Fortinet black logo

FortiNDR VM on VMware ESXi

Home FortiNDR (on-premise) Private Cloud 7.0.0 FortiNDR VM on VMware ESXi
7.0.0
7.4.0
7.2.0
7.0.0

Configuring the network

Configuring the network

The first time you start the FortiNDR VM, you only have access through the VMware ESXi server console window. After you configure one FortiNDRnetwork interface with an IP address and administrative access, you can access the FortiNDR VM GUI.

Port 1 is intended to be used as the FortiNDR management IP. In integrated mode, port 1 is also used for receiving files from FortiGate devices.

Port 2 can be set as sniffer using one of the following options:

  • If FortiNDR is sniffing traffic within the virtual network, the vSwitch must be set to promiscuous mode.

    This option is for FortiNDR VM to monitor other VM(s) traffic on the same vSwitch in the same ESXi

  • Bind FortiNDR VM port 2 to a physical port in ESXi.

    This option is for connecting FortiNDR VM to monitor traffic using the uplink port of ESXi, ESXi connecting to SPAN port on external switch. For more information, please refer to the Distributed Port Mirroring and the Remote Mirroring Source descriptions in the VMware documentation.

Configuring port 1

VM platform or hypervisor management environments include a guest console window. On the FortiNDR VM, this provides access to the FortiNDR console, equivalent to the console port on a hardware FortiNDR unit. Before you can access the GUI, you must configure FortiNDR VM port1 with an IP address and administrative access.

The license is linked to a specific management IP address. You must use that IP address as your port 1, otherwise the license becomes invalid.

To configure the port1 IP address:
  1. In your hypervisor manager, start the FortiNDR VM and access the console window. You might need to press Enter to see the login prompt.
  2. At the FortiNDR VM login prompt, enter the username admin, then press Enter. By default, there is no password.
  3. Configure the port1 IP address and netmask. For example:

    config system interface

    edit port1

    set mode static

    set ip 192.168.0.100/24

    set allowaccess https ping ssh

    next

    end

  4. Configure the default gateway:

    config system route

    edit 1

    set interface port1

    set gateway <class_ip>

    next

    end

    You must configure the default gateway with an IPv4 address. FortiNDR VMmust be able to access the Internet to contact the FortiGuard Distribution Network (FDN) to validate its license.

  5. Configure your DNS servers:

    config system dns

    set primary <Primary DNS server>

    set secondary <Secondary DNS server>

    end

    The default DNS servers are 208.91.112.53 and 208.91.112.52.

Previous
Next

Configuring the network

The first time you start the FortiNDR VM, you only have access through the VMware ESXi server console window. After you configure one FortiNDRnetwork interface with an IP address and administrative access, you can access the FortiNDR VM GUI.

Port 1 is intended to be used as the FortiNDR management IP. In integrated mode, port 1 is also used for receiving files from FortiGate devices.

Port 2 can be set as sniffer using one of the following options:

  • If FortiNDR is sniffing traffic within the virtual network, the vSwitch must be set to promiscuous mode.

    This option is for FortiNDR VM to monitor other VM(s) traffic on the same vSwitch in the same ESXi

  • Bind FortiNDR VM port 2 to a physical port in ESXi.

    This option is for connecting FortiNDR VM to monitor traffic using the uplink port of ESXi, ESXi connecting to SPAN port on external switch. For more information, please refer to the Distributed Port Mirroring and the Remote Mirroring Source descriptions in the VMware documentation.

Configuring port 1

VM platform or hypervisor management environments include a guest console window. On the FortiNDR VM, this provides access to the FortiNDR console, equivalent to the console port on a hardware FortiNDR unit. Before you can access the GUI, you must configure FortiNDR VM port1 with an IP address and administrative access.

The license is linked to a specific management IP address. You must use that IP address as your port 1, otherwise the license becomes invalid.

To configure the port1 IP address:
  1. In your hypervisor manager, start the FortiNDR VM and access the console window. You might need to press Enter to see the login prompt.
  2. At the FortiNDR VM login prompt, enter the username admin, then press Enter. By default, there is no password.
  3. Configure the port1 IP address and netmask. For example:

    config system interface

    edit port1

    set mode static

    set ip 192.168.0.100/24

    set allowaccess https ping ssh

    next

    end

  4. Configure the default gateway:

    config system route

    edit 1

    set interface port1

    set gateway <class_ip>

    next

    end

    You must configure the default gateway with an IPv4 address. FortiNDR VMmust be able to access the Internet to contact the FortiGuard Distribution Network (FDN) to validate its license.

  5. Configure your DNS servers:

    config system dns

    set primary <Primary DNS server>

    set secondary <Secondary DNS server>

    end

    The default DNS servers are 208.91.112.53 and 208.91.112.52.

Previous
Next