FortiManager VM (VMware) - Fortinet Document Library

FortiManager VM (VMware) - Fortinet Document Library
FortiManager VM (VMware)
Install Guide
FortiManager VM (VMware) Install Guide
December 05, 2014
02-520-203395-20141205
Copyright© 2014 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and
FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other
Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All
other product or company names may be trademarks of their respective owners. Performance
and other metrics contained herein were attained in internal lab tests under ideal conditions,
and actual performance and other results may vary. Network variables, different network
environments and other conditions may affect performance results. Nothing herein represents
any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or
implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s
General Counsel, with a purchaser that expressly warrants that the identified product will
perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be
binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the
same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants,
representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves
the right to change, modify, transfer, or otherwise revise this publication without notice, and the
most current version of the publication shall be applicable.
Fortinet Document Library
docs.fortinet.com
Fortinet Video Library
video.fortinet.com
Customer Service & Support
support.fortinet.com
Training Services
training.fortinet.com
FortiGuard
fortiguard.com
Document Feedback
techdocs@fortinet.com
Table of Contents
Change Log....................................................................................................... 4
Introduction....................................................................................................... 5
FortiManager documentation .................................................................................. 5
FortiManager VM Overview ............................................................................. 7
Licensing.................................................................................................................. 7
System requirements ............................................................................................... 8
Register FortiManager VM with Customer Service & Support ................................ 8
Download the FortiManager VM software ............................................................. 13
FortiManager VM Evaluation license ..................................................................... 15
FortiManager VM Deployment ...................................................................... 16
Deploy the FortiManager VM OVF file ................................................................... 16
Configure FortiManager VM hardware settings..................................................... 21
Power on your FortiManager VM ........................................................................... 22
FortiManager VM Initial Configuration ......................................................... 23
FortiManager VM console access ......................................................................... 23
Connect to the FortiManager VM Web-based Manager ....................................... 24
Upload the FortiManager VM license file............................................................... 25
Configure your FortiManager VM .......................................................................... 27
Page 3
Change Log
Date
Change Description
2013-05-06
Initial release.
2013-10-23
Updated for FortiManager v5.0.5.
2014-02-06
Minor document update for v5.0.6. FortiManager VM now supports up to 12 virtual disks via the
execute lvm CLI command.
2014-02-07
Updated the license code registration procedure to match changes to the Customer Service &
Support portal.
2014-12-05
Minor document update.
Page 4
Introduction
FortiManager Security Management appliances allow you to centrally manage any number of
Fortinet Network Security devices, from several to thousands, including FortiGate, FortiWiFi,
and FortiCarrier. Network administrators can better control their network by logically grouping
devices into administrative domains (ADOMs), efficiently applying policies and distributing
content security/firmware updates. FortiManager is one of several versatile Network Security
Management Products that provide a diversity of deployment types, growth flexibility, advanced
customization through APIs and simple licensing.
This document includes the following sections:
• FortiManager VM Overview
• FortiManager VM Deployment
• FortiManager VM Initial Configuration
FortiManager documentation
The following FortiManager product documentation is available:
• FortiManager Administration Guide
This document describes how to set up the FortiManager system and use it to manage
supported Fortinet units. It includes information on how to configure multiple Fortinet units,
configuring and managing the FortiGate VPN policies, monitoring the status of the managed
devices, viewing and analyzing the FortiGate logs, updating the virus and attack signatures,
providing web filtering and email filter service to the licensed FortiGate units as a local
FortiGuard Distribution Server (FDS), firmware revision control and updating the firmware
images of the managed units.
• FortiManager device QuickStart Guides
These documents are included with your FortiManager system package. Use these
document to install and begin working with the FortiManager system and Web-based
Manager.
• FortiManager Online Help
You can get online help from the FortiManager Web-based Manager. FortiManager online
help contains detailed procedures for using the Web-based Manager to configure and
manage FortiGate units.
• FortiManager CLI Reference
This document describes how to use the FortiManager Command Line Interface (CLI) and
contains references for all CLI commands.
• FortiManager Release Notes
This document describes new features and enhancements in the FortiManager system for
the release, and lists resolved and known issues. This document also defines supported
platforms and firmware versions.
Page 5
• FortiManager VM (VMware) Install Guide
This document describes installing FortiManager VM in your VMware ESX or ESXi virtual
environment.
