FortiGate-VMX 6.0.1 support for VMware NSX and VMware vSphere
search cancel

FortiGate-VMX 6.0.1 support for VMware NSX and VMware vSphere

book

Article ID: 324960

calendar_today

Updated On:

Products

VMware NSX Networking VMware vSphere ESXi

Issue/Introduction

Fortinet FortiGate-VMX is Fortinet’s next generation security virtual appliance. Building upon our popular FortiGate-VM offering, we added integration for VMware’s NSX API.

This article provides information about Fortinet FortiGate-VMX’s NSX integration with VMware environments.  Specific versioning and other requirements can be seen below.

Disclaimer: The partner product referenced in this article is a software module that is developed and supported by a partner. Use of this product is also governed by the end user license agreement of the partner. You must obtain from the partner the application, support, and licensing for using this product.

For more information, see Fortinet Products and Datasheet.

Environment

VMware NSX for vSphere 6.3.x
VMware vSphere ESXi 6.7
VMware NSX for vSphere 6.4.x
VMware vSphere ESXi 6.0
VMware vSphere ESXi 6.5

Resolution

Fortinet FortiGate-VMX

Fortinet FortiGate-VMX is a Virtual Appliance Solution for VMware environments that provides purpose-built integration for VMware’s Software-Defined Data Center (SDDC), interoperability with vSphere and NSX. FortiGate-VMX provides visibility into Virtualized Network traffic in the vSphere hypervisor through direct API-level integration, and management orchestration to secure workloads in dynamic software-defined networks and infrastructure without protection and compliance gaps.

Fortinet FortiGate-VMX is based on the latest version of Fortinet’s FortiOS; a security-hardened, purpose-built operating system.

Fortinet designed and built FortiOS v6.0.1 to deliver the advanced protection and performance that standalone products simply cannot match.  The services work together as a system to provide better visibility and mitigation of the latest network and application threats, stopping attacks before damage can occur.

Supported software
  • Fortinet FortiGate-VMX v6.0.1
  • VMware vSphere v6.0/6.5/6.7
  • VMware NSX v6.3.x/6.4.0/6.4.1
NetX library version
6.4.0-7564187

For more information on the additional supported software, see the VMware Compatibility Guide.

Steps to download and install FortiGate-VMX

See the Deployment section of Fortinet Document Library.
 
Basic troubleshooting steps

Certain port are required for communication between the FortiGate-VMX Service Manager and FortiGate-VMX Security Nodes through the “sync” interface:  700, 703 & 720 – these are for our cluster protocol, configuration synchronization and traffic such as license registration and log traffic.

More information on deployed FortiGate-VMX Security Nodes:  The FortiGate-VMX Service Manager shows how many Security Nodes are deployed and how many licenses are located in the centralized repository.

You may also log into the FortiGate-VMX Service Manager and use the command line widget to gain more information about deployed FortiGate-VMX Security Nodes. There is a detailed set of instructions available CLI commands located in FortiOS 6.0 CLI Reference.

Command option can be seen by typing "?" For example, exce nsx ? group  NSX Security Group Management. instance  NSX instance management. service NSX service management.

To show current settings:

Config global
  • exec nsx group list - Show list of groups/clusters and VMX instances that belong to them.
  • exec nsx instance list - Show detailed running status of all VMX instances.
  • exec nsx service status/get - Show the status of NSX service and its ID.
The FortiGate-VMX Service Manager requires an Internet connection to validate its license and receive updates from the FortiGuard Distribution Network (FDN).  Besides locating this status in the Web UI, you may also open the console and run the following command to see license status as well as all stats of the system:

get system status

To force a license validation from the FortiGate-VMX Service Manager to FDN:

config global exec update-now

To collect logs on the FortiGate-VMX Service Manager:

config global
  • diag debug enable/disable - Enable/disable debugging output.
  • diag debug application <name> <level> - Start debugging the named application with the specificed debug level.
  • diag debug flow trace start/stop Start/stop - Start/stop packet trace debugging information for allowed/dropped traffic by rules.
For more detail, please refer to http://kb.fortinet.com and search by keywords.

To check network connectivity and run ping on SVM or VMX:

config vdom
edit ns/nsx/root
exec ping <host>


To collect NetX logs from SVM / VMX:

config vdom
  • exec log filter category 1 - Here "1" means event log.
  • exec log filter category <Enter> - Shows the list of category numbers/names.
  • exec log display - Display the log.
To show all rules on the specified VDOM:

config vdom
edit ns/nsx/root
show


Connection settings to NSX service. Username, password, VMX image URL, etc. can be seen.

(Enter the SDN config mode first and then running show will denote the same result as running show from the global mode)

show system sdn-connector
config global
config system sdn-connector
config global
edit nsx
show/get


Exit from a mode / save and exit:

end

Upgrade Path:

Please refer to: http://cookbook.fortinet.com/sysadmins-notebook/supported-upgrade-paths-fortios/3/

FortiOS is applicable to FortiGate products including FortiGate-VMX.

Support information

Customer satisfaction is Fortinet's number one priority. Fortinet’s FortiCare support offerings provide global support for all Fortinet products and deliver best-in-class support services. With FortiCare support, customers can be assured that their Fortinet security products are performing optimally and protecting their corporate assets.

FortiCare 24X7 Comprehensive Support

Customers who need round-the-clock access to mission critical support services will find that 24x7 Comprehensive Support meets their requirements. In addition to online ticket access and online chat, 24x7 includes telephone support at any time day or night.

FortiCare Premium Services

FortiCare Premium Services provide an additional level of personalized support designed for customers with mission critical networks. FortiCare Premium Services feature an experienced Technical Account Manager who is the primary point of contact for all support-related issues.

Documentation

General product documentation link: http://docs.fortinet.com.

Contact information: