Fortinet black logo

VM Installation Guide

Chapter 1: Getting Started

5.3.0
Copy Link
Copy Doc ID 96c7833d-d34d-11e9-8977-00505692583a:977201
Download PDF

Chapter 1: Getting Started

This chapter includes the following information:

Introduction

Welcome, and thank you for selecting Fortinet Technologies, Inc. products for your network. The FortiADC D-series family of Application Delivery Controllers (ADC) optimizes the availability, user experience, performance and scalability of enterprise application delivery.

The FortiADC D-series family includes physical appliances and virtual appliances. FortiADC-VM is a virtual appliance version of FortiADC. FortiADC-VM is suitable for small, medium, and large enterprises.

Basic network topology

FortiADC-VM network topology shows the network topology when the FortiADC-VM is deployment in a virtual machine environment such as VMware vSphere.

FortiADC-VM network topology

FortiADC intercepts incoming client connections and redistributes them to your servers. FortiADC has some firewall capability. However, because it is designed primarily to provide application availability and load balancing, it should be deployed behind a firewall that focuses on security, such as FortiGate.

In deployments that use the FortiADC global server load balancing feature, each hosting location should have its own FortiADC. For example, if you had server clusters located in New York, Shanghai and Bangalore, you deploy three FortiADC appliances: one in New York, one in Shanghai, and one in Bangalore.

Once the virtual appliance is deployed, you can configure FortiADC-VM via its web UI and CLI, from a web browser and terminal emulator on your management computer.

In the initial setup, the following ports are used:

  • DNS lookup — UDP 53
  • FortiGuard licensing — TCP 443

System requirements

VM environment Tested Versions
VMware ESXi 3.5, 4.x, 5.0, 5.1, 5.5, 6.0, 6.5
Microsoft Hyper-V Windows Server 2012 R2
KVM

Linux version 3.19.0 qemu-img v2.0.0, qemu-img v2.2

Citrix Xen XenServer 6.5.0
Xen Project Hypervisor 4.4.2, 4.5

Note

For best performance, install FortiADC-VM on a “bare metal” hypervisor. Hypervisors that are installed as applications on top of a general purpose operating system (Windows, Mac OS X or Linux) host have fewer computing resources available due to the host OS’s own overhead.

Hardware-assisted virtualization (VT) must be enabled in the BIOS.

Downloading software & registering with support

When you purchase a FortiADC-VM, you receive an email that contains a registration number. This is used to download the software, your purchased license, and also to register your purchase with Fortinet Customer Service & Support so that your FortiADC-VM will be able to validate its license with Fortinet.

Many Fortinet customer services such as firmware updates, technical support, and FortiGuard services require product registration. For more information, see the Fortinet Knowledge Base article Registration Frequently Asked Questions.

Fortinet Customer Service & Support shows the Fortinet Customer Service & Support website.

Fortinet Customer Service & Support

To register & download FortiADC-VM and your license:
  1. Log into the Fortinet Customer Service & Support web site:
  2. https://support.fortinet.com/

  3. Under Asset, click Register/Renew.
  4. Provide the registration number that was emailed to you when you purchased the software. Registration numbers are a hyphenated string of 25 numbers and characters in groups of 5, such as:
  5. TLH5R-NUNDP-MC6T7-0DNWA-AP45ZA

    A registration form appears.

  6. Use the form to register your ownership of FortiADC-VM.
  7. After completing the form, a registration acknowledgment page appears.

  8. Click the License File Download link.
  9. Your browser will download the .lic file that was purchased for that registration number.

  10. Click the Home link to return to the initial page.
  11. Under Download, click Firmware Images.
  12. Click the FortiADC link and navigate to the version that you want to download.
  13. Download the .zip file. You use the VM installation files contained in the .zip file for new VM installations. (The .out image files are for upgrades of existing installations only, and cannot be used for a new installation.)

    Note

    Files for FortiADC-VM have a FAD_VM filename prefix. Other prefixes indicate that the file is for hardware versions of FortiADC such as FortiADC 200D. Such other files cannot be used with FortiADC-VM.

  14. Extract the .zip file contents to a folder. The following figure shows the contents of the package for VMware. Refer to the table that follows for details on packages for supported VM environments.

VM environment Download package
VMware

The ovf.zip download file contains multiple ovf files.

The fortiadc-vm-64-hw4.ovf file is a VMware virtual hardware version 4 image that supports ESXi 3.5.

The fortiadc-vm-64-hw7.ovf file is a VMware virtual hardware version 7 image that supports ESXi 4.0 and above.

Refer to the VMware support site for information about VMware virtual hardware versions and ESXi versions.

Microsoft Hyper-V The hyperv.zip download file contains multiple files you use for the installation. Extract all the files to a directory you can access when you perform the installation. When you do the installation, you select the folder that contains the unzipped files.
KVM The kvm.zip download file contains the boot.qcow2 and data.qcow2 files you use for the installation.
Citrix Xen The xenserver.zip download file contains the fortiadc-vm-xen.ovf file you use for the installation.
Xen Project The xenopensource.zip download file contains the fortiadc.hvm, bootdisk.img, and logdisk.img files you use for the installation.

Licensing

This section describes licensing. It includes the following information:

Evaluation license

FortiADC-VM can be evaluated with a free 15-day trial license that includes all features except:

  • HA
  • FortiGuard updates
  • Technical support

You do not need to manually upload the trial license. It is built-in. The trial period begins the first time you start FortiADC-VM. When the trial expires, most functionality is disabled. You must purchase a license to continue using FortiADC-VM.

License sizes

FortiADC-VM licenses are available at the following sizing levels.

FortiADC-VM sizes

License/model

VM01

VM02

VM04

VM08 VM16

VM32

Virtual CPUs

(vCPUs)

1

2

4

8 16

32

Virtual RAM

(vRAM)

4 GB

4 GB

8 GB

16 GB 32 GB

64 GB

Maximum IP sessions varies by license, but also by available vRAM, just as it does for hardware models. For details, see the maximum configuration values in the FortiADC Handbook.

License validation

FortiADC-VM must periodically re-validate its license with the Fortinet Distribution Network (FDN). If it cannot contact the FDN for 24 hours, access to the FortiADC-VM web UI and CLI are locked.

By default, FortiADC-VM attempts to contact FDN over the Internet. If the management port cannot access the Internet (for example, in closed network environments), it is possible for FortiADC-VM to validate its license with a FortiManager that has been deployed on the local network to act as a local FDS (FortiGuard Distribution Server).

On the FortiADC-VM, specify the FortiManager IP address for the "override server" in the FortiGuard configuration:

FortiADC-VM # config system fortiguard

set override-server-status enable

set override-server-address <fortimanager_ip>:8890

end

where <fortimanager_ip> is the IP address. (TCP port 8890 is the port where the built-in FDS feature listens for requests.)

For more information on the FortiManager local FDS feature, see the FortiManager Administration Guide.

Note: Although FortiManager can provide FortiGuard security service updates to some Fortinet devices, for FortiADC, its FDN features can provide license validation only.

About this document

This document describes how to deploy a FortiADC virtual appliance disk image onto a virtualization server, and how to configure the virtual hardware settings of the virtual appliance. It assumes you have already successfully installed a virtualization server on the physical machine.

This document does not cover initial configuration of the virtual appliance itself, nor ongoing use and maintenance. After deploying the virtual appliance, see the FortiADC Handbook for information on initial appliance configuration.

Chapter 1: Getting Started

This chapter includes the following information:

Introduction

Welcome, and thank you for selecting Fortinet Technologies, Inc. products for your network. The FortiADC D-series family of Application Delivery Controllers (ADC) optimizes the availability, user experience, performance and scalability of enterprise application delivery.

The FortiADC D-series family includes physical appliances and virtual appliances. FortiADC-VM is a virtual appliance version of FortiADC. FortiADC-VM is suitable for small, medium, and large enterprises.

Basic network topology

FortiADC-VM network topology shows the network topology when the FortiADC-VM is deployment in a virtual machine environment such as VMware vSphere.

FortiADC-VM network topology

FortiADC intercepts incoming client connections and redistributes them to your servers. FortiADC has some firewall capability. However, because it is designed primarily to provide application availability and load balancing, it should be deployed behind a firewall that focuses on security, such as FortiGate.

In deployments that use the FortiADC global server load balancing feature, each hosting location should have its own FortiADC. For example, if you had server clusters located in New York, Shanghai and Bangalore, you deploy three FortiADC appliances: one in New York, one in Shanghai, and one in Bangalore.

Once the virtual appliance is deployed, you can configure FortiADC-VM via its web UI and CLI, from a web browser and terminal emulator on your management computer.

In the initial setup, the following ports are used:

  • DNS lookup — UDP 53
  • FortiGuard licensing — TCP 443

System requirements

VM environment Tested Versions
VMware ESXi 3.5, 4.x, 5.0, 5.1, 5.5, 6.0, 6.5
Microsoft Hyper-V Windows Server 2012 R2
KVM

Linux version 3.19.0 qemu-img v2.0.0, qemu-img v2.2

Citrix Xen XenServer 6.5.0
Xen Project Hypervisor 4.4.2, 4.5

Note

For best performance, install FortiADC-VM on a “bare metal” hypervisor. Hypervisors that are installed as applications on top of a general purpose operating system (Windows, Mac OS X or Linux) host have fewer computing resources available due to the host OS’s own overhead.

Hardware-assisted virtualization (VT) must be enabled in the BIOS.

Downloading software & registering with support

When you purchase a FortiADC-VM, you receive an email that contains a registration number. This is used to download the software, your purchased license, and also to register your purchase with Fortinet Customer Service & Support so that your FortiADC-VM will be able to validate its license with Fortinet.

Many Fortinet customer services such as firmware updates, technical support, and FortiGuard services require product registration. For more information, see the Fortinet Knowledge Base article Registration Frequently Asked Questions.

Fortinet Customer Service & Support shows the Fortinet Customer Service & Support website.

Fortinet Customer Service & Support

To register & download FortiADC-VM and your license:
  1. Log into the Fortinet Customer Service & Support web site:
  2. https://support.fortinet.com/

  3. Under Asset, click Register/Renew.
  4. Provide the registration number that was emailed to you when you purchased the software. Registration numbers are a hyphenated string of 25 numbers and characters in groups of 5, such as:
  5. TLH5R-NUNDP-MC6T7-0DNWA-AP45ZA

    A registration form appears.

  6. Use the form to register your ownership of FortiADC-VM.
  7. After completing the form, a registration acknowledgment page appears.

  8. Click the License File Download link.
  9. Your browser will download the .lic file that was purchased for that registration number.

  10. Click the Home link to return to the initial page.
  11. Under Download, click Firmware Images.
  12. Click the FortiADC link and navigate to the version that you want to download.
  13. Download the .zip file. You use the VM installation files contained in the .zip file for new VM installations. (The .out image files are for upgrades of existing installations only, and cannot be used for a new installation.)

    Note

    Files for FortiADC-VM have a FAD_VM filename prefix. Other prefixes indicate that the file is for hardware versions of FortiADC such as FortiADC 200D. Such other files cannot be used with FortiADC-VM.

  14. Extract the .zip file contents to a folder. The following figure shows the contents of the package for VMware. Refer to the table that follows for details on packages for supported VM environments.

VM environment Download package
VMware

The ovf.zip download file contains multiple ovf files.

The fortiadc-vm-64-hw4.ovf file is a VMware virtual hardware version 4 image that supports ESXi 3.5.

The fortiadc-vm-64-hw7.ovf file is a VMware virtual hardware version 7 image that supports ESXi 4.0 and above.

Refer to the VMware support site for information about VMware virtual hardware versions and ESXi versions.

Microsoft Hyper-V The hyperv.zip download file contains multiple files you use for the installation. Extract all the files to a directory you can access when you perform the installation. When you do the installation, you select the folder that contains the unzipped files.
KVM The kvm.zip download file contains the boot.qcow2 and data.qcow2 files you use for the installation.
Citrix Xen The xenserver.zip download file contains the fortiadc-vm-xen.ovf file you use for the installation.
Xen Project The xenopensource.zip download file contains the fortiadc.hvm, bootdisk.img, and logdisk.img files you use for the installation.

Licensing

This section describes licensing. It includes the following information:

Evaluation license

FortiADC-VM can be evaluated with a free 15-day trial license that includes all features except:

  • HA
  • FortiGuard updates
  • Technical support

You do not need to manually upload the trial license. It is built-in. The trial period begins the first time you start FortiADC-VM. When the trial expires, most functionality is disabled. You must purchase a license to continue using FortiADC-VM.

License sizes

FortiADC-VM licenses are available at the following sizing levels.

FortiADC-VM sizes

License/model

VM01

VM02

VM04

VM08 VM16

VM32

Virtual CPUs

(vCPUs)

1

2

4

8 16

32

Virtual RAM

(vRAM)

4 GB

4 GB

8 GB

16 GB 32 GB

64 GB

Maximum IP sessions varies by license, but also by available vRAM, just as it does for hardware models. For details, see the maximum configuration values in the FortiADC Handbook.

License validation

FortiADC-VM must periodically re-validate its license with the Fortinet Distribution Network (FDN). If it cannot contact the FDN for 24 hours, access to the FortiADC-VM web UI and CLI are locked.

By default, FortiADC-VM attempts to contact FDN over the Internet. If the management port cannot access the Internet (for example, in closed network environments), it is possible for FortiADC-VM to validate its license with a FortiManager that has been deployed on the local network to act as a local FDS (FortiGuard Distribution Server).

On the FortiADC-VM, specify the FortiManager IP address for the "override server" in the FortiGuard configuration:

FortiADC-VM # config system fortiguard

set override-server-status enable

set override-server-address <fortimanager_ip>:8890

end

where <fortimanager_ip> is the IP address. (TCP port 8890 is the port where the built-in FDS feature listens for requests.)

For more information on the FortiManager local FDS feature, see the FortiManager Administration Guide.

Note: Although FortiManager can provide FortiGuard security service updates to some Fortinet devices, for FortiADC, its FDN features can provide license validation only.

About this document

This document describes how to deploy a FortiADC virtual appliance disk image onto a virtualization server, and how to configure the virtual hardware settings of the virtual appliance. It assumes you have already successfully installed a virtualization server on the physical machine.

This document does not cover initial configuration of the virtual appliance itself, nor ongoing use and maintenance. After deploying the virtual appliance, see the FortiADC Handbook for information on initial appliance configuration.