Fortinet Document Library

Version:


Table of Contents

About FortiGate for VMware NSX-T

Deploying FortiGate on VMware NSX-T

Resources

Upgrade Path Tool
6.0.4
Copy Link

Preparing for deployment

This guide assumes that before deploying the FortiGate-VM virtual appliance on the VMware NSX-T environment, you have addressed the following requirements:

Virtual environment

You have deployed hypervisors (ESXi/KVM) on physical servers as NSX-T requires, with sufficient resources to support the FortiGate-VM and all other VMs that will be deployed on the platform. Ensure that VMware NSX-T has been configured with logical switches, logical routers, and other components to support the operation of the third party edge device (the FortiGate-VM) before creating the FortiGate-VM.

VMware vCenter is optional for NSX-T.

Internet connectivity

FortiGate-VM requires an outgoing Internet connection to contact FortiGuard to validate its license. If the FortiGate-VM is in a closed environment, it must be able to connect to a FortiManager to validate the FortiGate-VM license.

Do not allow anonymous access to FortiGate-VM as an edge firewall from other networks, including the Internet. By default, there is no login password for FortiGate-VM following deployment.

Deployment prerequisites

You need the following before deploying FortiGate-VM:

  • A web server (IIS, Apache, cloud storage, and so on). This is used to host the FortiGate-VM's deployment files. Connectivity from NSX Manager and the API client below is required.
  • A CentOS 7.6 node as an API client:
    • cURL and Python are required.
    • There are no system spec requirements. The CentOS node can be a VM or bare-metal machine.
    • Connectivity to NSX Manager
    • You can configure the web server on this node.
  • JSON sample files and services.sh file provided by Fortinet. These files are used on the API client and are not included in the FortiGate-VM deployment file package. Download all scripts from GitHub and place them in a directory on the API client node.

Resources

Preparing for deployment

This guide assumes that before deploying the FortiGate-VM virtual appliance on the VMware NSX-T environment, you have addressed the following requirements:

Virtual environment

You have deployed hypervisors (ESXi/KVM) on physical servers as NSX-T requires, with sufficient resources to support the FortiGate-VM and all other VMs that will be deployed on the platform. Ensure that VMware NSX-T has been configured with logical switches, logical routers, and other components to support the operation of the third party edge device (the FortiGate-VM) before creating the FortiGate-VM.

VMware vCenter is optional for NSX-T.

Internet connectivity

FortiGate-VM requires an outgoing Internet connection to contact FortiGuard to validate its license. If the FortiGate-VM is in a closed environment, it must be able to connect to a FortiManager to validate the FortiGate-VM license.

Do not allow anonymous access to FortiGate-VM as an edge firewall from other networks, including the Internet. By default, there is no login password for FortiGate-VM following deployment.

Deployment prerequisites

You need the following before deploying FortiGate-VM:

  • A web server (IIS, Apache, cloud storage, and so on). This is used to host the FortiGate-VM's deployment files. Connectivity from NSX Manager and the API client below is required.
  • A CentOS 7.6 node as an API client:
    • cURL and Python are required.
    • There are no system spec requirements. The CentOS node can be a VM or bare-metal machine.
    • Connectivity to NSX Manager
    • You can configure the web server on this node.
  • JSON sample files and services.sh file provided by Fortinet. These files are used on the API client and are not included in the FortiGate-VM deployment file package. Download all scripts from GitHub and place them in a directory on the API client node.