tags: - fortigate - VM categories: - informational comments: true

date: 2021-12-26 00:00:00

DESCRIPTION

Register and download image from https://support.fortinet.com/Download/VMImages.aspx

select product - fortigate select platform - KVM

latest version - 6.4.3 (2020-12-10)

New deployment of FortiGate for KVM

FGT_VM64_KVM-v6-build1778-FORTINET.out.kvm.zip (66.86 MB)

Evaliation - 15 days per install.

Install KVM - kernel virtual machine - software on Ubuntu

https://help.ubuntu.com/community/KVM/Installation

COMMANDS

cp FGT_VM64_KVM-v6-build1778-FORTINET.out.kvm.zip /tmp
cd /tmp
unzip FGT_VM64_KVM-v6-build1778-FORTINET.out.kvm.zip
sudo mv fortios.qcow2 /var/lib/libvirt/images/

sudo virt-manager

File -> New Virtual Machine -> Install existing disk image (last option)

Select - /var/lib/libvirt/images/fortios.qcow2

Forward Forward (Memory/CPUs) - use defaults (see below)

Name - FGT_VM64_KVM-v6-build1778-FORTINET

Finish

Click the VM display and you should see a console.

Default login:

admin NOPASSWORD - enter

Set a password

Failure: setting up a management IP

config system interface
edit port1
set mode static
set ip 192.168.0.100 255.255.255.0
next
end

ERRORS

on ‘next’

Attribute 'vdom' MUST be set.
Command fail. Return code 1

Steps to avoid this error and get a management IP

Pitfalls: Undocumented

Attribute 'vdom' MUST be set.
Command fail. Return code 1
"Attribute 'interface' MUST be set.
Command fail. Return code 1"
config system interface
    edit "port1"
        set vdom "root"
        set mode static
        set ip 192.168.0.100 255.255.255.0
        set allowaccess ping ssh http
        set type aggregate
    next
end
config system dns
    set primary 192.168.0.66
    set secondary 192.168.0.67
end
config router static
    edit 1
        set gateway 192.168.0.1
        set device "port1"
    next
end

Important notes:

Documented

Memory 1024MB Single CPU

Undocumented

Ensure the libvirt-manager has the network interface set to ‘virtio’ for the VM

VDOM creation: Limited to split VDOM due to evaluation license

config system global
set vdom-mode multi-vdom
end
FortiGate-VM64-KVM # config system global

FortiGate-VM64-KVM (global) # set vdom-mode multi-vdom
multi-vdom mode cannot be enabled with the current vdom license.
node_check_object fail! for vdom-mode multi-vdom

value parse error before 'multi-vdom'
Command fail. Return code -651

Option to use in evaluation copy: Use split task VDOM

config system global
set vdom-mode split-vdom
end
Some settings (e.g., firewall policy/object, security profile, wifi/switch controller, user, device, dashboard)
in vdom "root" will be deleted, a split-task vdom "FG-traffic" will be created, and you will be logged out for the operation to take effect.
Do you want to continue? (y/n)

This will cause you to log into the new split non-root VDOM and the ‘config system’ command set command set will not be available. (https://forum.fortinet.com/tm.aspx?m=180832)

ssh admin@192.168.1.1

config system global
8258: Unknown action 3
Command fail. Return code -1

VERIFICATION

References

https://docs.fortinet.com/document/fortigate/6.4.0/fortigate-virtualization -> virtualization https://docs.fortinet.com/vm -> External link to PDF https://docs.fortinet.com/vm/kvm/fortigate/6.4/kvm-cookbook/6.4.0/388201/deployment

Then initial settings and configuring Port1 https://docs.fortinet.com/vm/kvm/fortigate/6.4/kvm-cookbook/6.4.0/615472/configuring-port-1

https://docs.fortinet.com/document/fortigate/6.4.4/administration-guide/498634/using-the-cli

https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/575766/multi-vdom-configuration-examples https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/758820/split-task-vdom-mode