Introduction
FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.
Document scope
This document describes how to deploy a FortiGate virtual appliance in several virtualization server environments. This includes how to configure the virtual hardware settings of the virtual appliance.
This document assumes:
- you have already successfully installed the virtualization server on the physical machine,
- you have installed appropriate VM management software on either the physical server or a computer to be used for VM management.
This document does not cover configuration and operation of the virtual appliance after it has been successfully installed and started. For these issues, see the FortiGate 5.2 Handbook.
This document includes the following sections:
- FortiGate VM Overview l Deployment example – VMware l Deployment example – MS Hyper-V l Deployment example – KVM l Deployment example – OpenXen l Deployment example – Citrix XenServer
6
What’s new in VM in 5.4 New Features in 5.4.0
What’s new in VM in 5.4
New Features in 5.4.0
FGT-VM VCPUs (308297)
Fortinet has now launched licensing for FortiGate VMs that support larger than 8 vCPUs. The new models/licenses include:
l Support for up to 16 vCPU – FortiGate-VM16 l Support for up to 32 vCPU – FortiGate-VM32 l Support for unlimited vCPU – FortiGate-VMUL
Each of these models should be able to support up to 500 VDOMs.
Improvements to License page (382128)
The page has been rewritten with some minor improvements such as:
- An indicator to show when a VM is waiting for authentication or starting up l Shows VM status when license is valid
- Shows CLI console window when VM is waiting too long for remote registration of server
Citrix XenServer tools support for XenServer VMs (387984)
This support allows users, with Citrix XenServer tools to read performance statistics from XenServer clients and do Xenmotion with servers in the same cluster
There are no changes to the GUI, but there are some changes to the CLI.
A setting has been edited to control the debug level of the XenServer tools daemon diag debug application xstoolsd <integer>
Integer = Debug level
An additional update has been added to set the update frequency for XenServer tools
config system global set xstools-update-frequency Xenserver <integer> end
Enter an integer value from 30 to 300 (default = 60).
New Features in 5.4.0 What’s new in VM in 5.4
FOS VM supports more interfaces (393068)
The number of virtual interfaces that the VM version of FortiOS supports has been raised from 3 to 10.
NSX security group importing (403975)
A feature has been added to allow the importation of security group information from VMware’s NSX firewall.
CLI Changes: nsx group list
This is used to list NSX security Groups
Syntax:
execute nsx group list <name of the filter>
nsx group import
This is used to import NSX security groups.
Syntax:
execute nsx group import <vdom> <name of the filter>
nsx group delete
This is used to delete NSX security Groups
Syntax:
execute nsx group delete <vdom> <name of the filter>
nsx.setting.update-period
This is used to set the update period for the NSX security group
Syntax:
config.nsx.setting.update-period <0 – 3600 in seconds>
0 means disabled
Default value: 0
Non-vdom VM models FGVM1V/FGVM2V/FGVM4V (405549)
New models of the FortiGate-VM have been introduced. These match up with the existing FortiGate-VM models of FG-VM01, FG-VM02 and FG-VM04. The difference being that the new models don’t support VDOMs. 8
What’s new in VM in 5.4 New Features in 5.4.0
New FortiGate-VM without VDOM support |
Original FortiGate-VM |
FG-VM01 |
FG-VM02 |
FG-VM02v |
FG-VM01v
FG-VM04 FG-VM04v
FortiGate VM models and licensing