• FortiManager VM (Microsoft Hyper-V) Install Guide
This document describes installing FortiManager VM in your Microsoft Hyper-V Server 2008
R2 or 2012 virtual environment.
Introduction
Page 6
FortiManager VM (VMware) Install Guide
FortiManager VM Overview
This section provides an overview of FortiManager VM.
The following topics are included in this section:
• Licensing
• System requirements
• Register FortiManager VM with Customer Service & Support
• Download the FortiManager VM software
• FortiManager VM Evaluation license
Licensing
Fortinet offers the FortiManager VM in a stackable license model. This model allows you to
expand your VM solution as your environment expands. When configuring your FortiManager
VM, ensure to configure hardware settings as outlined in Table 1 and consider future expansion.
Contact your Fortinet Authorized Reseller for more information
Table 1: FortiManager VM license information
Technical Specification
VM-BASE VM-10-UG VM-100-UG
Hypervisor Support
VM-1000-UG
VM-5000-UG VM-U-UG
VMware ESX versions 4.0 and 4.1
VMware ESXi versions 4.0, 4.1, 5.0, 5.1, and 5.5
VM Form Factor
VMware ESX/ESXi: Open Virtualization Format (OVF)
HA Support
Yes
Virtual CPU Support
(Minimum / Maximum)
1 / Unlimited
Network Interface Support
(Minimum / Maximum)
1/4
Memory Support
(Minimum / Maximum)
2GB / Unlimited
The default memory size is 2GB.
Storage Support
(Minimum / Maximum)
80GB / 16TB
GB / Day of logs
1
2
5
10
25
50
100GB
200GB
1TB
4TB
8TB
16TB
Licensed Network Devices
10
+10
+100
+1000
+5000
Unlimited
Administrative Domains
10
+10
+100
+1000
+5000
Unlimited
Admin Web Portals /
Maximum Portal Users
10
+10
+100
+1000
+5000
Unlimited
Device Quota
Page 7
For more information, see the FortiManager product data sheet available on the Fortinet web
site, http://www.fortinet.com/sites/default/files/productdatasheets/FortiManager-VM.pdf.
After placing an order for FortiManager VM, a license registration code is sent to the email
address used in the order form. Use the license registration code provided to register the
FortiManager VM with Customer Service & Support at https://support.fortinet.com.
Upon registration, you can download the license file. You will need this file to activate your
FortiManager VM. You can configure basic network settings from the CLI to complete the
deployment. Once the license file is uploaded, the CLI and Web-based Manager are fully
functional.
System requirements
Prior to deploying the FortiManager VM virtual appliance, VMware vSphere Hypervisor (ESX
versions 4.0 or 4.1, ESXi versions 4.0, 4.1, 5.0, 5.1, or 5.5) must be installed and configured. The
installation instructions for FortiManager VM assume you are familiar with VMware ESX/ESXi
server and terminology.
Ensure the following prerequisites are met before installing FortiManager VM:
• The VMware vSphere ESX/ESXi Hypervisor software must be installed and configured.
• The VMware vSphere client is installed on the management computer.
Upgrade to the latest stable VMware ESX/ESXi update and patch release.
Register FortiManager VM with Customer Service & Support
To obtain the FortiManager VM license file you must first register your FortiManager VM with
Fortinet Customer Service & Support.
To register your FortiManager VM:
1. Log in to the Fortinet Customer Service & Support portal using an existing support account
or select Create an Account to create a new account.
2. In the toolbar select Asset > Register/Renew.
The Registration Wizard opens.
FortiManager VM Overview
Page 8
FortiManager VM (VMware) Install Guide
Figure 1: Registration Wizard
3. Enter the license registration code from the FortiManager VM License Certificate that was
emailed to you and select Next. The Registration Info page is displayed.
Figure 2: Registration Info page
4. Enter the support contract number, product description, Fortinet Partner, and IP address.
As a part of the license validation process FortiManager VM compares its IP address with the IP
information in the license file. If a new license has been imported or the FortiManager VM’s IP
address has been changed, the FortiManager VM must be rebooted in order for the system to
validate the change and operate with a valid license.
The Customer Service & Support portal currently does not support IPv6 for FortiManager VM
license validation. You must specify an IPv4 address in both the support portal and the port
management interface.
