Fortinet black logo

VMware NSX-T Administration Guide

Home FortiGate Private Cloud 6.4.0 VMware NSX-T Administration Guide

Preparing for deployment

6.4.0
7.0.0
6.4.0
Copy Link
Copy Doc ID cf31fe37-64b1-11eb-b9ad-00505692583a:90459
Download PDF

Preparing for deployment

VMware NSX-T 2.5, 3.0.0+, and 3.1.0+ environments support this deployment with FortiOS 6.4.3+ and FortiManager 6.4.5+. The document provides screenshots from VMware NSX-T 3.0.0+.

This guide assumes that you have addressed the following requirements:

Virtual environment

You have deployed hypervisors (ESXi/KVM) on physical servers as NSX-T requires, with sufficient resources to support the FortiManager, FortiGate-VM, and all other VMs that you will deploy on the platform. Ensure that you have configured VMware NSX-T with logical switches, logical routers, and other components to support operating the third party edge device (the FortiGate-VM) before creating the FortiGate-VM. The NSX-T configuration may differ depending on east-west or north-south topology use cases.

VMware vCenter is optional for NSX-T.

Internet connectivity

FortiManager requires an outgoing Internet connection to contact FortiGuard to validate Fortinet licenses. There is a typical network topology where FortiGate-VM nodes are in a closed environment for east-west, and thus they must be able to connect to a FortiManager to validate the FortiGate-VM license.

Do not allow anonymous access to FortiManager and FortiGate-VM as an edge firewall from other networks, including the Internet. By default, there is no login password for both following deployment.

Deployment prerequisites

You need the following before deploying FortiGate-VM:

  • A web server (IIS, Apache, cloud storage, and so on) to host the FortiGate-VM's deployment files. The web server must have connectivity from NSX Manager and the API client below.
  • FortiManager (physical or VM)
    • Connectivity to NSX Manager
    • Connectivity from/to FortiGate-VMs that you will deploy
Previous
Next

Preparing for deployment

VMware NSX-T 2.5, 3.0.0+, and 3.1.0+ environments support this deployment with FortiOS 6.4.3+ and FortiManager 6.4.5+. The document provides screenshots from VMware NSX-T 3.0.0+.

This guide assumes that you have addressed the following requirements:

Virtual environment

You have deployed hypervisors (ESXi/KVM) on physical servers as NSX-T requires, with sufficient resources to support the FortiManager, FortiGate-VM, and all other VMs that you will deploy on the platform. Ensure that you have configured VMware NSX-T with logical switches, logical routers, and other components to support operating the third party edge device (the FortiGate-VM) before creating the FortiGate-VM. The NSX-T configuration may differ depending on east-west or north-south topology use cases.

VMware vCenter is optional for NSX-T.

Internet connectivity

FortiManager requires an outgoing Internet connection to contact FortiGuard to validate Fortinet licenses. There is a typical network topology where FortiGate-VM nodes are in a closed environment for east-west, and thus they must be able to connect to a FortiManager to validate the FortiGate-VM license.

Do not allow anonymous access to FortiManager and FortiGate-VM as an edge firewall from other networks, including the Internet. By default, there is no login password for both following deployment.

Deployment prerequisites

You need the following before deploying FortiGate-VM:

  • A web server (IIS, Apache, cloud storage, and so on) to host the FortiGate-VM's deployment files. The web server must have connectivity from NSX Manager and the API client below.
  • FortiManager (physical or VM)
    • Connectivity to NSX Manager
    • Connectivity from/to FortiGate-VMs that you will deploy
Previous
Next