*Buy Fortinet Firewalls
*How To Reset A FortiGate Firewall To Factory Default Settings ...
*Fortinet Firewall Models
*Fortinet Firewall Training
*How To Download FortiGate VM64bit And VM 32bit - 2017 - YouTube
FortiGate VM Initial Configuration. Before you can connect to the FortiGate VM web-based manager you must configure a network interface in the FortiGate VM console. Once an interface with administrative access is configured, you can connect to the FortiGate VM web-based Manager and upload the FortiGate VM license file that you downloaded from the Customer Service & Support website. You will want to create an Virtual IP (Firewall Objects Virtual IP/VIP) pointing the external interface IP address to the internal interface and IP (and port number if you want to have multiple services use the same external IP). After you've created the VIP, goto Policies and create the policy to allow traffic to the VIP and service.
As we know, network equipment vendors periodically release new software which should fix the issues from the previous release. Still, it’s no secret that, sometimes, new firmware can fix one thing while also breaking two more in the process.Therefore, if a new firmware release promises a fix for periodic issues with your site-to-site VPN, which is very important for your business since it transports encrypted data between your offices, you should reconsider upgrading your firmware and testing if it fixed your VPN issues.However, if the greatest benefit from the firmware upgrade is an obscure issue in your FortiGuard Application Control where ‘block-page-status-code’ doesn’t work for HTTP status code of DLP replacement messages, maybe you should reconsider upgrading.In this article, we will go through potential dangers and things to think about prior to the upgrade attempt. Then we will go through the needed commands.
‘Well, it’s only a firmware upgrade.’How many times did you cringe when somebody told you ‘But it’s just to install a certificate, right?’ Seems the words just and only are frequently used by people in the industry, but you should be aware that “just that” usually means “only a few more” things to do.And while the process is indeed relatively straight-forward, as mentioned, it can lead to new issues (perhaps much worse than the issues you got resolved).That’s why you should chose to upgrade only if it’s necessary and you can see the benefit. The best option is obviously testing this in the lab. That way, you can also get some hands-on experience of the whole procedure.
Let’s cover the things you need to think about before upgrading your firewall.Install a TFTP server and ping it from the firewall to ensure connectivity.Obviously, you need to download the firmware image for your FortiGate model. Then, download the release you are currently using, to be able to downgrade if things go bad.After that, another obvious thing, which, if overlooked, can lead to very serious issues – backup your configuration.You can use these commands:
The first command will back-up your configuration and the second one will back-up your IPS custom signatures, if any.
Console cable requires its own section because I can’t stress how important is to have these few wires. For experienced engineers, it’s an obvious thing to have a console cable ready, but for the rest of you out there, maybe not.And why do we need a console cable?To prepare yourself for the possible nightmare situation.
Obviously, the worst thing that can happen after firmware upgrade is the total crash of your firewall.Picture this situation.You are upgrading your firmware on Friday, after business hours. You want to be ready for the possible issues and you want to have time over the weekend to fix it before people start working on Monday. Smart idea, right? It is, but you simply overlooked the console cable.After you finished your firmware upgrade and rebooted the firewall, the GUI won’t start. Your Fortigate crashed, and you now have no internet.You frantically call FortiGate support and they tell you will have to connect your computer to the FortiGate using the console cable, reset the device to factory settings, upgrade to the firware version you were using prior to the software upgrade attempt and load your saved configuration file from TFTP server.You now understand that you can’t really do anything of the recommended procedures since it’s already late.In the morning, you are trying to buy a console cable, but in your small town there is no IT shop that sells it (yes, it’s possible). Then you must drive for 200 miles to meet the cousin’s cousin who has the needed rolled over cable with the serial adapter for the PC.Sounds bad, right?That’s why my advice is to make sure to have that console cable, just in case.
Let’s get to the configuration, shall we?First, try to ping your TFTP server.
Then copy your new firmware image to your TFTP server.
After you issue the command, the FortiGate will warn you:
Type “Y” to continue.After the firewall installs the software, it will reboot.After you reconnect to the CLI, update your antivirus definitions.
That’s about it. Your new firmware is installed and now you just need to check if there are any bugs.
Fortunately, there is a way to test the new firmware before applying it for good.You can load the new firmware image and save it to the FortiGate’s memory. After upgrading the firmware, the firewall will use the new software only until the next reboot. If there are no bugs and you decide you are good to go, you can permanently install the image.So, let’s go through the process.First, connect to the firewall using the aforementioned console cable and make sure you can ping your TFTP server. Then, reboot the firewall. While it reboots along the way it will display this line:
Be careful here since you have three seconds to do this. If you miss it, you must reboot it again.If you stopped it properly, you will see this message:
Press “G” and, when prompted, type in the IP address of your TFTP server. Then insert the IP address of your firewall’s LAN.FortiGate will now ask for the name of your firmware image. The firewall will then upload the file and display the following message:
Chose “R”. The FortiGate will continue with the upgrade procedure.Now you have time to test if everything is working properly. If you find issues, just reboot the firewall and it will revert to the old firmware. If there are no issues, repeat the procedure and chose “D” this time or reboot the firewall and do the already described normal procedure.Hope this was informative and will save you some troubles.
Thank you to Filip Knezevic for his contribution to our blog.
FortiGate VM Initial Configuration
Before you can connect to the FortiGate VM web-based manager you must configure a network interface in the FortiGate VM console. Once an interface with administrative access is configured, you can connect to the FortiGate VM web-based Manager and upload the FortiGate VM license file that you downloaded from the Customer Service & Support website.
The following topics are included in this section: Set FortiGate VM port1 IP address
*Connect to the FortiGate VM Web-based Manager
*Upload the FortiGate VM license file
*Validate the FortiGate VM license with FortiManager
*Configure your FortiGate VM
Set FortiGate VM port1 IP address
Hypervisor management environments include a guest console window. On the FortiGate VM, this provides access to the FortiGate console, equivalent to the console port on a hardware FortiGate unit. Before you can access the Web-based manager, you must configure FortiGate VM port1 with an IP address and administrative access.
To configure the port1 IP address:
1. In your hypervisor manager, start the FortiGate VM and access the console window.
You might need to press Return to see a login prompt.
Example of FortiGate VM console access:
2. At the FortiGate VM login prompt enter the username admin. By default there is no password. Just press Return.
3. Using CLI commands, configure the port1 IP address and netmask. Also, HTTP access must be enabled because until it is licensed the FortiGate VM supports only low-strength encryption. HTTPS access will not work.
For example:
config system interface edit port1
set ip 192.168.0.100 255.255.255.0 append allowaccess http
end
You can also use the append allowaccess CLI command to enable other access protocols, such as auto-ipsec, http, probe-response, radius-acct, snmp, and telnet. The ping, https, ssh, and fgfm protocols are enabled on the port1 interface by default.
4. To configure the default gateway, enter the following CLI commands:
config router static edit 1
set device port1
end
set gateway <class_ip>
You must configure the default gateway with an IPv4 address. FortiGate VM needs to access the Internet to contact the FortiGuard Distribution Network (FDN) to validate its license.
5. To configure your DNS servers, enter the following CLI commands:
config system dns
set primary <Primary DNS server>
set secondary <Secondary DNS server>
end
The default DNS servers are 208.91.112.53 and 208.91.112.52.
6. To upload the FortiGate VM license from an FTP or TFTP server, use the following CLI command:
execute restore vmlicense {ftp | tftp} <VM license file name> <Server IP or FQDN> [:server port]
You can also upload the license in the FortiGate VM Web-based Manager. See Set FortiGate VM port1 IP address on page 2728.
Web–based Manager and Evaluation License dialog box
Connect to the FortiGate VM Web-based Manager
When you have configured the port1 IP address and netmask, launch a web browser and enter the IP address that you configured for port1. At the login page, enter the username admin and password field and select Login. The default password is no password. The Web-based Manager will appear with an Evaluation License dialog box.
Upload the FortiGate VM license file
Every Fortinet VM includes a 15-day trial license. During this time the FortiGate VM operates in evaluation mode. Before using the FortiGate VM you must enter the license file that you downloaded from the Customer Service & Support website upon registration.
To upload the FortiGate VM licence file:
1. In the Evaluation License dialog box, select Enter License.
You can also upload the license file via the CLI using the following CLI command:
execute restore vmlicense [ftp | tftp] <filenmame string>
<ftp server>[:ftp port]
The license upload page opens.
License upload page:
2. Select Browse and locate the license file (.lic) on your computer. Select OK to upload the license file.
3. Refresh the browser to login.
4. Enter admin in the Name field and select Login. The VM registration status appears as valid in the License Information widget once the license has been validated by the FortiGuard Distribution Network (FDN) or FortiManager for closed networks.
Validate the FortiGate VM license with FortiManager
You can validate your FortiGate VM license with some models of FortiManager. To determine whether your FortiManager unit has the VM Activation feature, see Features section of the FortiManager Product Data sheet.
To validate your FortiGate VM with your FortiManager:
1. To configure your FortiManager as a closed network, enter the following CLI command on your FortiManager:
config fmupdate publicnetwork set status disable
end
2. To configure FortiGate VM to use FortiManager as its override server, enter the following CLI commands on your
FortiGate VM:
config system central-management set mode normal
set type fortimanager
set fmg <IPv4 address of the FortiManager device>
set fmg-source-ip <Source IPv4 address when connecting to the FortiManager device>
set include-default-servers disable
set vdom <Enter the name of the VDOM to use when communicating with the FortiManager device>
end
3. Load the FortiGate VM license file in the Web-based Manager. Go to System > Dashboard > Status. In the License Information widget, in the Registration Status field, select Update. Browse for the .lic license file and select OK.
4. To activate the FortiGate VM license, enter the following CLI command on your FortiGate VM:
execute update-now
5. To check the FortiGate VM license status, enter the following CLI commands on your FortiGate VM:
get system status
The following output is displayed:
Version: Fortigate-VM v5.0,build0099,120910 (Interim) Virus-DB: 15.00361(2011-08-24 17:17)
Extended DB: 15.00000(2011-08-24 17:09) Extreme DB: 14.00000(2011-08-24 17:10) IPS-DB: 3.00224(2011-10-28 16:39)
FortiClient application signature package: 1.456(2012-01-17 18:27) Serial-Number: FGVM02Q105060000
License Status: Valid
BIOS version: 04000002
Log hard disk: Available Hostname: Fortigate-VM Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable Current HA mode: standalone Distribution: International Branch point: 511
Release Version Information: MR3 Patch 4Buy Fortinet Firewalls
System time: Wed Jan 18 11:24:34 2012
diagnose hardware sysinfo vm full
The following output is displayed: UUID: 564db33a29519f6b1025bf8539a41e92 valid: 1
status: 1
code: 200 (If the license is a duplicate, code 401 will be displayed)
warn: 0 copy: 0 received: 45438 warning: 0
recv: 201201201918 dup:
Configure your FortiGate VM
nce the FortiGate VM license has been validated you can begin to configure your device. You can use the Wizard located in the top toolbar for basic configuration including enabling central management, setting the admin password, setting the time zone, and port configuration.
For more information on configuring your FortiGate VM see the FortiOS Handbook at http://docs.fortinet.com.How To Reset A FortiGate Firewall To Factory Default Settings ...Fortinet Firewall ModelsHaving trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!Fortinet Firewall TrainingHow To Download FortiGate VM64bit And VM 32bit - 2017 - YouTubeDon't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!- FortinetGuru YouTube Channel- FortiSwitch Training Videos