FortiManager VM Overview
Page 9
FortiManager VM (VMware) Install Guide
5. Select Next to continue. The Fortinet Product Registration Agreement page is displayed.
Figure 3: Fortinet Product Registration Agreement
6. Select the checkbox to indicate that you have read, understood, and accepted the service
contract, and select Next to continue. The Verification page is displayed.
Figure 4: Verification page
7. The verification page displays the product entitlement. Select the checkbox to indicate that
you accept the terms and select Confirm to submit the request. The Registration Completed
page is displayed.
FortiManager VM Overview
Page 10
FortiManager VM (VMware) Install Guide
Figure 5: Registration Completed page
8. In the Registration Completed page you can download the FortiManager VM license file.
Select the License File Download link. You will be prompted to save the license file (.lic) to
your management computer. See “Upload the FortiManager VM license file” on page 25 for
instructions on uploading the license file to your FortiManager VM via the Web-based
Manager.
To edit the FortiManager VM IP address:
1. In the toolbar select Asset > Manage/View Products.
The View Products page opens.
Figure 6: View Products page
2. Select the FortiManager VM serial number.
The Product Details page opens.
FortiManager VM Overview
Page 11
FortiManager VM (VMware) Install Guide
Figure 7: Product Details page
3. Select Edit to change the description, partner information, and IP address of your
FortiManager VM.
The Edit Product Info page opens.
Figure 8: Edit Product Info page
4. Enter the new IP address and select Save.
You can change the IP address five (5) times on a regular FortiManager VM license. There is no
restriction on a full evaluation license.
FortiManager VM Overview
Page 12
FortiManager VM (VMware) Install Guide
5. Select the License File Download link. You will be prompted to save the license file (.lic) to
your management computer. See “Upload the FortiManager VM license file” on page 25 for
instructions on uploading the license file to your FortiManager VM via the Web-based
Manager.
Download the FortiManager VM software
Fortinet provides the FortiManager VM software for both 32-bit and 64-bit environments in two
formats:
• FMG_VMxx-v500-build0xxx-FORTINET.out: Download either the 32-bit or 64-bit firmware
image to upgrade your existing FortiManager VM installation.
• FMG_VMxx-v500-build0xxx-FORTINET.out.ovf.zip: Download either the 32-bit or 64-bit
package for a new FortiManager VM installation.
The FMG_VMxx-v500-build0xxx-FORTINET.out.ovf.zip file contains the following files:
• FortiManager-VMxx.ovf: Open Virtualization Format file for VMware.
• fmg.vmdk: Virtual machine disk format file used by the OVF file.
• datadrive.vmdk: Virtual machine disk format file used by the OVF file.
Firmware images in the Customer Service & Support portal directories are organized by
firmware version, major release, and patch release. The firmware images in the directories
follow a specific naming convention and each firmware image is specific to the device model.
For example, the FMG_VM64-v500-build0618-FORTINET.out.ovf.zip image found in the v5.2.0
directory is specific to the FortiManager VM 64-bit VMware environment.
You can also download the FortiManager Release Notes, and MIB file in this directory. The
Fortinet Core MIB file is located in the main FortiManager v5.00 directory.
To download the FortiManager VM .ovf.zip package:
1. In the toolbar, select Download > Firmware Images.
The Firmware Images page opens.
FortiManager VM Overview
Page 13
FortiManager VM (VMware) Install Guide
Figure 9: Firmware images page
2. Select FortiManager from the drop-down list and select Download.
3. Browse to the appropriate directory for the version that you would like to download.
Figure 10:Directory example
4. Download the .ovf.zip file and FortiManager Release Notes, and save these files to your
management computer.
5. Select the .ovf.zip file on your management computer and extract the files to a new file
folder.
FortiManager VM Overview
Page 14
FortiManager VM (VMware) Install Guide
FortiManager VM Evaluation license
FortiManager VM includes a free 15-day trial license that includes all features. No activation is
required for the built-in evaluation license. The trial period begins the first time you start
FortiManager VM. Once the trial expires, functionality is disabled until you upload a license file.
Figure 11:Expired license dialog box
Technical support is not included with the 15-day evaluation.
Contact your Fortinet Reseller to request a full evaluation (60-days) FortiManager VM license.
FortiManager VM Overview
Page 15
FortiManager VM (VMware) Install Guide
FortiManager VM Deployment
Once you have downloaded the .ovf.zip file and extracted the package contents to a folder
on your management computer, you can deploy the OVF package to your VMware environment.
