Fortinet, Inc. FortiGate-VM 7.0.6 support for VMware NSX-T 3.1/3.2
Article ID: 317191
Updated On:
Products
VMware NSX
Issue/Introduction
Fortinet FortiGate-VM is Fortinet’s next generation security virtual appliance. Building upon our popular FortiGate-VM offering, we added integration for VMware’s NSX-T partner service insertion for North-South and East-West.
This article provides information about Fortinet FortiGate-VM with the supported VMware environments. Specific versioning and other requirements can be seen below.
Disclaimer: The partner product referenced in this article is a software module that is developed and supported by a partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product.
For more information, see Fortinet Products and Datasheet.
Environment
VMware NSX-T
VMware NSX-T Data Center
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center
VMware NSX-T Data Center 3.x
Cause
FortiGate-VM 7.0.6
FortiGate-VM Next-Generation Firewall technology delivers complete content and network protection by combining stateful inspection with a comprehensive suite of powerful security features. Application control, firewall, antivirus, IPS, Web filtering, along with advanced features such as an threat database, and vulnerability management work in concert to identify and mitigate the latest complex security threats.
Supported software
- Fortinet FortiGate-VM v7.0.6 (firewall device)
- Fortinet FortiManager v7.0.4+ (central management component). It can be a physical appliance or VM.
- VMware NSX-T v3.1/3.2
- VMware ESXi (compatible versions with NSX-T)
- VMware API version: NSX-T Data Center REST API v3.0+
Steps to download and install FortiGate-VM
https://docs.fortinet.com/document/fortigate-private-cloud/6.4.0/vmware-nsx-t-administration-guide/86953/about-fortigate-for-vmware-nsx-t
Once logged in to https://support.fortinet.com and navigate Download àFirmware Images à Download,
FortiGate-VM:
Select “FortiGate” under “Product” and drill down to the supported versions, v7.00 à 7.0 à 7.0.6.
Find the images that contain “nsxt” in the filename. i.e.
“FGT_VM64-v7.0.6.F-build0366--FORTINET.out.nsxt.zip”
FortiManager:
Select “FortiManager” under “Product” and drill down to the supported versions, v7.00à 7.0 à 7.04
Choose the desired deployment/upgrade file depending on the platform.
Resolution
Basic Troubleshooting steps:
FortiManager, centrally managing FortiGate-VM devices, requires an Internet connection to validate their licenses and receive updates from the FortiGuard Distribution Network (FDN). Besides locating this status in the Web UI, you may also open the CLI console and run the following commands.
FortiGate-VM:
To see license status as well as all stats of the system:
This information is required at every customer’s support call.
get system status
To view logs on the FortiGate-VM CLI standard output, run:
diag debug enable/disable - Enable/disable debugging output.
Show logs on FortiGate-VM CLI standard output:
Packet sniffer (i.e. ping)
Displays the packet being transmitted through the FortiGate-VM. For example,
Diag sniffer packet any ‘icmp’
Diag sniffer packet any ‘icmp and host <IP>’
By typing “?” you can see what options can be entered. For example, ‘diag sniffer packet any ? ‘ will show you guidance for the inputs.
Hit Ctl+C to stop the command.
Show all rules:
show
Exist from a mode / save and exit:
end
FortiManager:
To see license status as well as all stats of the system:
This information is required at every customer’s support call.
get system status
For more detail, please refer to http://kb.fortinet.com and search by keywords.
Upgrade Path:
Please refer to: https://support.fortinet.com/Download/FirmwareImages.aspx?category=Fortigate
The upgrade path for FortiGate-VM running on NSX-T is the same as that of FortiGate-VM running on normal ESXi environments, which is represented as “FortiGate-VM” under “Current Product.”
FortiManager, centrally managing FortiGate-VM devices, requires an Internet connection to validate their licenses and receive updates from the FortiGuard Distribution Network (FDN). Besides locating this status in the Web UI, you may also open the CLI console and run the following commands.
FortiGate-VM:
To see license status as well as all stats of the system:
This information is required at every customer’s support call.
get system status
To view logs on the FortiGate-VM CLI standard output, run:
diag debug enable/disable - Enable/disable debugging output.
- diag debug application <name> <level> - Start debugging the named application with the specified debug level if you know the application. You can find what application is available for logging by entering ‘diag debug ?’
- diag debug flow trace start/stop - Start/stop packet trace debugging information for allowed/dropped traffic by rules.
Show logs on FortiGate-VM CLI standard output:
- exec log filter category <Enter> - Shows the list of category numbers/names.
- exec log filter category 1 - Here "1" means event log.
- exec log display - Display the current log at the time the command is run. Enter the command multiple times for multiple sequential outputs.
Packet sniffer (i.e. ping)
Displays the packet being transmitted through the FortiGate-VM. For example,
Diag sniffer packet any ‘icmp’
Diag sniffer packet any ‘icmp and host <IP>’
By typing “?” you can see what options can be entered. For example, ‘diag sniffer packet any ? ‘ will show you guidance for the inputs.
Hit Ctl+C to stop the command.
Show all rules:
show
Exist from a mode / save and exit:
end
FortiManager:
To see license status as well as all stats of the system:
This information is required at every customer’s support call.
get system status
For more detail, please refer to http://kb.fortinet.com and search by keywords.
Upgrade Path:
Please refer to: https://support.fortinet.com/Download/FirmwareImages.aspx?category=Fortigate
The upgrade path for FortiGate-VM running on NSX-T is the same as that of FortiGate-VM running on normal ESXi environments, which is represented as “FortiGate-VM” under “Current Product.”
Feedback
Yes
No
Powered by
