FortiOS 5.4 VM Install Guide

Introduction

FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform.

Document scope

This document describes how to deploy a FortiGate virtual appliance in several virtualization server environments. This includes how to configure the virtual hardware settings of the virtual appliance.

This document assumes:

  • you have already successfully installed the virtualization server on the physical machine,
  • you have installed appropriate VM management software on either the physical server or a computer to be used for VM management.

This document does not cover configuration and operation of the virtual appliance after it has been successfully installed and started. For these issues, see the FortiGate 5.2 Handbook.

This document includes the following sections:

  • FortiGate VM Overview l Deployment example – VMware l Deployment example – MS Hyper-V l Deployment example – KVM l Deployment example – OpenXen l Deployment example – Citrix XenServer

6

What’s new in VM in 5.4                                                                                                         New Features in 5.4.0

What’s new in VM in 5.4

New Features in 5.4.0

FGT-VM VCPUs (308297)

Fortinet has now launched licensing for FortiGate VMs that support larger than 8 vCPUs. The new models/licenses include:

l Support for up to 16 vCPU – FortiGate-VM16 l Support for up to 32 vCPU – FortiGate-VM32 l Support for unlimited vCPU – FortiGate-VMUL

Each of these models should be able to support up to 500 VDOMs.

Improvements to License page (382128)

The page has been rewritten with some minor improvements such as:

  • An indicator to show when a VM is waiting for authentication or starting up l Shows VM status when license is valid
  • Shows CLI console window when VM is waiting too long for remote registration of server

Citrix XenServer tools support for XenServer VMs (387984)

This support allows users, with Citrix XenServer tools to read performance statistics from XenServer clients and do Xenmotion with servers in the same cluster

There are no changes to the GUI, but there are some changes to the CLI.

A setting has been edited to control the debug level of the XenServer tools daemon diag debug application xstoolsd <integer>

Integer = Debug level

An additional update has been added to set the update frequency for XenServer tools

config system global set xstools-update-frequency Xenserver <integer> end

Enter an integer value from 30 to 300 (default = 60).

New Features in 5.4.0                                                                                                         What’s new in VM in 5.4

FOS VM supports more interfaces (393068)

The number of virtual interfaces that the VM version of FortiOS supports has been raised from 3 to 10.

NSX security group importing (403975)

A feature has been added to allow the importation of security group information from VMware’s NSX firewall.

CLI Changes: nsx group list

This is used to list NSX security Groups

Syntax:

execute nsx group list <name of the filter>

nsx group import

This is used to import NSX security groups.

Syntax:

execute nsx group import <vdom> <name of the filter>

nsx group delete

This is used to delete NSX security Groups

Syntax:

execute nsx group delete <vdom> <name of the filter>

nsx.setting.update-period

This is used to set the update period for the NSX security group

Syntax:

config.nsx.setting.update-period <0 – 3600 in seconds>

0 means disabled

Default value: 0

Non-vdom VM models FGVM1V/FGVM2V/FGVM4V (405549)

New models of the FortiGate-VM have been introduced. These match up with the existing FortiGate-VM models of FG-VM01, FG-VM02 and FG-VM04. The difference being that the new models don’t support VDOMs. 8

What’s new in VM in 5.4                                                                                                         New Features in 5.4.0

New FortiGate-VM without VDOM support
Original FortiGate-VM
FG-VM01
FG-VM02
FG-VM02v

FG-VM01v

FG-VM04                                                                      FG-VM04v

 

FortiGate VM models and licensing

This entry was posted in Administration Guides, FortiOS on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.