| Description | This article describes how to install FortiGate VM on Proxmox. |
| Scope | FortiGate KVM 7.x.x+. |
| Solution |
Proxmox is an open-source enterprise-grade hypervisor which uses KVM as a backend for virtualization. This makes it a suitable choice for a hypervisor. The general steps outlined in this guide can be applied to other Fortinet products which run on KVM.
First, create a VM. Do this by right-clicking on the node and selecting 'Create VM':
Use any name. Take note of the VM ID, as it will be needed later.
Do not add any media yet. The default values for 'Guest OS' are fine.
Next we will create our Log Disk. This can be as large or small as you want.
The amount of cores that should be added will depend on the license. Generally, the first two numbers of the VM's model number will indicate the core count. For example, a FortiGate VM04V will have 4 cores available to use.
There is no limit to the amount of RAM that can be allocated (beyond available system resources). 4GB is an acceptable number: this can be changed later.
The network portion will be covered after creating the VM. Select 'no network device' for now, or add a network device here if the intended device is already known.
By this stage, the VM has been created. There is no operating system yet, which means one must be downloaded from the support portal. Navigate to support.fortinet.com, then Support -> Firmware Download -> Download. Select any desired version of FortiOS.
Inside of the .zip will be a .qcow2 image file. This is the disk the FortiGate will boot off of.
Extract it to a known location. It will then be necessary to transfer this to the Proxmox machine. The easiest way to do this is to use SCP. The correct syntax is as follows:
scp fortios.qcow2 root@x.x.x.x:/root/
This will place it in the root user's home directory - the default location when the user enters the Proxmox Shell.
Now, proceed to the Proxmox Shell and import the disk image to the VM manually. The syntax is as follows:
qm importdisk xxx fortios.qcow2 local-lvm
Here, 'xxx' will be the VM ID noted down while creating the VM.
It will now be visible while inspecting the FortiGate VM.
Select 'Edit', then 'Add'. This will attach it to the VM.
Change the boot order under 'Options' to boot from the new disk.
This is a good time to set up network interfaces. It is only possible to attach Linux Bridge 'vmbrX' interfaces to Virtual Machines in Proxmox. Each of these bridges is associated with a physical network adapter. Depending on the intended use cases, it is possible to attach the same bridge multiple times onto a VM. In this example, just one bridge will be attached to the VM for now.
The Linux Bridge VLAN has been made aware so it can see all VLANs on that physical port. Upon attaching the interface to the VM in Proxmox, it will allow all VLANs on that bridge unless a VLAN ID is specified.
Now, boot the VM. Right-click the VM and select the option to start it. Navigate to the console in order to interact with the VM.
Success! Now, login and confirm the network interfaces are showing up correctly. At this stage, set up the IP to connect to the GUI.
For each network interface added, an equivalent port will be added in FortiOS.
In this example, a VLAN was created on port1 to demonstrate that the VLANs can be seen:
Success! DHCP worked for the test VLAN, and the native VLAN on that port.
The process is now complete. Navigate to the Web GUI as configured in FortiOS and proceed to upload the license. |
