also upload the license file via the CLI using the following CLI command:
execute restore vmlicense [ftp | tftp] <filenmame string>
<ftp server>[:ftp port]
The license upload page opens.
License upload page:
2. Select Browse and locate the license file (.lic) on your computer. Select OK to upload the license file.
3. Refresh the browser to login.
4. Enter admin in the Name field and select Login. The VM registration status appears as valid in the License Information widget once the license has been validated by the FortiGuard Distribution Network (FDN) or FortiManager for closed networks.
Validate the FortiGate VM license with FortiManager
You can validate your FortiGate VM license with some models of FortiManager. To determine whether your FortiManager unit has the VM Activation feature, see Features section of the FortiManager Product Data sheet.
To validate your FortiGate VM with your FortiManager:
1. To configure your FortiManager as a closed network, enter the following CLI command on your FortiManager:
config fmupdate publicnetwork set status disable
end
2. To configure FortiGate VM to use FortiManager as its override server, enter the following CLI commands on your
FortiGate VM:
config system central-management set mode normal
set type fortimanager
set fmg <IPv4 address of the FortiManager device>
set fmg-source-ip <Source IPv4 address when connecting to the FortiManager device>
set include-default-servers disable
set vdom <Enter the name of the VDOM to use when communicating with the FortiManager device>
end
3. Load the FortiGate VM license file in the Web-based Manager. Go to System > Dashboard > Status. In the License Information widget, in the Registration Status field, select Update. Browse for the .lic license file and select OK.
4. To activate the FortiGate VM license, enter the following CLI command on your FortiGate VM:
execute update-now
5. To check the FortiGate VM license status, enter the following CLI commands on your FortiGate VM:
get system status
The following output is displayed:
Version: Fortigate-VM v5.0,build0099,120910 (Interim) Virus-DB: 15.00361(2011-08-24 17:17)
Extended DB: 15.00000(2011-08-24 17:09) Extreme DB: 14.00000(2011-08-24 17:10) IPS-DB: 3.00224(2011-10-28 16:39)
FortiClient application signature package: 1.456(2012-01-17 18:27) Serial-Number: FGVM02Q105060000
License Status: Valid
BIOS version: 04000002
Log hard disk: Available Hostname: Fortigate-VM Operation Mode: NAT
Current virtual domain: root
The maximum number of Eridium bars a player can have at any one time is 500. Neither the Eridians nor their weapons are present in Borderlands 2, although. The Black Market is a shop found in the city of Sanctuary in Borderlands 2 and in. The only currency that the Sanctuary Black Market accepts is Eridium, while the. Backpack: +3 slots each; Bank: +2 slots each; Assault Rifle: +140 max ammo. Borderlands 2 max eridium.
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable How to use mods in sims 4 folder.
FIPS-CC mode: disable Current HA mode: standalone Distribution: International Branch point: 511
Release Version Information: MR3 Patch 4
System time: Wed Jan 18 11:24:34 2012
diagnose hardware sysinfo vm full
The following output is displayed: UUID: 564db33a29519f6b1025bf8539a41e92 valid: 1
status: 1
code: 200 (If the license is a duplicate, code 401 will be displayed)
warn: 0 copy: 0 received: 45438 warning: 0
recv: 201201201918 dup:
Configure your FortiGate VM
nce the FortiGate VM license has been validated you can begin to configure your device. You can use the Wizard located in the top toolbar for basic configuration including enabling central management, setting the admin password, setting the time zone, and port configuration.
For more information on configuring your FortiGate VM see the FortiOS Handbook at http://docs.fortinet.com.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Fortigate Image Download
Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU
Posted by4 months ago
Hi!
I am currenty messing around with a couple of Fortigate-VMs and am currently unable to use any of the Fortigate-VMs running on 6.0.0 and upwards. What i am currently experiencing is the 'Evaluation License' seems to expire the second the VM gets access to the internet.
This is 100% reproductive no matter what .OVF i use from the downloads. I have tried with multiple versions of 6.0.0+ all getting the same result. I found a related thread with the same problem, however changing the mentioned settings do not seem to have any effect. Having tried the earlier versions (5.6.5-5.6.8) all of them work fine with no issues what so ever.
Am I completely missing something or is the evaluation just not working on 6.0.0+ ?
Edit*
Solved! It came down to me being used to not messing around with NTP on the older versions for them to work. Tried setting the VM to sync with the host but with no luck, however manually configuring NTP to sync with fortiguard did the trick! Thank you /u/virtualbitz for suggesting NTP. Never got around playing with NTP in my homelab, but I guess now is the right time ;) Thank you all again!
11 comments