Description
This article describes the deployment of FortiManager/FortiAnalyzer on Docker Desktop. Example provided in this article is performed with Docker Desktop in Windows 11 with FortiManager docker.
Traditional virtualization will require each virtual machine to deploy an OS. In Docker Desktop, virtualization can be performed on OS-level and every application is managed under a container.
Docker Desktop is a tool for docker and it comes in multiple OS variants as shown below:
Scope
FortiManager/FortiAnalyzer
Solution
- In FortiManager and FortiAnalyzer v7.0.1 onwards, a docker image is provided. Users are able to request the image from TAC /CS to deploy FortiManager/FortiAnalyzer with docker.
- Prepare the image:
- For FortiManager, import the FMG_DOCKER-v7-build3414-FORTINET.tar.xz file.
docker import "FMG_DOCKER-v7-buildxxxx-FORTINET.tar.xz" <image ID>:<Tag> -c 'ENTRYPOINT ["/sbin/init"]'
- For FortiAnalyzer, import the FAZ_DOCKER-v7-build3414-FORTINET.tar.xz file:
docker import "FAZ_DOCKER-v7-buildxxxx-FORTINET.tar.xz" <image ID>:<Tag> -c 'ENTRYPOINT ["/sbin/init"]'
- Next, run the images with the command below:
docker run -it --restart always -p <Port Mapping>:443 -p <Port Mapping>:22 -p <Port Mapping>:541 --cap-add=ALL <image ID>:<Tag>
Note:
Port 443 is used for HTTPS, port 22 is used for SSH, and port 541 is used for the FortiGate-FortiManager tunnel.
- Verify that the image was launched successfully with the following FortiManager or FortiAnalyzer CLI command:
get system status
- After the FortiManager or FortiAnalyzer instance is deployed successfully, the GUI is accessible from the link under Docker Desktop -> Images -> In Use -> Port(s):
- After, select the link. It will direct the user to the FortiManager GUI:
Note:
The https:// prefix is required to access the GUI from port 443.
Related documents:
Video guide: FortiManager Docker container installation, licensing and running on Ubuntu, CentOS
