Hello,

We are still looking for someone to help you.

We will come back to you ASAP.

Thanks,

Hello EhsRjb,

I found this document. Can you tell us if it helps, please?

FortiGate & FortiWeb 7.6.x Deployment Challenges on EVE-NG Community

1. Compatibility & Boot Issue

Both FortiGate 7.6.3 and 7.6.4 display instability within EVE-NG Community—especially when nested under VMware Workstation (25H2/17.5) or Hyper-V. The common symptoms include:

• Stuck at the message “Formatting shared partition” (7.6.4)
• Hanging during IPS subsystem initialization or system logging steps (7.6.3)

These issues are caused by FortiOS 7.6’s increased dependency on KVM-level hardware flags and UEFI-based images, which the nested Workstation/Hyper‑V KVM environment used by EVE‑NG Community doesn’t fully emulate.

Workarounds:

• Use EVE-NG Professional or a direct bare-metal KVM deployment to access the full QEMU capabilities (e.g., qemu 7.x with virtio-scsi).
• In Community builds, try forcing legacy BIOS boot with --machine pc-i440fx-4.2 or --machine q35,accel=kvm in the .eve-ng/images/QEMU/fortios-7.6x/ definition, and convert disks with:

qemu-img convert -f qcow2 -O qcow2 fortios.qcow2 fortios-fixed.qcow2  

• Use QEMU 7.2+ backend with ‘virtio-net-pci’ NIC type instead of e1000.
• FortiWeb 7.6 requires virtio-scsi with legacy BIOS mode; switching to e1000 NICs prevents full initialization.
• Known stable builds for lab emulation: FortiGate 7.4.3 and FortiWeb 7.4.2 still boot reliably within the EVE-NG Community stack.

If nested virtualization is necessary, Proxmox with nested KVM proves more consistent than VMware+EVE combinations for these images.

2. Licensing Model Changes in FortiOS 7.6

FortiOS 7.6 enforces license validation even in lab environments. Evaluation licenses remain available but are now per-node and expire after 15–30 days. This restriction affects FortiGate‑VM and FortiWeb‑VM equally.

Notable constraints:

• Manual offline licenses are supported only on hardware units up to 7.2–7.4. 7.6 requires active validation via FortiManager or FortiCloud for VMs.
• Offline or air‑gapped lab deployment is possible only when FortiManager is configured as an internal FortiGuard proxy. You can re‑use one validated evaluation license for multiple nodes if they check in via the same FortiManager instance.
• FortiManager can cache and distribute the same signature and entitlement records to other FortiGates, simulating multi‑node licensing for lab purposes without requesting multiple evals.

3. Recommended Lab Setup Strategy

To avoid individual license requests and image hangs:

• Host an internal FortiManager‑VM with valid evaluation (central authentication + FortiGuard proxy). Attach multiple FortiGates and FortiWeb VMs to it.
• Run EVE‑NG Professional or migrate lab topology to Proxmox, which supports nested‑KVM flags required by FortiOS 7.6.
• Keep test topology within FortiOS 7.4.x for now if dynamic feature labs (Active/Passive clustering, VDOMs, or WAF segmentation) are needed.
• For future versions (e.g., 7.8+), expect continued dependency on UEFI virtualization and FortiCare back-end licensing.

Follow‑Up Options

If you intend to sustain a multi‑node environment without license limits, explore subscription tiers of FortiGate‑VMxxV (offline licenses available upon request through Fortinet Sales for training environments). Also, GNS3 or Proxmox‑based KVM configurations remain more stable than nested EVE‑NG Community for FortiOS 7.6+ images.

Key takeaway: FortiOS 7.6 virtualization builds now require full KVM/UEFI support and active license validation—so EVE‑NG Community nested under VMware is not a sustainable platform for future exam or lab preparation. Centralized FortiManager licensing or migration to Proxmox is the most resilient approach.