Initial setup
The following section provides information about setting up the virtual machine (VM) version of FortiAuthenticator on VMware. For setup instructions for other environments, see the Fortinet Document Library.
The following virtualization environments are supported by FortiAuthenticator 6.0.3:
- VMware ESXi 4/5/6
- Microsoft Hyper-V 2010, 2012 R2, and 2016
- KVM
- Xen Virtual Machine
- AWS
- Microsoft Azure
- Oracle Cloud Infrastructure
FortiAuthenticator-VM setup on VMware
Before using FortiAuthenticator-VM, you need to install the VMware application to host the FortiAuthenticator-VM device. The installation instructions for FortiAuthenticator-VM assume you are familiar with VMware products and terminology.
System requirements
FortiAuthenticator-VM is compatible with HyperV Windows Server 2012 and 2016. For information on the FortiAuthenticator-VM system requirements, please see the FortiAuthenticator datasheet.
FortiAuthenticator-VM has kernel support for more than 4GB of RAM in VM images. However, this support also depends on the VM player version. For more information, see http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1014006 The default Hardware Version is 4 in order to support the widest base of VM players. However you can modify the VM Hardware Version by editing the following line in the FortiAuthenticator-VM.vmx file: |
FortiAuthenticator-VM image installation and initial setup
The following procedure describes setup on VMware Fusion.
To set up the FortiAuthenticator-VM image:
- Download the VM image zip file to the local computer where VMware is installed.
- Extract the files from the zip file into a folder.
- In your VMware software, go to File > Open.
- Navigate to the expanded VM image folder, select the FortiAuthenticator-VM.vmx file, and select Open.
- At the FortiAuthenticator login prompt, enter
admin
and press Enter. By default, there is no password. - At the CLI prompt enter the following commands:
config system interface
edit port1
set ip <ip-address>/<netmask>
set allowaccess https ssh
next
end
config router static
edit 0
set device port1
set dst 0.0.0.0/0
set gateway <ip-gateway>
next
end
VMware will install and start FortiAuthenticator-VM. This process can take a minute or two to complete.
Substitute your own desired FortiAuthenticator IP address and default gateway.
You can now connect to the GUI at the IP address you set for port 1.
Suspending the FortiAuthenticator-VM can have unintended consequences. Fortinet recommends that you do not use the suspend feature of VMware. Instead, shut down the virtual FortiAuthenticator system using the GUI or CLI, and then shut down the virtual machine using the VMware console. |
Administrative access
Administrative access is enabled by default on port 1. Using the GUI, you can enable administrative access on other ports if necessary.
To add administrative access to an interface:
- Go to System > Network > Interfaces and select the interface you need to add administrative access to. See Interfaces for more information.
- Under Access Rights, for Admin access, select the types of access to allow.
- Select OK.
GUI access
To use the GUI, point your browser to the IP address of port 1 (192.168.1.99 by default). For example, enter the following in the URL box:
https://192.168.1.99
Enter admin
as the User Name and leave the Password field blank.
HTTP access is not enabled by default. To enable access, use the set ha-mgmt-access command in the CLI (see CLI commands), or enable HTTP access on the interface in the GUI (see Interfaces). |
For security reasons, the host or domain names that the GUI responds to are restricted. The list of trusted hosts is automatically generated from the following:
- Configured hostname.
- Configured DNS domain name.
- Network interface IP addresses that have HTTP or HTTPS enabled.
- HA management IP addresses.
Additional IP addresses and host or domain names that the GUI responded to can be defined in the GUI Access settings. See System access for more information.
Telnet
CLI access is available using telnet to the port1 interface IP address (192.168.1.99 by default). Use the telnet -K option so that telnet does not attempt to log on using your user ID. For example:
$ telnet -K 192.168.1.99
At the FortiAuthenticator login prompt, enter admin
. By default there is no password. When you are finished, use the exit
command to end the telnet session.
CLI access using Telnet is not enabled by default. To enable access, use the set ha-mgmt-access command in the CLI (see CLI commands), or enable Telnet access on the interface in the GUI (see Interfaces). |
SSH
SSH provides secure access to the CLI. Connect to the port1 interface IP address (192.168.1.99 by default). Specify the user name admin
or SSH will attempt to log on with your user name. For example:
$ ssh admin@192.168.1.99
By default there is no password. When you are finished, use the exit
command to end the session.
Note that, after three failed login attempts, the interface/connection will reset, and that SSH timeout is set to 60 seconds following an incomplete login or broken session.