Fortinet FortiGate-VM is Fortinet’s next generation security virtual appliance. Building upon our popular FortiGate-VM offering, we added integration for VMware’s NSX-T partner service insertion for North-South and East-West.

This article provides information about Fortinet FortiGate-VM with the supported VMware environments. Specific versioning and other requirements can be seen below.

Disclaimer: The partner product referenced in this article is a software module that is developed and supported by a partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product.

For more information, see Fortinet Products and Datasheet.

VMware NSX-T Data Center 3.x
VMware NSX 4.x

FortiGate-VM Next-Generation Firewall technology delivers complete content and network protection by combining stateful inspection with a comprehensive suite of powerful security features. Application control, firewall, antivirus, IPS, Web filtering, along with advanced features such as an threat database, and vulnerability management work in concert to identify and mitigate the latest complex security threats.

Supported software

• Fortinet FortiGate-VM v7.2.2 (firewall device)
• Fortinet FortiManager v7.2.2+ (central management component). It can be a physical appliance or VM.
• VMware NSX-T 3.2/4.0
• VMware ESXi (compatible versions with NSX-T)
• VMware API version: NSX-T Data Center REST API v3.0+

For more information for supported versions of software, refer to VMware compatibility matrix.

Steps to download and install FortiGate-VM

FortiGate for VMware NSX-T

Once logged in to https://support.fortinet.com and navigate Download àFirmware Images à Download,
FortiGate-VM:
Select “FortiGate” under “Product” and drill down to the supported versions, v7.00 à 7.2 à 7.2.2.
Find the images that contain “nsxt” in the filename. i.e.
“FGT_VM64-v7.2.2.F-build1254-FORTINET.out.nsxt.zip”

FortiManager:
Select “FortiManager” under “Product” and drill down to the supported versions, v7.00à 7.2 à 7.2.2
Choose the desired deployment/upgrade file depending on the platform.

Basic Troubleshooting steps:

FortiManager, centrally managing FortiGate-VM devices, requires an Internet connection to validate their licenses and receive updates from the FortiGuard Distribution Network (FDN).  Besides locating this status in the Web UI, you may also open the CLI console and run the following commands.

FortiGate-VM:

To see license status as well as all stats of the system:
This information is required at every customer’s support call.
get system status

To view logs on the FortiGate-VM CLI standard output, run:

diag debug enable/disable - Enable/disable debugging output.

• diag debug application <name> <level> - Start debugging the named application with the specified debug level if you know the application. You can find what application is available for logging by entering ‘diag debug ?’
• diag debug flow trace start/stop - Start/stop packet trace debugging information for allowed/dropped traffic by rules.

Show logs on FortiGate-VM CLI standard output:

• exec log filter category <Enter> - Shows the list of category numbers/names.
• exec log filter category 1 - Here "1" means event log.

• exec log display - Display the current log at the time the command is run. Enter the command multiple times for multiple sequential outputs.

Packet sniffer (i.e. ping)

Displays the packet being transmitted through the FortiGate-VM. For example,
Diag sniffer packet any ‘icmp’
Diag sniffer packet any ‘icmp and host 172.120.149.119’

By typing “?” you can see what options can be entered. For example, ‘diag sniffer packet any ? ‘ will show you a guidance for the inputs.
Hit Ctl+C to stop the command.

Show all rules:
show

Exist from a mode / save and exit:
end

FortiManager:

To see license status as well as all stats of the system:
This information is required at every customer’s support call.
get system status    

For more detail, please refer to Fortinet Community and search by keywords.

Upgrade Path:

The upgrade path for FortiGate-VM running on NSX-T is the same as that of FortiGate-VM running on normal ESXi environments, which is represented as “FortiGate-VM” under “Current Product.”


Documentation:

General product documentation link: FortiGate Private Cloud

Support information:

Customer satisfaction is Fortinet's number one priority. Fortinet’s FortiCare support offerings provide global support for all Fortinet products and deliver best-in-class support services. With FortiCare support, customers can be assured that their Fortinet security products are performing optimally and protecting their corporate assets.

Contact information:

• Technical Support.
• General Corporate Contact Information.

FortiCare 24X7 Comprehensive Support

Customers who need round-the-clock access to mission critical support services will find that 24x7 Comprehensive Support meets their requirements. In addition to online ticket access and online chat, 24x7 includes telephone support at any time day or night.

FortiCare Premium Services

FortiCare Premium Services provide an additional level of personalized support designed for customers with mission critical networks. FortiCare Premium Services feature an experienced Technical Account Manager who is the primary point of contact for all support-related issues.