How to run Fortigate firewall as a virtual machine?

Introduction

In this post you will see how you can run Fortigate virtual machine on a Windows operating system. I will be using VMware Workstation 15 for virtualization.

Evaluation license

Fortinet allows us to download and use the virtual machine for free for two weeks. It means that you don’t have to buy anything to test some functionality on your VM.

Step 1. Download VM

The first thing to do is go to support.fortinet.com and create a free account. The process of registration is very simple and takes 2 minutes. Then navigate to Download tab and click VM Images:

Now choose the VMware ESXi for a VM type, select the desired version and click Download button for a New deployment file, as shown on the picture below:

Step 2. Import the VM into VMware Workstation

Extract the downloaded archive and double-click the virtual machine file as shown below:

This will open Import Virtual Machine window where you will need to specify the location for the new VM:

Click import and the VM will be imported and stored at the specified location.

Step 3. Start the VM.

Now you can start the VM and access the CLI console. The default username is admin and the password is blank. On the first login you will be asked to set the new password. Below is the screenshot with the initial login process.

Pay attention to the error about the license, you will most probably get the same error, because this error takes place with newer versions of FortiOS (6.0 and newer). We will deal with it later.

Now you can type (just type, don’t press enter) show system interface and the press “?” for context sensitive help, this will show you all available interfaces with their IP addresses.

By default, all network adapters of the VM are in a bridged mode, this means that one of the interfaces will get an IP address from your router(DHCP server), which provides internet access to your computer. Once you know the IP address of the Fortigate-VM you can login to its web interface. If you had a licensing related error, mentioned previously, you will see the following page:

If you don’t get any error you will see the dashboard of the Fortigate.

Step 4. License error fix.

This error has something to do with time synchronization. The easiest way to make it work is just perform a factory reset of the Fortigate-VM. The command is execute factoryreset.

After the reset process you will have to login with default credentials again (admin and blank password). Provide the new password and find the IP address of the interface as was described previously. Now you will be able to access the GUI and start configuring the device.

There’s a dashboard widget, which shows that you are using the evaluation license for the VM .

Click on FGVMEV License in that widget and it will take you to the licensing status page:

Here you can see the license expiration date. You can also use the CLI to find the expiration date. Run get system status command:

Whenever your license expires just go to CLI and issue execute factoryreset command again. This will reset the license expiration date and you will be able to use your FortiVM without having to create it from scratch.

Conclusion.

Now you have your own virtual Fortigate firewall to play with. Thank you for reading.