I just discovered the FortiGate-VM. It sounds like a great way to learn FortiGate before we get one at work this summer without dropping $100s on the OEM hardware.
I’m having trouble with the setup though. The software installation went fine in the free version of ESXi, but I started by using a single NIC host (mea culpa), and then my second try ended suddenly when I found that my Dell Optiplex 7020 has Intel VT-x but not VT-d! That means that I can’t use “Direct I/O”, which is what I need to assign my PCI-e dual-NIC card to the FortiGate VM. I could just play around with the admin GUI, but they already have an online demo for that! I really want to set up a whole network with proper WAN/LAN interfaces!
So the question is: what hardware can I use to do this? Does anyone have this running on a non-server box?
Some ideas:
I have a Rasbperry Pi 4B with 4GB RAM, and ESXi has an ARM build. But it’s obviously single NIC. Is there a way to add more for “production”, that is, with stability? USB Ethernet adapters don’t feel right. Correct me if I’m wrong.
Generic Mini PC: these tend to be $200+ and I can’t justify that personally.
A different Dell/HP/Lenovo machine? I have another Optiplex and an HP ProDesk that I haven’t tried yet button current dual-NIC
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
For simple tests and as simplest solution I do use VMWare Workstation Pro on Dell Latitude notebooks like 7400/7470/5430 ..
And it works fine with virtualized interfaces. Sure, not a commercial/production environment, but for simple tests and POCs it's pretty OK. Depends on what you want to test.
Alternatively I use older gaming PC with Z170A chipset - again with VMWare workstation. Or oldeer HP Z230 desktop with Proxmox.com as a hypervisor.
Raspberry Pi seems to me too weak and as You said it lacks scalability and net interfaces.
If you are limited in resources as it seem, then I'd go with either local Workstation in your PC, or as you probably run on Windows, then even HyperV guest might be suitable.
Sure, neither one is HW unit equivalent, but for quick look and tests, it might be enough.
Need HW, prospective customer? Maybe try to get in touch with Fortinet's local distributor/partner and they might have demo unit to play with for some time.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
If you have a PC with a processor that can do virtualization and is running windows 10, you can freely use Hyper-V. You can create many virtual adapters to connect the VMs (other FGTs or end devices). It can run smoothly with 2GB of RAM and for normal tests you will not notice the CPU load.
Hi hanitakashi,
not sure on latest ESXi, should be possible to map physical/hardware device to VM.
More precisely I do expect that VMWare did not removed that feature, but not sure (have bad experience with them and removed features from Workstation Pro).
Due to some VMWare limitations I moved my private hypervisors to Proxmox and it definitely does support mapping HW device to VM guest. Not just NIC but also USB ports and adapters - use that for Zigbee bridge connected via USB3.
Never played with Hyper-V that much.
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
I've run into a bit of a roadblock during the setup phase. I installed the software in the free ESXi version, but my initial attempts were on a single NIC host – a bit of a misstep on my part. Upon closer inspection, I realized that my Dell Optiplex 7020 supports Intel VT-x but lacks VT-d, preventing me from using "Direct I/O." This is essential for assigning my PCI-e dual-NIC card to the FortiGate VM, which is crucial for creating proper WAN/LAN interfaces for a comprehensive network setup. While I could tinker around with the admin GUI, I'm eager to build an authentic network environment, not just explore the GUI features.
A cheaper solution, at least what I'm using in my lab are some cheap USB to RJ45. You can easily mount them to the guest host from the hypervisor.
Or you can create virtual adapters and connect the guest host VMs to the FGT via internal virtual adapters (you can create as many as you want) to emulate the clients and use the physical adapter for WAN access in FGT.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1660 | |
1071 | |
751 | |
443 | |
219 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.