Prerequisites:

1. EVE-NG installed:  Make sure to have either the Community or Professional version of EVE-NG installed on the system.
2. FortiGate VM image: Download the FortiGate-VM image (KVM version) from the Fortinet support site.
   
   

Steps:

1. Download the FortiGate Image:

• Go to the Fortinet support site (https://support.fortinet.com/Download/VMImages.aspx).
• Navigate to Support/VM Images and download the desired FortiOS version for the KVM platform.

• Or if there is a need to use an old version that is not available above, go to the following and download the preferred FortiOS version for the KVM platform under support.fortinet.com -> Support -> Firmware download.

2. Prepare the Image: Extract the downloaded FortiGate VM image file, which usually has a .qcow2 extension.

    

   

    

Upload the Image to EVE-NG:

Use WinSCP (Windows) or SCP (Linux/Mac) to upload the .qcow2 file to your EVE-NG server.

Navigate to the directory  /opt/unetlab/addons/qemu/.

Create a new directory for the FortiGate image. Use the format fortinet-FortiGate-version (e.g., fortinet-FortiGate-7.2.8):

Upload the .qcow2 file to this new directory and rename it to virtioa.qcow2.

2. Set Correct Permissions:

   Connect to the EVE-NG console and set the correct permissions for the uploaded file: cd /opt/unetlab/addons/qemu/fortinet-FortiGate-7.2.8/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

    

   

    

    

3. Add FortiGate to the Lab: Log in to the EVE-NG web interface. Create a new lab or open an existing one. Add a new node to the lab. FortiGate should be listed among the available devices. Select it and configure it as needed.

    

   

    

    

    

   

    

    

    

4. Start and Configure FortiGate: Start the FortiGate VM. Open the console to perform initial configurations, such as setting up management interfaces and other settings as required.

    

   

    

   

Additional note:

Even after adding the FortiGate image, FortiGate will not start unless 'Virtualize Intel VT-x/EPT' is enabled: EVE-NG uses KVM as its underlying hypervisor. KVM, in turn, depends on VT-x/EPT to provide hardware virtualization. If these settings are not enabled, KVM cannot launch VMs that require hardware virtualization, including FortiGate-VM.

To enable it, right-click on EVE and edit the virtual machine settings, go to the processor, and enable Virtualize Intel VT-x/EPT.

If there are still errors while enabling Virtualize Intel VT-x/EPT, see Troubleshooting tip: Error 'Virtualized Intel VT-XEPT is not supported on this platform' with a virt....

If multiple FortiGates are needed for the labs in EVE-NG, note that each FortiGate VM will have a unique serial number. This can lead to issues when trying to register multiple VMs under the same FortiCare account.

If an issue arises where the trial license becomes invalid due to serial number changes, the old FortiGate needs to be decommissioned before using a new FortiGate VM in a lab. For detailed steps on how to decommission assets in FortiCloud, refer to Decommissioning assets.

By decommissioning the old FortiGate VM, the new FortiGate can successfully be registered without any issues, even when creating multiple labs in EVE-NG.

Starting from v7.2.1, the FortiGate-VM evaluation license is now a permanent trial license. It requires a FortiCare account to avail of the trial license, which has limited features and capacity. More information in this link: Permanent trial mode for FortiGate-VM

Related article:

Technical Tip: Preparing user configuration to be imported on the LAB

Technical Tip: Installing FortiManager KVM on EVE-NG and connecting it to FortiGate KVM's Security F...