The following topics are included in this section:
• Deploy the FortiManager VM OVF file
• Configure FortiManager VM hardware settings
• Power on your FortiManager VM
Deploy the FortiManager VM OVF file
To deploy the FortiManager VM OVF template:
1. Launch the VMware vSphere client, enter the IP address or host name of your server, enter
your user name and password and select Login.
The vSphere client home page opens.
Figure 12:vSphere client home page
2. Select File > Deploy OVF Template to launch the OVF Template wizard.
Page 16
The OVF Template Source page opens.
Figure 13:Source page
3. Select the source location of the OVF file. Select Browse and locate the file folder on your
management computer. Select the appropriate FortiManager VM OVF file and select Next to
continue.
The OVF Template Details page opens.
Figure 14:Details page
FortiManager VM Deployment
Page 17
FortiManager VM (VMware) Install Guide
4. Verify the OVF template details. This page details the product name, download size, size on
disk, and description. Select Next to continue.
The OVF Template End User License Agreement page opens.
Figure 15:End user license agreement page
5. Read the end user license agreement for FortiManager VM. Select Accept and then select
Next to continue.
FortiManager VM Deployment
Page 18
FortiManager VM (VMware) Install Guide
The OVF Template Name and Location page opens.
Figure 16:Name and location page
6. Enter a name for this OVF template. The name can contain up to 80 characters and it must
be unique within the inventory folder. Select Next to continue.
The OVF Template Disk Format page opens.
Figure 17:Disk format page
FortiManager VM Deployment
Page 19
FortiManager VM (VMware) Install Guide
7. Select one of the following:
• Thick Provision Lazy Zeroed: Allocates the disk space statically (no other volumes can
take the space), but does not write zeros to the blocks until the first write takes place
to that block during runtime (which includes a full disk format).
• Thick Provision Eager Zeroed: Allocates the disk space statically (no other volumes
can take the space), and writes zeros to all the blocks.
• Thin Provision: Allocates the disk space only when a write occurs to a block, but the
total volume size is reported by VMFS to the OS. Other volumes can take the
remaining space. This allows you to float space between your servers, and expand
your storage when your size monitoring indicates there is a problem. Note that once a
Thin Provisioned block is allocated, it remains in the volume regardless if you have
deleted data, etc.
If you know your environment will expand in the future, it is recommended to add hard disks
larger than the 200GB FortiManager VM base license requirement and utilize Thin Provision
when setting the OVF Template disk format. This will allow your environment to be expanded as
required while not taking up more space in the SAN than is needed.
8. Select Next to continue.
The OVF Template Network Mapping page opens.
Figure 18:Network mapping page
9. Map the networks used in this OVF template to networks in your inventory. Network 1 maps
to port1 of the FortiManager VM. You must set the destination network for this entry to
access the device console. Select Next to continue.
FortiManager VM Deployment
Page 20
FortiManager VM (VMware) Install Guide
The OVF Template Ready to Complete page opens.
Figure 19:Ready to complete page
10.Review the template configuration. To power on the FortiManager VM select the checkbox
beside Power on after deployment.
It is recommended to configure the FortiManager VM hardware settings prior to powering on
the FortiManager VM.
11.Select Finish to deploy the OVF template. You will receive a Deployment Completed
Successfully dialog box once the FortiManager VM OVF template wizard has finished.
Configure FortiManager VM hardware settings
Before powering on your FortiManager VM you must configure the virtual memory, virtual CPU,
and virtual disk configuration to match your FortiManager VM license. See Table 1 on page 7 for
FortiManager VM license information.
FortiManager VM allows for twelve virtual log disks to be added to a deployed instance. When
adding additional hard disks to your VM server environment use the following CLI command to
extend the LVM logical volume:
execute lvm start
execute lvm extend <arg ..>
FortiManager VM Deployment
Page 21
FortiManager VM (VMware) Install Guide
Figure 20:Hardware settings pages
Power on your FortiManager VM
You can now proceed to power on your FortiManager VM. Select the name of the FortiManager
VM you deployed in the inventory list and select Power on the virtual machine in the Getting
Started tab. Optionally, you can select the name of the FortiManager VM you deployed,
right-click and select Power > Power On.
