2. VIRTUAL LAB
The FortiGate firewall is available not
only as an appliance but also as a
virtual machine, the Fortigate VM. The
following virtual lab will be used in the
following examples.
This scenario is very simple, so it
could be used to easily learn how to
configure the FortiGate firewall.
External network – to the
Internet
Firewall Port 2 – bridged to
the physical machine
network port
FortiGate VM
Firewall port 1 –
configured on VMware
LAN segment 1
LAN segment 1
Virtual machine with
Ethernet port on Vmware
LAN segment 1
3. FORTIGATE VM INITIAL CONFIGURATION
We will assume that the reader has already installed the virtual machine on its PC and he/she has
generated a valid license.
When the machine has already been started up, we can only configure it through the console: a login is
required.
Enter username admin and no password.
In order to have the web interface available, some basic commands are required. These commands will
permit to configure an IP address to the machine and activate the license on the Internet.
The license file should be downloaded to the machine using TFTP, so a TFTP server should be
configured.
The IP addresses used in the following are chosen as an example; you are free to change them.
Let’s start with the initial configuration!
4. FORTIGATE VM INITIAL CONFIGURATION CONTINUED
# On the CLI, configure port 1 (only port 1 is already configured for device management). Port 1 will be connected to the PC used to
configure the device and then to the internal network. All ports are already in administrative status up.
config system interface
edit port1
set ip 192.168.255.1 255.255.255.0
end
# Now we can leave the console and start to use an SSH terminal. Connect port 1 to your PC Ethernet port and configure it with a static IP
address on the same subnet you configured on port 1 of the firewall.
# Now we will configure port 2 to connect it to Internet. In this case we will use a DHCP configuration as an example.
config system interface
edit port2
set mode dhcp
set defaultgw enable #We use the default gateway received by DHCP
end
5. FORTIGATE VM INITIAL CONFIGURATION CONTINUED
# In case we chose to use a static IP address, the configuration will be
config system interface
edit port2
set ip 172.16.255.2 255.255.255.0
end
# In this case we should configure a static default route.
config router static
edit 1
end
set device port2
set gateway 172.16.255.1
#So, verify the connectivity and the DNS configuration.
execute ping fortinet.com
#We download the license file from our TFTP server (with IP address 192.168.255.2, for example).
execute restore vmlicense tftp FGVMXXXXXXXXXXXX.lic 192.168.255.2
6. FORTIGATE VM INITIAL CONFIGURATION CONTINUED
Now we can connect to the firewall using the web interface (user admin and
no password). The activation process is not immediate, so the following page
will be shown.
If we want to speed up the process, the following CLI command could be used:
execute update-now
When the activation procedure is completed, we will be able to connect to the device’s
web interface.
7. MORE NEEDS?
See hints on www.ipmax.it
Or email us your questions to info_ipmax@ipmax.it
8. IPMAX
IPMAX is a Fortinet Partner in Italy.
IPMAX is the ideal partner for companies seeking quality in products and
services. IPMAX guarantees method and professionalism to support its
customers in selecting technologies with the best quality / price ratio, in the
design, installation, commissioning and operation.
IPMAX srl
Via Ponchielli, 4
20063 Cernusco sul Naviglio (MI) – Italy
+39 02 9290 9171