Preparing for deployment
This guide assumes that before deploying the FortiGate-VM virtual appliance on the VMware NSX-T environment, you have addressed the following requirements:
You have deployed hypervisors (ESXi/KVM) on physical servers as NSX-T requires, with sufficient resources to support the FortiGate-VM and all other VMs that will be deployed on the platform. Ensure that VMware NSX-T has been configured with logical switches, logical routers, and other components to support the operation of the third party edge device (the FortiGate-VM) before creating the FortiGate-VM.
VMware vCenter is optional for NSX-T.
FortiGate-VM requires an outgoing Internet connection to contact FortiGuard to validate its license. If the FortiGate-VM is in a closed environment, it must be able to connect to a FortiManager to validate the FortiGate-VM license.
Do not allow anonymous access to FortiGate-VM as an edge firewall from other networks, including the Internet. By default, there is no login password for FortiGate-VM following deployment.
You need the following before deploying FortiGate-VM:
- A web server (IIS, Apache, cloud storage, and so on). This is used to host the FortiGate-VM's deployment files. Connectivity from NSX Manager and the API client below is required.
- A CentOS 7.6 node as an API client:
- cURL and Python are required.
- There are no system spec requirements. The CentOS node can be a VM or bare-metal machine.
- Connectivity to NSX Manager
- You can configure the web server on this node.
- JSON sample files and services.sh file provided by Fortinet. These files are used on the API client and are not included in the FortiGate-VM deployment file package. Download all scripts from GitHub and place them in a directory on the API client node.