Deployment example – MS Hyper-V

Configure FortiGate VM hardware settings

Before powering on your FortiGate VM you must configure the virtual memory, virtual CPU, and virtual disk configuration to match your FortiGate VM license.

 

To configure settings for FortiGate VM on the server:

1. In the Hyper-V Manager, locate the name of the virtual machine, right-click the entry, and select Settings from the menu. Optionally, you can select the virtual machine and select Settings in the Actions menu.

The Settings page is displayed.

2. Configure virtual processors, network adapters, and virtual hard drive settings.

3. Select Apply to save the settings and then select OK to close the settings page.

 

FortiGate VM virtual processors

You must configure FortiGate VM virtual processors in the server settings page. The number of processors is dependent on your server environment.

 

Configure FortiGate VM virtual processors:

1. In the Settings page, select Processor from the Hardware menu.

The Processor page is displayed.

2. Configure the number of virtual processors for the FortiGate VM virtual machine. Optionally, you can use resource controls to balance resources among virtual machines.

3. Select Apply to save the settings.

 

FortiGate VM network adapters

You must configure FortiGate VM network adapters in the server settings page. FortiGate VM supports four network adapters.

 

Configure FortiGate VM network adapters:

1. In the Settings page, select Add Hardware from the Hardware menu, select Network Adapter in the device list, and select the Add button.

 

The Network Adapter page is displayed.

1. You must manually configure four network adapters for FortiGate VM in the settings page. For each network adapter, select the virtual switch from the drop-down list.

2. Select Apply to save the settings.

 

FortiGate VM virtual hard disk

You must configure the FortiGate VM virtual hard disk in the server settings page.

If you know your environment will expand in the future, it is recommended to increase the hard disk size beyond 30GB. The VM license limit is 2TB.

 

Configure a FortiGate VM virtual hard drive:

1. In the Settings page, select IDE Controller 0 > Hard Drive from the Hardware menu.

The Hard Drive page is displayed.

2. Select New to create a new virtual hard disk.

The New Virtual Hard Disk Wizard opens.

3. This wizard helps you to create a new virtual hard disk.

Select Next to continue. The Choose Disk Format page opens.

4. Select to use VHDX format virtual hard disks. This format supports virtual disks up to 64TB and is resilient to consistency issues that might occur from power failures. This format is not supported in operating systems earlier than Windows Server 2012. Note that FortiGate-VM does not support hard disks larger than 2TB.

Select Next to continue. The Choose Disk Type page opens.

5. Select the type of virtual disk you want to use. Select one of the following disk types:

  • Fixed size: This type of disk provides better performance and is recommended for servers running applications with high levels of disk activity. The virtual hard disk file that is created initially uses the size of the virtual hard disk and does not change when data is deleted or added.
  • Dynamic expanding: This type of disk provides better use of physical storage space and is recommended for servers running applications that are not disk intensive. The virtual disk file that is created is small initially and changes as data is added.
  • Differencing: This type of disk is associated in a parent-child relationship with another disk that you want to leave intact. You can make changes to the data or operating system without affecting the parent disk, so that you can revert the changes easily. All children must have the same virtual hard disk format as the parent (VHD or VHDX).

Select Next to continue. The Specify Name and Location page opens.

6. Specify the name and location of the virtual hard disk file. Use the Browse button to select a specific file folder on your server.

Select Next to continue. The Configure Disk page opens.

7. Select to Create a new blank virtual hard disk and enter the size of the disk in GB. The maximum size is dependent on your server environment.

Select Next to continue. The Summary page opens.

8. The summary page provides details of the virtual hard disk. Select Finish to create the virtual hard disk.

9. Select Apply to save the settings and select OK to exit the settings page.

 

High Availability Hyper-V configuration

Promiscuous mode and support for MAC address spoofing is required for FortiGate-VM for Hyper-V to support FortiGate Clustering Protocol (FGCP) high availability (HA). By default the FortiGate-VM for Hyper-V has promiscuous mode enabled in the XML configuration file in the FortiGate-VM Hyper-V image. If you have problems with HA mode, confirm that this is still enabled.

In addition, because the FGCP applies virtual MAC addresses to FortiGate data interfaces and because these virtual MAC addresses mean that matching interfaces of different FortiGate-VM instances will have the same virtual MAC addresses you have to configure Hyper-V to allow MAC spoofing. But you should only enable MAC spoofing for FortiGate-VM data interfaces. You should not enable MAC spoofing for FortiGate HA heartbeat interfaces.

With promiscuous mode enabled and the correct MAC spoofing settings you should be able to configure HA between two or more FortiGate-VM for Hyper-V instances.

 

Start the FortiGate VM

You can now proceed to power on your FortiGate VM. Select the name of the FortiGate VM in the list of virtual machines, right-click, and select Start in the menu. Optionally, you can select the name of the FortiGate VM in the list of virtual machines and select Start in the Actions menu.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in FortiGate, FortiOS, FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.