Deployment of FortiGate virtual appliance on Sunlight.io
The Sunlight Enterprise Platform could act as a private cloud to run the FortiGate virtual appliances. The image of FortiGate VM is pre-loaded in the platform. When deploying a FortiGate virtual appliance, based on the FortiGate licence to be applied to the appliance, the required flavour could be created and configured before creating the instances. The virtual private network and virtual network interfaces attached to the VM could also be configured with VLAN support.
FortiGate datasheet: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_VM.pdf
Deploy the FortiGate VM
Create a flavour to match the capacity of the license. For example, the FortiGate VM00 flavour is configured as the specification of evaluation license.
Create the virtual private networks matching your infrastructure's network environment and attached to a physical network interface.
Create the instance by choosing the FortiGate image, pre-created FortiGate flavour and network.
The FortiGate VM is available when it’s created successfully.
Access the FortiGate VM
Before you can connect to the FortiGate VM web-based manager you must configure a network interface in the FortiGate VM console. Once an interface with administrative access is configured, you can connect to the FortiGate VM web-based Manager and upload the FortiGate VM license file that you downloaded from the Customer Service & Support website.
Set FortiGate VM port1 IP address
Sunlight controller UI provides a guest console window. On the FortiGate VM, this provides access to the FortiGate console, equivalent to the console port on a hardware FortiGate unit. Before you can access the Web-based manager, you must configure FortiGate VM port1 with an IP address and administrative access.
In the Sunlight controller UI, start the FortiGate VM and access the console window under the “Console” tab. Click “Connect” to initialise the console window. You might need to press Return to see a login prompt.
At the FortiGate VM login prompt enter the username admin. By default there is no password. Just press Return.
Using CLI commands, configure the port1 IP address and netmask. Also, HTTP access must be enabled because until it is licensed the FortiGate VM supports only low-strength encryption. HTTPS access will not work.
config system interface edit port1 set ip 192.168.0.100 255.255.255.0 append allowaccess http end
- You must configure the default gateway with an IPv4 address. FortiGate VM needs to access the Internet to contact the FortiGuard Distribution Network (FDN) to validate its license. To configure the default gateway, enter the following CLI commands.
config router static edit 1 set device port1 set gateway <class_ip> end
Connect to the FortiGate VM web-based manager
When you have configured the port1 IP address and netmask, launch a web browser and enter the IP address that you configured for port1.
At the login page, enter the username admin and password field and select Login. The default password is no password.
The FortiGate web-based manager is available after you successfully login.
The network interfaces of the FortiGate VM is available to check.
Add more network interfaces to FortiGate VM
The maximum number of network interfaces consumable by a FortiGate instance is 18 starting with the FortiGate versions 5.6.6 and 6.0.3.
Attach a new network interface to the FortiGate VM on Sunlight UI.
Select the network which the new interface is connected to.
Configure the network interfaces on FortiGate web-based manager. All the interfaces attached to the FortiGate VM should be available and presented as physical interface connected to the ports of FortiGate. You could configure the interface as the way you need, including Virtual Wire Pair and VLAN tagged interface.