Preparing for deployment
VMware NSX-T 2.5, 3.0.0+, and 3.1.0+ environments support this deployment with FortiOS 6.4.3+ and FortiManager 6.4.5+. The document provides screenshots from VMware NSX-T 3.0.0+.
This guide assumes that you have addressed the following requirements:
Virtual environment
You have deployed hypervisors (ESXi/KVM) on physical servers as NSX-T requires, with sufficient resources to support the FortiManager, FortiGate-VM, and all other VMs that you will deploy on the platform. Ensure that you have configured VMware NSX-T with logical switches, logical routers, and other components to support operating the third party edge device (the FortiGate-VM) before creating the FortiGate-VM. The NSX-T configuration may differ depending on east-west or north-south topology use cases.
VMware vCenter is optional for NSX-T.
Internet connectivity
FortiManager requires an outgoing Internet connection to contact FortiGuard to validate Fortinet licenses. There is a typical network topology where FortiGate-VM nodes are in a closed environment for east-west, and thus they must be able to connect to a FortiManager to validate the FortiGate-VM license.
Do not allow anonymous access to FortiManager and FortiGate-VM as an edge firewall from other networks, including the Internet. By default, there is no login password for both following deployment.
Deployment prerequisites
You need the following before deploying FortiGate-VM:
- A web server (IIS, Apache, cloud storage, and so on) to host the FortiGate-VM's deployment files. The web server must have connectivity from NSX Manager and the API client below.
- FortiManager (physical or VM)
- Connectivity to NSX Manager
- Connectivity from/to FortiGate-VMs that you will deploy