FortiManager VM Deployment
Page 22
FortiManager VM (VMware) Install Guide
FortiManager VM Initial Configuration
Before you can connect to the FortiManager VM Web-based Manager you must configure basic
configuration via the console tab in your vSphere client. Once configured, you can connect to
the FortiManager VM Web-based Manager and upload the FortiManager VM license file that
you downloaded from the Customer Service & Support portal.
The following topics are included in this section:
• FortiManager VM console access
• Connect to the FortiManager VM Web-based Manager
• Upload the FortiManager VM license file
• Configure your FortiManager VM
FortiManager VM console access
To enable Web-based Manager access to the FortiManager VM you must configure the port1 IP
address and network mask of the FortiManager VM in the vSphere client Console tab.
To configure the port1 IP address and netmask:
1. In the Inventory list, select the FortiManager VM that you deployed. In the Getting Started
tab select Power on the virtual machine. Optionally, you can right-click the FortiManager VM
and select Power > Power On.
2. Select the Console tab.
The Console window appears
Figure 21:FortiManager VM console access
Page 23
3. At the FortiManager VM login prompt enter the user name admin and password. The default
password is no password.
4. To configure the port1 IP address and netmask, enter the following CLI commands:
config system interface
edit port1
set ip <IP address Netmask>
end
The Customer Service & Support portal currently does not support IPv6 for FortiManager VM
license validation. You must specify an IPv4 address in both the support portal and the port1
management interface.
5. To configure the default gateway, enter the following CLI commands:
config system route
edit 1
set device port1
set gateway <IP address Netmask>
end
Connect to the FortiManager VM Web-based Manager
Once you have configured the port1 IP address and network mask, launch a web browser and
enter the IP address you configured for port1. At the login page, enter the user name admin and
password and select Login. The default password is no password. The Web-based Manager will
appear with an Evaluation License dialog box, see Figure 22.
By default, the Web-based Manager is accessible via HTTPS.
FortiManager VM Initial Configuration
Page 24
FortiManager VM (VMware) Install Guide
Figure 22:Web-based Manager and Evaluation License dialog box
Upload the FortiManager VM license file
Every Fortinet VM includes a 15-day trial license. During this time the FortiManager VM
operates in evaluation mode. Before using the FortiManager VM you must enter the license file
that you downloaded from the Customer Service & Support portal upon registration.
To upload the FortiManager VM licence file:
1. In the Evaluation License dialog box, select Enter License. Optionally, select Upload License
in the License Information dashboard widget.
You can also upload the license file via the CLI using the following CLI command:
execute add-vm-license <vm license string>
You can open the FMG-VM.lic license file using Wordpad or Notepad++.
FortiManager VM Initial Configuration
Page 25
FortiManager VM (VMware) Install Guide
The license upload page opens.
Figure 23:License upload page
2. Select Browse and locate the license file (.lic) on your management computer. Select OK to
upload the license file.
You will receive a reboot message. The FortiManager VM system will reboot and load the
license file.
3. Refresh the browser to login.
4. Enter admin in the Name field and select Login. The VM registration status appears as valid
in the License Information widget once the license has been validated.
As a part of the license validation process FortiManager VM compares its IP address with the IP
information in the license file. If a new license has been imported or the FortiManager’s IP
address has been changed, the FortiManager VM must be rebooted in order for the system to
validate the change and operate with a valid license.
5. If the IP address in the license file and the IP address configured in the FortiManager VM do
not match, you will receive the following error message dialog box when you log back into
the VM.
FortiManager VM Initial Configuration
Page 26
FortiManager VM (VMware) Install Guide
Figure 24:VM license file is invalid dialog box
If this occurs, you will need to change the IP address in the Customer Service & Support
portal to match the management IP and re-download the license file. To change the
management IP address. see “To edit the FortiManager VM IP address:” on page 11.
After an invalid license file is loaded to FortiManager VM, the Web-based Manager will be
locked until a valid license file is uploaded.
Configure your FortiManager VM
Once the FortiManager VM license has been validated you can begin to configure your device.
For more information on configuring your FortiManager VM see the FortiManager Administration
Guide at http://docs.fortinet.com.
In VM environments, it is recommended that you clone the VM instance. In the event of an issue
with the firmware upgrade, you can to revert to the VM clone.
FortiManager VM Initial Configuration
Page 27
FortiManager VM (VMware) Install Guide
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising