Knowledgebase Networking and Security How to configure FortiGate VM for Network Security on Kamatera

How to configure FortiGate VM for Network Security on Kamatera

FortiGate VM provides protection from a broad array of network threats. It is a virtualized version of Fortinet’s FortiGate firewall, that is designed to provide the same robust security features as the hardware-based version in a virtual environment. 

   

It provides robust network security solutions by integrating protective functions into a single machine. Its high performance is ensured by accommodating networks of various sizes and scalability. FortiGate’s user-friendly interface and automation capabilities help organizations maintain robust security while meeting compliance requirements.

   

Here is a step-by-step guide to configuring FortiGate VM on Kamatera for maximum network security.

   

First, create an account on Kamatera.

   

Go to console.kamatera.com and sign up for an account by providing the following information:

  1. Verify Your Email: Click the verification link sent to your email by Kamatera.
  2. Password: Enter your password.
  3. Repeat Password: Re-enter your password and click Create Account.

 
Then, access the Kamatera management console.

Enter your username and password and click Login to access Kamatera Management Console.

Log in to Kamatera management console

 

  1. Navigate to My Cloud on left hand side, select Servers and click on Create New Server.

Choose a zone.

Choose the zone that you need.

Note: For this setup, we used the Asia server domain to set up the Windows Server.

 

 

  1. Choose an image.

Kamatera offers a variety of App and Server Images to help users set up preconfigured resources. You can explore options such as:

In this, select Service Images and select FortiGate VM and choose the latest version of FortiGate VM.

Note: Here the latest version of FortiGate is 7.0.1.

 

You can see the details of FortiGate URL, username, and password.

 

  1. Toggle the Detailed view button to enable you to view the detailed description, including the price.

 

Choose server specs.

Field Description
Type Type B-General Purpose– Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed.

Type DDedicated – –Server CPU are assigned to a dedicated physical CPU Core (2 threads) with reserved resources guaranteed.    

Type T – Burst – Server CPU are assigned to a dedicated physical CPU thread with reserved resources guaranteed. Exceeding an average usage of 10% will be extra charged for CPUs usage consumption.

Type A-Availability- Server CPUs are assigned to a non-dedicated physical CPU thread with no resources guaranteed.

Note: More information on CPU types is available on the My Cloud- Pricing page.
CPU Choose the number of vCPUs that will be installed on the server. Type B/T can be configured with upto 104 vCPUs per server. Based on Intel’s latest Xeon Processors, 2.7 GHz+.
RAM Choose the amount of RAM that will be installed on the server. Type B/T/D can be configured with upto 512GB RAM per server. 
SSD DISK Choose SSD Storage Size. You can add upto 15 SSD Disk. SSD Storage includes unlimited IOPS and unlimited storage bandwidth, free of charge.
Daily Backup Toggle the switch to enable extended daily backups of your server’s storage to external backup storage.
Management Services Toggle the switch to enable Management Services to the server’s operating system by Kamatera Technical Support Team. 

4. Toggle Daily Backup and Management Services buttons enabled or disabled, according to your requirements.

Field  Description
Daily Backup Check to add an extended daily backup of your server’s storage to external backup storage.
Management services Check to add management services to the server’s operating system by our Professional Services Support Team.
  1. Choose networking

You can select the network that works for you, whether it’s a public Internet network or a private local network.

Simple Mode

 

 

Field Description
Public Internet Network Check to connect the server to a network interface connected to Public Internet Network.
Private Local Network Check to connect the server to a network interface connected to Private Local Network.

 

 

Field Description
NIC #1 Select WAN from the options available in the drop-down menu.

  • WAN
  • LAN
  • New LAN

Select auto from the options available in the drop-down menu. 

  • Auto
  • Network

Select auto from the options available in the drop-down menu.

  • Auto 
  • IP
WAN Traffic Select 5000 GB per month/ on 10 Gbit per second port.
  1. Advanced Configuration 

 Hide – If the user wants to hide the advanced configuration. 

 Show – If you want to see the advanced configuration.

 

 

Field Description
Keep Server On Failure Do not terminate server if Start up Script or Provisioning Fails
Tags Select the Tags from the drop-down menu and click Add Tag.

 

  1. Finalize Settings

Finalize settings by setting the password, re-validating it, selecting the number of servers, specifying the server name, and enabling the Power On Servers option.

 

 

Field Description
Password Select password 

Password allowed characters: a-z, A-Z,0-9 !@#$^&*()~ and must need the following requirements:

  • At least 14 characters
  • At most 32 characters
  • At least one lowercase character
  • At least one upper case character
  • At least one number
  • Includes allowed characters only
Validate Re-enter the password to validate.
Servers Select the number of servers the user wants.
Name # 1 Enter the name of the server.
Power On Servers Switch on the toggle button to see the details

 

Note: Once the user enters the details in Finalize Settings, they can select either the Monthly Billing Cycle or Hourly Billing, depending on their requirements.

  1. Billing Cycle and Pricing

 

The user can choose between the Monthly Billing Cycle and Hourly Billing Cycle.

Note: The Server Summary displays the location, operating system (including server specifications), add-on services, servers, and pricing.

Click Create Server.

  1. In Tasks Queue, you can see the FortiGate VM server is downloading.

 

 

  1. Now, you can see the installation is complete.

 

  1. FortiGate VM server is reflected in the Server Management dashboard. Click on Open, beside the FortiGate VM server.

 

  1. Overview tab in the center displays information like Power state, Guest OS, Zone, WAN, LAN and Server ID of the server 

Click on Connect to connect to the server.

 

13. Click on Open Remote Console.

 

  1. A Command Line Interface opens. Enter your login credentials.

 

You may encounter problems such as your license has expired, then you need to add the new license by clicking on Upload.

After uploading, click OK.

  1. Now, go to browser and enter the IP address of the FortiGate server.

http://xxx.xxx.x.xx

Enter your Username and Password and click on Login.

 

 

 

  1. In the FortiGate Setup window, Click on Begin or Later.

Note: Here, we clicked on Begin.

 

 

  1. Select Optimal or Comprehensive according to your requirements. Click on OK.

Note: Optimal is selected. 

 

 

  1. Toggle Don’t show again to enable, so that it is not seen every time you login.

Click on OK.

 

 

  1. Now, you can explore the features of the FortiGate VM dashboard.

 

  1. Bell icon shows the notifications, such as VM evaluation license. If it is expired, then you must redo the process.

  1. In the left pane, under Network, select Interfaces.

Network refers to the configuration settings related to how FortiGate VMs will interact and manage network traffic.

Now, in the middle pane, you can see the internal LAN: port 1 and port 2

HTTP is in red, because they are not secure and not recommended.

 

 

 

21. Click on Command prompt (CLI) button in the top right corner to check whether this FortiGate VM can access the Internet.

 

In the CLI Console, run the below command.

Command: exe ping 8.8.8.8

If you see the message shown in the screen below, then your VM is accessing the Internet.

 

 

  1. Under Policy & Objects, select Firewall policy. 

Policies are rules that manage, and control networks based on certain predefined criteria. 

 

 

Note: Select All Sessions in Logging Options.

             Toggle Enable the policy on to enable the policy.

Click on Ok.

 

  1. Congratulations! You have successfully downloaded FortiGate and configured it for maximum network security. You can continue to use FortiGate for your lab activity and explore more features. 

Have additional questions? Search below: