Fortinet black logo

VMware NSX-T Administration Guide

Home FortiGate Private Cloud 6.4.0 VMware NSX-T Administration Guide

Limitations

6.4.0
7.0.0
6.4.0
Copy Link
Copy Doc ID cf31fe37-64b1-11eb-b9ad-00505692583a:795818
Download PDF

Limitations

FortiGate-VM has the following limitations:

Policies

IPv4 and IPv6 policies are visible in the GUI but are not used. Virtual wire pair policy is used to configure firewall policies in working with NSX-T. Usually you create and manage policies in FortiManager to centrally manage FortiGates, and you do not need to log in to each FortiGate unless intended.

Product evaluation

You can only evaluate the product without purchasing a valid license when using FortiGate-VM and FortiManager-VM.

A FortiGate-VM evaluation license activates FortiGate features with low encryption mode. You must manually set the FortiManager-VM to low encryption mode and its SSL protocol to use TLS 1.0 to work in conjunction with the FortiGate-VM low encryption mode. After the evaluation period ends, you can purchase and apply valid licenses on both the FortiGate-VM and FortiManager-VM. Their product serial numbers change when promoted from low encryption mode. Subsequently, you must reregister FortiGate-VMs on FortiManager as managed devices and reapply their policy packages.

This evaluation behavior applies to all cloud integrations, not just VMware NSX-T, when you evaluate FortiGate-VM and FortiManager-VM as a pair.

To set low encryption mode on the FortiManager-VM:
  1. In the FortiManager CLI, Run the following commands:

    config system global

    set ssl-low-encryption enable

    set ssl-protocol tlsv1.0

    end

  2. The browser resets. Run show system global to check that FortiManager applied the changes. The output should be as follows:

    config system global

    set hostname "FortiManager"

    set ssl-low-encryption enable

    set ssl-protocol tlsv1.0

    set usg enable

    end

Previous
Next

Limitations

FortiGate-VM has the following limitations:

Policies

IPv4 and IPv6 policies are visible in the GUI but are not used. Virtual wire pair policy is used to configure firewall policies in working with NSX-T. Usually you create and manage policies in FortiManager to centrally manage FortiGates, and you do not need to log in to each FortiGate unless intended.

Product evaluation

You can only evaluate the product without purchasing a valid license when using FortiGate-VM and FortiManager-VM.

A FortiGate-VM evaluation license activates FortiGate features with low encryption mode. You must manually set the FortiManager-VM to low encryption mode and its SSL protocol to use TLS 1.0 to work in conjunction with the FortiGate-VM low encryption mode. After the evaluation period ends, you can purchase and apply valid licenses on both the FortiGate-VM and FortiManager-VM. Their product serial numbers change when promoted from low encryption mode. Subsequently, you must reregister FortiGate-VMs on FortiManager as managed devices and reapply their policy packages.

This evaluation behavior applies to all cloud integrations, not just VMware NSX-T, when you evaluate FortiGate-VM and FortiManager-VM as a pair.

To set low encryption mode on the FortiManager-VM:
  1. In the FortiManager CLI, Run the following commands:

    config system global

    set ssl-low-encryption enable

    set ssl-protocol tlsv1.0

    end

  2. The browser resets. Run show system global to check that FortiManager applied the changes. The output should be as follows:

    config system global

    set hostname "FortiManager"

    set ssl-low-encryption enable

    set ssl-protocol tlsv1.0

    set usg enable

    end

Previous
Next