Before using FortiAuthenticator-VM, you need to install the VMware application to host the FortiAuthenticator-VM device. The installation instructions for FortiAuthenticator-VM assume you are familiar with VMware products and terminology.
FortiAuthenticator-VM is compatible with HyperV Windows Server 2012 and 2016. For information on the FortiAuthenticator-VM system requirements, please see the FortiAuthenticator datasheet.
FortiAuthenticator-VM has kernel support for more than 4GB of RAM in VM images. However, this support also depends on the VM player version. For more information, see http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014006
The default Hardware Version is 4 in order to support the widest base of VM players. However you can modify the VM Hardware Version by editing the following line in the FortiAuthenticator-VM.vmx file:
|FortiAuthenticator 5.3+ includes a KVM image for loading onto KVM servers, such as Linux running Virtual Machine Manager, and on FortiHypervisor.|
FortiAuthenticator-VM image installation and initial setup
The following procedure describes setup on VMware Fusion.
- Download the VM image zip file to the local computer where VMware is installed.
- Extract the files from the zip file into a folder.
- In your VMware software, go to File > Open.
- Navigate to the expanded VM image folder, select the FortiAuthenticator-VM.vmx file, and select Open.
- At the FortiAuthenticator login prompt, enter
adminand press Enter. By default, there is no password.
- At the CLI prompt enter the following commands:
VMware will install and start FortiAuthenticator-VM. This process can take a minute or two to complete.
config system interface
set ip <ip-address>/<netmask>
set allowaccess https ssh
config router static
set device port1
set dst 0.0.0.0/0
set gateway <ip-gateway>
You can now connect to the GUI at the IP address you set for port 1.
|Suspending the FortiAuthenticator-VM can have unintended consequences. Fortinet recommends that you do not use the suspend feature of VMware. Instead, shut down the virtual FortiAuthenticator system using the GUI or CLI, and then shut down the virtual machine using the VMware console.|
- Go to System > Network > Interfaces and select the interface you need to add administrative access to. See Interfaces for more information.
- Under Access Rights, for Admin access, select the types of access to allow.
- Select OK.
admin as the User Name and leave the Password field blank.
|HTTP access is not enabled by default. To enable access, use the
For security reasons, the host or domain names that the GUI responds to are restricted. The list of trusted hosts is automatically generated from the following:
- Configured hostname.
- Configured DNS domain name.
- Network interface IP addresses that have HTTP or HTTPS enabled.
- HA management IP addresses.
Additional IP addresses and host or domain names that the GUI responded to can be defined in the GUI Access settings. See System access for more information.
$ telnet -K 192.168.1.99
At the FortiAuthenticator login prompt, enter
admin. By default there is no password. When you are finished, use the
exit command to end the telnet session.
|CLI access using Telnet is not enabled by default. To enable access, use the
$ ssh email@example.com
Note that, after three failed login attempts, the interface/connection will reset, and that SSH timeout is set to 60 seconds following an incomplete login or broken session.