Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
agustuscrown
New Contributor

Anyone using FortiGate VM at home?

I just discovered the FortiGate-VM. It sounds like a great way to learn FortiGate before we get one at work this summer without dropping $100s on the OEM hardware.

I’m having trouble with the setup though. The software installation went fine in the free version of ESXi, but I started by using a single NIC host (mea culpa), and then my second try ended suddenly when I found that my Dell Optiplex 7020 has Intel VT-x but not VT-d! That means that I can’t use “Direct I/O”, which is what I need to assign my PCI-e dual-NIC card to the FortiGate VM. I could just play around with the admin GUI, but they already have an online demo for that! I really want to set up a whole network with proper WAN/LAN interfaces!

So the question is: what hardware can I use to do this? Does anyone have this running on a non-server box?

Some ideas:

  • I have a Rasbperry Pi 4B with 4GB RAM, and ESXi has an ARM build. But it’s obviously single NIC. Is there a way to add more for “production”, that is, with stability? USB Ethernet adapters don’t feel right. Correct me if I’m wrong.

  • Generic Mini PC: these tend to be $200+ and I can’t justify that personally.

  • A different Dell/HP/Lenovo machine? I have another Optiplex and an HP ProDesk that I haven’t tried yet button current dual-NIC

https://xender.vip/
6 REPLIES 6
xsilver_FTNT
Staff
Staff

For simple tests and as simplest solution I do use VMWare Workstation Pro on Dell Latitude notebooks like 7400/7470/5430 ..
And it works fine with virtualized interfaces. Sure, not a commercial/production environment, but for simple tests and POCs it's pretty OK. Depends on what you want to test.

Alternatively I use older gaming PC with Z170A chipset - again with VMWare workstation. Or oldeer HP Z230 desktop with Proxmox.com as a hypervisor.


Raspberry Pi seems to me too weak and as You said it lacks scalability and net interfaces.
If you are limited in resources as it seem, then I'd go with either local Workstation in your PC, or as you probably run on Windows, then even HyperV guest might be suitable.

Sure, neither one is HW unit equivalent, but for quick look and tests, it might be enough.

Need HW, prospective customer? Maybe try to get in touch with Fortinet's local distributor/partner and they might have demo unit to play with for some time.

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC Staff Engineer

ebilcari
Staff
Staff

If you have a PC with a processor that can do virtualization and is running windows 10, you can freely use Hyper-V. You can create many virtual adapters to connect the VMs (other FGTs or end devices). It can run smoothly with 2GB of RAM and for normal tests you will not notice the CPU load.

2023-08-02 09_31_53-Window.png

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
hanitakashi
New Contributor

TBH, I don’t know how this would work. My main concern is making sure my WAN connection only goes to the Fortigate. Can I assign the physical dual NICs to the FG using virtual NICs? Would I be “mapping” them to FG’s WAN and LAN in ESXI?

omegle xender
xsilver_FTNT
Staff
Staff

Hi hanitakashi,
not sure on latest ESXi, should be possible to map physical/hardware device to VM.
More precisely I do expect that VMWare did not removed that feature, but not sure (have bad experience with them and removed features from Workstation Pro).

 

Due to some VMWare limitations I moved my private hypervisors to Proxmox and it definitely does support mapping HW device to VM guest. Not just NIC but also USB ports and adapters - use that for Zigbee bridge connected via USB3.

 

Never played with Hyper-V that much.

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC Staff Engineer

Spenceron
New Contributor

I've run into a bit of a roadblock during the setup phase. I installed the software in the free ESXi version, but my initial attempts were on a single NIC host – a bit of a misstep on my part. Upon closer inspection, I realized that my Dell Optiplex 7020 supports Intel VT-x but lacks VT-d, preventing me from using "Direct I/O." This is essential for assigning my PCI-e dual-NIC card to the FortiGate VM, which is crucial for creating proper WAN/LAN interfaces for a comprehensive network setup. While I could tinker around with the admin GUI, I'm eager to build an authentic network environment, not just explore the GUI features.

ebilcari

A cheaper solution, at least what I'm using in my lab are some cheap USB to RJ45. You can easily mount them to the guest host from the hypervisor.
Or you can create virtual adapters and connect the guest host VMs to the FGT via internal virtual adapters (you can create as many as you want) to emulate the clients and use the physical adapter for WAN access in FGT.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Top Kudoed Authors