Fortinet white logo
Fortinet white logo

New Features

Fortinet verified publisher docker image 7.0.1

Fortinet verified publisher docker image 7.0.1

Fortinet offers a new platform for FortiManager. FortiManager 7.0.1 docker image is available for download from Fortinet’s Verified Publisher public repository on dockerhub.

This section covers the following topics:

Downloading the FortiManager image

The FortiManager image is publicly available. Anyone can search for Fortinet on dockerhub, and download the image.

To download the FortiManager image from dockerhub:
  1. Go to dockerhub at https://hub.docker.com/.

    The dockerhub home page is displayed.

  2. In the banner, click Explore.
  3. In the search box, type Fortinet, and press Enter.

    The fortinet/fortimanager and fortinet/fortianalyzer options are displayed.

  4. Click fortinet/fortimanager.

    The fortinet/fortimanager page is displayed, and two tabs are available: Overview and Tags. The Overview tab is selected by default.

  5. On the Overview tab, copy the docker pull command, and use it to download the image.

    The CLI command from the Overview tab points to the latest available image. Use the Tags tab to access different versions when available.

Accessing images in docker environments

A docker environment is required. For information about the required docker environment, see dockerhub at https://hub.docker.com/.

This section assumes that the docker environment has been set up and a docker host has been installed.

When you enter the docker environment on Microsoft Windows, you can get the following information:

  • The docker --version command shows the version of the docker. You can also use this command to determine whether the docker is running.

  • The docker pull fortinet/fortimanager:latest command pulls the latest, available image for FortiManager.

When you enter the docker environment on Ubuntu, you can get the following information:

  • The docker -–version command shows the version of the docker. You can also use this command to determine whether the docker is running.

  • The docker pull fortinet/fortimanager:latest command pulls the latest, available image for FortiManager.

Mapping volumes on docker hosts

After downloading the images, you can run the images. You must also map ports and persistent data storage for the FortiManager image to run correctly.

Following is a template for running FortiManager:

docker run -dit --restart always -p <PORT MAPPING> --cap-add=ALL -v/var/fmg/var_001:/var -v/var/fmg/data_001:/data <IMAGE>

Following is example code for running FortiManager:

docker run -dit --restart always -p 541:541 -p 40443:443 -p 4022:22 -p 4023:23 -p 8888:8888 -p 8888:8888/udp -p 8889:8889 -p 8889:8889/udp -p 8890:8890 -p 8080:8080 -p 161:161/udp --cap-add=ALL -v/var/fmg/var_fmgt100:/var -v/var/fmg/data_fmgt100:/data fortinet/fortimanager:latest

The docker ps command can be used to verify the running instance, for example:

root@brazz:/home/brazz# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

75c4157785a9 fortinet/fortimanager:latest "/sbin/init" 29 minutes ago Up 6 minutes 0.0.0.0:541->541/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:161->161/udp, 0.0.0.0:8888-8889->8888-8889/udp, 0.0.0.0:9443->9443/udp, 0.0.0.0:8888-8890->8888-8890/tcp, 0.0.0.0:4022->22/tcp, 0.0.0.0:4023->23/tcp, 0.0.0.0:40443->443/tcp youthful_gates

root@brazz:/home/brazz#

In this FortiManager example, port 40443 has been mapped for GUI access, and port 4022 has been mapped for SSH access.

  • https://<IP of the docker host>:<mapped port number>
  • https://10.2.124.232:40443

You can access the GUI by using a browser and https://<IP of the docker host>:<mapped port number>:

Licensing FortiManager

You can use the same license file for docker environments that is used for other virtual-based products, such as VMware, Xen, KVM, and Hyper-V.

Although this section provides an example for FortiManager, you can use the same steps for FortiAnalyzer.

To license FortiManager:
  1. In a browser, use the IP and port to access the GUI.
  2. Click Upload license.

    The license is applied.

    The login screen is displayed.

  3. Use the default login credentials:
    • Username: admin
    • Password: blank
  4. Go to System Settings, and view the System Information widget and the License widget.

    In the System Information widget, the Host Name and Platform Type display FMG Docker. In the License widget, the license is valid.

    You can access the same information by using the get system status CLI.

Upgrading FortiManager

You can upgrade to a later version of FortiManager by downloading the newer image from dockerhub and mapping volumes to it.

Note

You cannot upgrade the FortiManager image by using the GUI because the Firmware update button has been removed.

The data of the docker FortiManager container has been mapped to volumes on the docker hosts:

-v/var/fmg/var_fmgt100:/var

-v/var/fmg/data_fmgt100:/data

You can map a new FortiManager docker container that is running a higher version to the same volume in order to have a higher version of FortiManager. The following example is for FortiManager:

docker run -dit --restart always -p 541:541 -p 40443:443 -p 4022:22 -p 4023:23 -p 8888:8888 -p 8888:8888/udp -p 8889:8889 -p 8889:8889/udp -p 8890:8890 -p 8080:8080 -p 161:161/udp -p 9443:9443/udp --cap-add=ALL -v/var/fmg/var_fmgt100:/var -v/var/fmg/data_fmgt100:/data fortinet/fortimanager:latest+1

Limitations

The following commands are altered or removed when running FortiManager as a container on a docker host:

  • config system interface
  • config system route
  • config system docker
  • execute reset
  • diagnose system interface
  • diagnose system print interface

In the GUI, the Firmware update button has been removed. The following example is for FortiManager:

Fortinet verified publisher docker image 7.0.1

Fortinet verified publisher docker image 7.0.1

Fortinet offers a new platform for FortiManager. FortiManager 7.0.1 docker image is available for download from Fortinet’s Verified Publisher public repository on dockerhub.

