FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kajlasunil
Staff
Staff
Article Id 329180
Description

This article describes how to install FortiGate KVM in EVE-NG.

Scope

FortiGate v6.4.X, v7.0.X, v7.2.X, v7.4.X.

Solution

Prerequisites:

  1. EVE-NG installed:  Make sure to have either the Community or Professional version of EVE-NG installed on the system.
  2. FortiGate VM image: Download the FortiGate-VM image (KVM version) from the Fortinet support site.

Steps:

  1. Download the FortiGate Image:

 

kajlasunil_0-1722433558943.png

 

  • Or if there is a need to use an old version that is not available above, go to the following and download the preferred FortiOS version for the KVM platform under support.fortinet.com -> Support -> Firmware download.


firmware.PNG

 

 

  1. Prepare the Image: Extract the downloaded FortiGate VM image file, which usually has a .qcow2 extension.

     

    kajlasunil_1-1722433558945.png

     

Upload the Image to EVE-NG:

Use WinSCP (Windows) or SCP (Linux/Mac) to upload the .qcow2 file to your EVE-NG server.

Navigate to the directory  /opt/unetlab/addons/qemu/.

 

Create a new directory for the FortiGate image. Use the format fortinet-FortiGate-version (e.g., fortinet-FortiGate-7.2.8):

 

kajlasunil_2-1722433558948.png

 

Upload the .qcow2 file to this new directory and rename it to virtioa.qcow2.

 

 

  1. Set Correct Permissions:

    Connect to the EVE-NG console and set the correct permissions for the uploaded file: cd /opt/unetlab/addons/qemu/fortinet-FortiGate-7.2.8/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

     

    kajlasunil_3-1722433558949.png

     

     

  2. Add FortiGate to the Lab: Log in to the EVE-NG web interface. Create a new lab or open an existing one. Add a new node to the lab. FortiGate should be listed among the available devices. Select it and configure it as needed.

     

    kajlasunil_4-1722433558953.png

     

     

     

    kajlasunil_5-1722433558956.png

     

     

     

  3. Start and Configure FortiGate: Start the FortiGate VM. Open the console to perform initial configurations, such as setting up management interfaces and other settings as required.

     

    kajlasunil_6-1722433558957.png

     

    kajlasunil_7-1722433558965.png

 

Additional note:

Even after adding the FortiGate image, FortiGate will not start unless 'Virtualize Intel VT-x/EPT' is enabled: EVE-NG uses KVM as its underlying hypervisor. KVM, in turn, depends on VT-x/EPT to provide hardware virtualization. If these settings are not enabled, KVM cannot launch VMs that require hardware virtualization, including FortiGate-VM.

 

To enable it, right-click on EVE and edit the virtual machine, go to the processor, and enable Virtualize Intel VT-x/EPT.

 

If there are still errors while enabling Virtualize Intel VT-x/EPT, see Troubleshooting tip: Error 'Virtualized Intel VT-XEPT is not supported on this platform' with a virt....

 

If multiple FortiGates are needed for the labs in EVE-NG, note that each FortiGate VM will have a unique serial number. This can lead to issues when trying to register multiple VMs under the same FortiCare account.

 

If an issue arises where the trial license becomes invalid due to serial number changes, the old FortiGate needs to be decommissioned before using a new FortiGate VM in a lab. For detailed steps on how to decommission assets in FortiCloud, refer to Decommissioning assets.

 

By decommissioning the old FortiGate VM, the new FortiGate can successfully be registered without any issues, even when creating multiple labs in EVE-NG.

 

Starting from v7.2.1, the FortiGate-VM evaluation license is now a permanent trial license. It requires a FortiCare account to avail of the trial license, which has limited features and capacity. More information in this link: Permanent trial mode for FortiGate-VM

 

Related article:

Technical Tip: Preparing user configuration to be imported on the LAB