Skip to content

Deployment of FortiGate virtual appliance on Sunlight.io

The Sunlight Enterprise Platform could act as a private cloud to run the FortiGate virtual appliances. The image of FortiGate VM is pre-loaded in the platform. When deploying a FortiGate virtual appliance, based on the FortiGate licence to be applied to the appliance, the required flavour could be created and configured before creating the instances. The virtual private network and virtual network interfaces attached to the VM could also be configured with VLAN support.

FortiGate scenario

FortiGate setup

Source

FortiGate datasheet: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_VM.pdf

Deploy the FortiGate VM

  1. Create a flavour to match the capacity of the license. For example, the FortiGate VM00 flavour is configured as the specification of evaluation license. FortiGate flavour

  2. Create the virtual private networks matching your infrastructure's network environment and attached to a physical network interface. FortiGate flavour FortiGate flavour FortiGate flavour

  3. Create the instance by choosing the FortiGate image, pre-created FortiGate flavour and network. FortiGate flavour

  4. The FortiGate VM is available when it’s created successfully. FortiGate flavour

Access the FortiGate VM

Before you can connect to the FortiGate VM web-based manager you must configure a network interface in the FortiGate VM console. Once an interface with administrative access is configured, you can connect to the FortiGate VM web-based Manager and upload the FortiGate VM license file that you downloaded from the Customer Service & Support website.

Set FortiGate VM port1 IP address

Sunlight controller UI provides a guest console window. On the FortiGate VM, this provides access to the FortiGate console, equivalent to the console port on a hardware FortiGate unit. Before you can access the Web-based manager, you must configure FortiGate VM port1 with an IP address and administrative access.

  1. In the Sunlight controller UI, start the FortiGate VM and access the console window under the “Console” tab. Click “Connect” to initialise the console window. You might need to press Return to see a login prompt.

  2. At the FortiGate VM login prompt enter the username admin. By default there is no password. Just press Return. FortiGate flavour

  3. Using CLI commands, configure the port1 IP address and netmask. Also, HTTP access must be enabled because until it is licensed the FortiGate VM supports only low-strength encryption. HTTPS access will not work.

config system interface
    edit port1
        set ip 192.168.0.100 255.255.255.0
        append allowaccess http
end
  1. You must configure the default gateway with an IPv4 address. FortiGate VM needs to access the Internet to contact the FortiGuard Distribution Network (FDN) to validate its license. To configure the default gateway, enter the following CLI commands.
config router static
    edit 1
        set device port1
        set gateway <class_ip>
end

FortiGate flavour

Connect to the FortiGate VM web-based manager

When you have configured the port1 IP address and netmask, launch a web browser and enter the IP address that you configured for port1.

  1. At the login page, enter the username admin and password field and select Login. The default password is no password. FortiGate flavour

  2. The FortiGate web-based manager is available after you successfully login. FortiGate flavour

  3. The network interfaces of the FortiGate VM is available to check. FortiGate flavour

Add more network interfaces to FortiGate VM

The maximum number of network interfaces consumable by a FortiGate instance is 18 starting with the FortiGate versions 5.6.6 and 6.0.3.

  1. Attach a new network interface to the FortiGate VM on Sunlight UI. FortiGate flavour

  2. Select the network which the new interface is connected to. FortiGate flavour

  3. Configure the network interfaces on FortiGate web-based manager. All the interfaces attached to the FortiGate VM should be available and presented as physical interface connected to the ports of FortiGate. FortiGate flavour You could configure the interface as the way you need, including Virtual Wire Pair and VLAN tagged interface. FortiGate flavour