This section covers the following topics:

Downloading the FortiManager image

The FortiManager image is publicly available. Anyone can search for Fortinet on dockerhub, and download the image.

To download the FortiManager image from dockerhub:
  1. Go to dockerhub at https://hub.docker.com/.

    The dockerhub home page is displayed.

  2. In the banner, click Explore.
  3. In the search box, type Fortinet, and press Enter.

    The fortinet/fortimanager and fortinet/fortianalyzer options are displayed.

  4. Click fortinet/fortimanager.

    The fortinet/fortimanager page is displayed, and two tabs are available: Overview and Tags. The Overview tab is selected by default.

  5. On the Overview tab, copy the docker pull command, and use it to download the image.

    The CLI command from the Overview tab points to the latest available image. Use the Tags tab to access different versions when available.

Accessing images in docker environments

A docker environment is required. For information about the required docker environment, see dockerhub at https://hub.docker.com/.

This section assumes that the docker environment has been set up and a docker host has been installed.

When you enter the docker environment on Microsoft Windows, you can get the following information:

  • The docker --version command shows the version of the docker. You can also use this command to determine whether the docker is running.

  • The docker pull fortinet/fortimanager:latest command pulls the latest, available image for FortiManager.

When you enter the docker environment on Ubuntu, you can get the following information:

  • The docker -–version command shows the version of the docker. You can also use this command to determine whether the docker is running.

  • The docker pull fortinet/fortimanager:latest command pulls the latest, available image for FortiManager.

Mapping volumes on docker hosts

After downloading the images, you can run the images. You must also map ports and persistent data storage for the FortiManager image to run correctly.

Following is a template for running FortiManager:

docker run -dit --restart always -p <PORT MAPPING> --cap-add=ALL -v/var/fmg/var_001:/var -v/var/fmg/data_001:/data <IMAGE>

Following is example code for running FortiManager:

docker run -dit --restart always -p 541:541 -p 40443:443 -p 4022:22 -p 4023:23 -p 8888:8888 -p 8888:8888/udp -p 8889:8889 -p 8889:8889/udp -p 8890:8890 -p 8080:8080 -p 161:161/udp --cap-add=ALL -v/var/fmg/var_fmgt100:/var -v/var/fmg/data_fmgt100:/data fortinet/fortimanager:latest

The docker ps command can be used to verify the running instance, for example:

root@brazz:/home/brazz# docker ps

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

75c4157785a9 fortinet/fortimanager:latest "/sbin/init" 29 minutes ago Up 6 minutes 0.0.0.0:541->541/tcp, 0.0.0.0:8080->8080/tcp, 0.0.0.0:161->161/udp, 0.0.0.0:8888-8889->8888-8889/udp, 0.0.0.0:9443->9443/udp, 0.0.0.0:8888-8890->8888-8890/tcp, 0.0.0.0:4022->22/tcp, 0.0.0.0:4023->23/tcp, 0.0.0.0:40443->443/tcp youthful_gates

root@brazz:/home/brazz#

In this FortiManager example, port 40443 has been mapped for GUI access, and port 4022 has been mapped for SSH access.

  • https://<IP of the docker host>:<mapped port number>
  • https://10.2.124.232:40443

You can access the GUI by using a browser and https://<IP of the docker host>:<mapped port number>:

Licensing FortiManager

You can use the same license file for docker environments that is used for other virtual-based products, such as VMware, Xen, KVM, and Hyper-V.

Although this section provides an example for FortiManager, you can use the same steps for FortiAnalyzer.

To license FortiManager:
  1. In a browser, use the IP and port to access the GUI.
  2. Click Upload license.

    The license is applied.

    The login screen is displayed.

  3. Use the default login credentials:
    • Username: admin
    • Password: blank
  4. Go to System Settings, and view the System Information widget and the License widget.

    In the System Information widget, the Host Name and Platform Type display FMG Docker. In the License widget, the license is valid.

    You can access the same information by using the get system status CLI.

Upgrading FortiManager

You can upgrade to a later version of FortiManager by downloading the newer image from dockerhub and mapping volumes to it.

Note

You cannot upgrade the FortiManager image by using the GUI because the Firmware update button has been removed.

The data of the docker FortiManager container has been mapped to volumes on the docker hosts:

-v/var/fmg/var_fmgt100:/var

-v/var/fmg/data_fmgt100:/data

You can map a new FortiManager docker container that is running a higher version to the same volume in order to have a higher version of FortiManager. The following example is for FortiManager:

docker run -dit --restart always -p 541:541 -p 40443:443 -p 4022:22 -p 4023:23 -p 8888:8888 -p 8888:8888/udp -p 8889:8889 -p 8889:8889/udp -p 8890:8890 -p 8080:8080 -p 161:161/udp -p 9443:9443/udp --cap-add=ALL -v/var/fmg/var_fmgt100:/var -v/var/fmg/data_fmgt100:/data fortinet/fortimanager:latest+1

Limitations

The following commands are altered or removed when running FortiManager as a container on a docker host:

  • config system interface
  • config system route
  • config system docker
  • execute reset
  • diagnose system interface
  • diagnose system print interface

In the GUI, the Firmware update button has been removed. The following example is for FortiManager: