Documente Academic
Documente Profesional
Documente Cultură
FORTINET DOCUMENTLIBRARY
http://docs.fortinet.com
FORTINETKNOWLEDGE BASE
http://kb.fortinet.com
FORTINETFORUMS
https://forum.fortinet.com
CUSTOMERSERVICE&SUPPORT
https://support.fortinet.com
FORTIGUARDCENTER
http://www.fortiguard.com
FEEDBACK
Email: courseware@fortinet.com
6/13/2017
TABLEOFCONTENTS
Change Log 4
Disclaimer 6
Introduction 7
Materials 8
Additional files required for the labs 9
System Requirements 10
Network Topology 10
Loading the VMs in VMware Workstation 11
Loading the Windows VMs on VMware Workstation 12 11
Loading the Fortinet VMs on VMware Workstation 12 11
Loading the Prebuilt Linux Image 12
Loading the FIT VM 12
Configuring VMware Virtual Networking 13
Configuring the VMs 16
Linux 17
Local-FortiGate 24
Local-Windows 25
FortiManager 35
FortiAnalyzer 38
Restoring the Local-FortiGate Initial Configuration and License 39
Remote-FortiGate 40
Remote-Windows 41
Testing 43
Creating Snapshots 45
Change Log
The FortiGate 5.4 Lab Setup Guide has been updated to include the latest training releases of FortiAnalyzer
5.4.2 and FortiManager 5.4.2.
If you already built your virtual lab environment based on the FortiGate 5.4 Lab Setup Guide, and will be teaching
FortiAnalyzer and FortiManager 5.4.2, you need to make modifications to your lab environment as outlined
below.
If you have not already built the FortiGate 5.4 lab environment as per the FortiGate
5.4 Lab Setup Guide, you can ignore this Change Log and complete the lab setup in
its entirety.
Obtain VM firmware image You can download the files from Fortinet Support (www.support.fortinet.com)
files for: by logging in with supplied credentials.
l FortiAnalyzer 5.4.2 Perform a firmware update on your existing FortiAnalyzer and FortiManager
l FortiManager 5.4.2 VMs through the System Resources widget on the Dashboard of each VM.
This replaces the FortiAnalyzer The IP address for both VMs will remain the same.
and FortiManager 5.4.0 VMs.
Replace the Resources folder The Resources folder is provided in the Virtual-Lab-Setup-Files-
on your Local-Windows Desktop FGT-FAZ-FMG-5.4.zip.
Upload the new 5.4.2 initial l FortiManager: Log into the FortiManager GUI at 10.0.1.241 (admin / blank
configuration files for both password) and restore the initial configuration from:
FortiAnalyzer and FortiManager
Resources/FortiManager/initial-config/FMG-5.4.2-
VMs
initial.dat
*Obtain 1 IOC license for After purchase, you can download the files from Fortinet Support
FortiAnalyzer (www.support.fortinet.com) by logging in with supplied credentials.
4 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Change Log
*Upload the IOC license to See To upload the entitlement files for instructions.
FortiManager
Install Nikto v2.1.5 on the Linux If you are using the pre-built Linux VM, the VM is included in the Virtual-
VM* Lab-Setup-Files-FGT-FAZ-FMG-5.4.zip. This Linux VM already
includes Nikto, so you only need to replace your existing Linux VM with this
new one.
If you built your Linux from scratch, you will need to complete the Nikto
installation on your Linux VM. See Installing Nikto for instructions.
*Add a PuTTY bookmark for FIT See To create bookmarks in PuTTY for instructions.
in Local-Windows
*Create the FAZadmin user in See To create the Training OU and additional users for instructions.
the Training OU in Active
Directory (Local-Windows)
* This is only required for the FortiAnalyzer 5.4.2 training. It is not necessary for the FortiGate or FortiManager
training.
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 5
Fortinet Technologies Inc.
Disclaimer
Fortinet only supports lab environments that are built to the specifications outlined in this guide. Any
modifications to, or deviations from, the environment described in this guide can impact the outcome of the
student lab exercises. Lab exercises are used as a way to reenforce learning, and knowledge obtained from
successfully performing these labs is essential for NSE certification preparation.
6 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Introduction
This guide explains how to configure the lab for the following Fortinet training courses:
1. Load, configure, and test the VM images required for this lab.
2. Save a VMware snapshot of the VM images.
3. Deploy a copy of all VMs for each student every time there is a class.
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 7
Fortinet Technologies Inc.
Materials
To build the virtual lab required for this class, you must purchase or download:
Resource Information
1 VMware Workstation
installation per For hardware system requirements, see System Requirements
student
2 FortiGate VM
For Local-FortiGate and Remote-FortiGate
licenses
1 FortiAnalyzer VM
Must be registered with the IPaddress 10.0.1.210
license
1 FortiManager VM
Must be registered with the IPaddress 10.0.1.241
license
1 FortiGuard Web
Filtering and IPS For Local-FortiGate only
contract
For FortiAnalyzer (only required if teaching the FortiAnalyzer 5.4.2 course). Provides the
1 IOC license
Indicators-of-Compromise feature.
2 Windows Server
For Local-Windows and Remote-Windows
2012 VMs
Prebuild image is provided by Fortinet Training. The image is provided in the Virtual-
1 Linux VM image
Lab-Setup-Files-FGT-FAZ-FMG-5.4.zip.
Prebuild image is provided by Fortinet Training (only required if teaching FortiAnalyzer 5.4.2).
1 FIT VM image
The image is provided in the Virtual-Lab-Setup-Files-FGT-FAZ-FMG-5.4.zip.
VM firmware image
files for:
l FortiGate 5.4.1 After purchase, you can download the files from Fortinet Support (www.support.fortinet.com)
l FortiAnalyzer 5.4.2 by logging in with supplied credentials.
l FortiManager 5.4.2
8 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Materials Additional files required for the labs
Resource Information
1 Resources folder
that includes:
l Initial configuration Prebuild files are provided by Fortinet Training. The files are provided in the Virtual-Lab-
for each lab Setup-Files-FGT-FAZ-FMG-5.4.zip.
l Solution
configuration files for
each lab
Some of these files are provided in the Virtual Lab Setup Guide ZIP package.
Software Resource
Mozilla Firefox
https://www.mozilla.org/en-US/firefox/new/
46.0.1
Mozilla Thunderbird
https://www.mozilla.org/en-US/thunderbird/
45.1.0
ActivePerl
http://www.activestate.com/activeperl/downloads
5.22.1.2201
Windows Server
2012 patch Installation file provided in the Virtual-Lab-Setup-Files-FGT-FAZ-FMG-5.4.zip.
KB9089134
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 9
Fortinet Technologies Inc.
System Requirements Materials
Software Resource
FileZilla Client
https://filezilla-project.org/download.php
3.17.0.1
FortiClient 5.4.0
https://support.fortinet.com
build 0780
Java 8 Update 91
System Requirements
l 1 Ethernet interface
l 8 GB RAM
l 300 GB storage (hard disk, SAN, etc.)
Network Topology
10 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Loading the VMs in VMware Workstation
This section outlines how to load the VMs in VMware Workstation, including the Windows VMs, Fortinet VMs
(FortiGate, FortiManager, and FortiAnalyzer), and the Linux VM.
The following procedure outlines how to create Windows VMs on VMware Workstation 12.
The following procedure outlines how to create the FortiGate, FortiManager, and FortiAnalyzer VMs on VMware
Workstation 12.
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 11
Fortinet Technologies Inc.
Loading the Prebuilt Linux Image Loading the VMs in VMware Workstation
l FortiAnalyzer
The following procedure outlines how to load the prebuilt Linux image on VMware Workstation 12.
The FIT (Firewall Inspection Tester) VM includes a traffic generation tool used for the FortiAnalyzer labs. The VM
generates web browsing traffic, application control, botnet IP hits, malware URLs, and malware downloads.
The following procedure outlines how to load the FITVMimage on VMware Workstation 12.
12 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Configuring VMware Virtual Networking
Once you've loaded the VMs, you must configure their virtual network adapters to make the lab's required virtual
network topology.
l Local-Windows
l Remote-Windows
l Local-FortiGate
l Remote-FortiGate
l Linux
l FortiAnalyzer
l FortiManager
l FIT VM (traffic generator used for the FortiAnalyzer course)
The topology supports both HA and non-HA topology, which the students will switch between during the labs by
reconfiguring their VMs; no VMware reconfiguration is required.
The key to this flexible networking is the six LAN segments used in the current setup, plus the predefined
interfaces: vmnet0 and vmnet1.
l vmnet0 bridges the physical NIC which provides the default route to the Internet.
l vmnet1 is a host-only private network shared between the host and the guest systems.
By mapping the guest VMs virtual NICs to virtual LAN segments, you create the topology.
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 13
Fortinet Technologies Inc.
Configuring VMware Virtual Networking
1 (first) LAN3
1 LAN6
l For both FortiGate VMs (Local-FortiGate and Remote-FortiGate), map the first seven network adapters:
1 LAN1
2 LAN2
3 LAN3
4 LAN4
5 LAN5
14 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Configuring VMware Virtual Networking
6 LAN6
7 LAN3
1 LAN3
2 LAN1
2 LAN3
4 LAN1
This actually maps FortiAnalyzer port1 to LAN3, as VMWare port2 corresponds to FortiAnalyzer port1. It
also maps port3 to LAN1, as VMWare port4 corresponds to FortiAnalyzer port3.
1 VMnet0
2 LAN1
3 LAN2
4 LAN4
5 LAN5
1 LAN3
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 15
Fortinet Technologies Inc.
Configuring the VMs
Before you deploy the VMs, you must first install the required software and files on your Windows VM. You must
also configure some initial settings on your Fortinet VMs so that they have network connectivity, and load their
VM license.
The prebuilt Linux VM provided with the Virtual Lab Setup resources is already
configured. The root password for the prebuilt VM is: password.
The prebuild FIT VM provided with the Virtual Lab Setup resources is already
configured.
16 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Linux
If you choose not to use the prebuilt Linux VM provided with the Virtual Lab Setup resources, you can use the
instructions provided in this section to build your own, or use them to understand the configuration of the prebuilt
VM.
To configure networking
1. From the network configuration tools, configure the interface IP addressing.
eth0 = LAN0 = Management network
eth1 = LAN1 = 10.200.1.254/24
eth2 = LAN2 = 10.200.2.254/24
eth3 = LAN4 = 10.200.3.254/24
eth4 = LAN5 = 10.200.4.254/24
2. Activate the network adaptors.
3. Enable routing and add iptables NAT policy:
sysctl -p /etc/sysctl.conf
iptables F
iptables t nat F
6. Add a single NAT rule to NAT all outing packets with the address obtained by DHCP on eth0:
iptables t nat L
service iptables save
/etc/sysconfig/network-scripts/ifcfg-eth0
/etc/sysconfig/network-scripts/ifcfg-eth1
/etc/sysconfig/network-scripts/ifcfg-eth2
/etc/sysconfig/network-scripts/ifcfg-eth3
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 17
Fortinet Technologies Inc.
Linux
/etc/sysconfig/network-scripts/ifcfg-eth4
In each of these files, find a line that says HWADDR=mac-address-here and delete the whole HWADDR
line.
setenforce 0
/etc/selinux/config
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd-222.conf
cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd-21.conf
rm /etc/vsftpd/vsftpd.conf
5. Edit the configuration file vsftpd-222.conf and add the following lines at the end of the file:
port_enable=YES
port_promiscuous=YES
pasv_enable=NO
listen_port=222
listen_address=10.200.3.254
6. Edit the configuration file vsftpd-21.conf and add the following line at the end of the file:
listen_address=10.200.1.254
18 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Linux
To configure Syslog
1. The syslog package should already be installed. Enable remote logging on the service:
local6.* /var/log/fortinet
3. Restart syslog:
5. Configure SNMP-Utils:
To configure email
1. Enter the following commands:
3. Make that change operational for the current session by running the command:
4. Make that change operational after the next reboot by running the command:
chkconfig dovecot on
l Uncomment:
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 19
Fortinet Technologies Inc.
Linux
myorigin = $mydomain
l Uncomment:
myhostname = host.domain.tld
l Uncomment :
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
l Uncomment:
mynetworks = 168.100.189.0/28
l Uncomment:
inet_interfaces = all
l Comment:
inet_interfaces = localhost line.
To configure OpenSSL
1. From the /root directory:
mkdir ssl
cd ssl
mkdir certs
mkdir newcerts
mkdir requests
mkdir keys
touch index.txt
touch serial
echo 01 > serial
cp /etc/pki/tls/openssl.cnf
20 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Linux
To configure accounts
1. Open a terminal and type:
system-config-users
2. In the User Manager dialog box, click Add User and add the following accounts:
User Password
admin fortinet1
student fortinet1
FortiGate fortinet1
<html>
<head>
<title> Result from upload </title>
</head>
<body>
File Upload Processed!
</body>
</html>
6. Click Save.
7. Click Close.
8. Still in /var/www/html, right-click and selec Create Document > Empty File.
9. Name it fileupload.html.
10. Right click and click Open with "Text Editor".
11. Copy and paste the html syntax as below:
<html>
<head>
<title> Test for file upload DLP Lab </title>
</head>
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 21
Fortinet Technologies Inc.
Linux
<body>
<font face='Comic Sans MS'>
<h1> DLP Upload Test Page</h1>
<h2>In order to test the DLP Sensor either upload a file or type in the text to be
blocked into the text area and press submit, if the post would have been successful
you will see a upload processed page</h2><br>
<h4>File Upload</h4>
<form action='result.html' method='post' enctype='multipart/form-data'>
<input type='file' name='TestFile'/><br>
<input type='submit' value='Submit the file'><br>
</form>
<h4>Text Input</h4>
<form action='result.html' method='post' enctype='multipart/form-data'>
<input type='textarea' name='TestArea'/><br>
<input type='submit' value='Submit the TextArea'><br>
</form>
</font>
</body>
</html>
Installing Nikto
For the FortiAnalyzer 5.4.2 training, Nikto is installed on the Linux VM and the FortiAnalyzer labs run this Nikto
instance. For the FortiGate 5.4.1 training, Nikto is installed on Local-Windows and the FortiGate labs run this
Nikto instance. Nikto runs much faster on Linux and this is required for the FortiAnalyzer training.
Accordingly, if you are teaching the FortiAnalyzer course, install Nikto on the Linux VM. If you are not teaching
FortiAnalyzer, then you only need to install Nikto on Local-Windows.
For example:
# wget https://cirt.net/nikto/nikto-2.1.5.tar.gz
cd ~
sudo cp -apvf nikto-2.1.5/* /usr/local/bin/
22 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Linux
ls -l /usr/local/bin/
sudo vim /usr/local/bin/nikto-2.1.5/nikto.conf
4. Create a symlink for the conf file to /etc and then make the Nikto script executable using chmod:
/usr/local/bin/nikto.pl -update
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 23
Fortinet Technologies Inc.
Local-FortiGate
The following procedure outlines how to configure the network interfaces on Local-FortiGate.
exec formatlogdisk
This formats the virtual disk, which is required to store data such as local reports or logs. The device will
reboot after the format is complete.
24 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Local-Windows
The Local-Windows VM is used as the student's network management computer in the lab. Students will
initiate most client network connections from it, and administer Fortinet VMs.
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 25
Fortinet Technologies Inc.
Local-Windows
6. Click Next.
7. On the Server Roles screen, select Active Directory Domain Services, DNS Server, and Web Server
(ISS). Add all the features for those three roles.
8. Click Next.
9. Click Next until you get the Confirmation screen.
10. Click Install. Wait until the installation finishes.
11. From the Server Manager, click the flag icon with the exclamation point and select Promote this server to a
domain controller:
26 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Local-Windows
4. Create user ADadmin for the class, with password Training!. Disable User must change password at next
logon and enable Password never expires.
7. Type Training! as the password. Disable User must change password at next logon and enable
Password never expires.
8. Repeat the process to create another two users in the Training organizational unit (same settings and password):
l aduser2
l FAZadmin
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 27
Fortinet Technologies Inc.
Local-Windows
8. Click OK.
28 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Local-Windows
8. Click Next.
9. Confirm the installation and reboot the VM after the installation finishes.
To configure Thunderbird
1. Open Mozilla Thunderbird and click the three bars icon in the upper right of the application.
2. Select Options > Account Settings.
3. Select Outgoing Server (SMTP) and click Add. Configure the following settings:
Setting Value
Port 25
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 29
Fortinet Technologies Inc.
Local-Windows
Setting Value
Username student
4. Click OK.
5. From the bottom of the left menu of the Account Settings dialog, click Account Actions > Add Mail
Account.
6. Add the following account:
Password fortinet1
7. Click Continue.
8. Add the following incoming and outgoing server settings:
Password fortinet1
To configure FileZilla
1. Open FileZilla.
2. Click on the upper left icon to open the site manager.
3. Add this site and name it FTPsite:
30 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Local-Windows
l Host: 10.200.3.254
l Port: 222
l Protocol: FTP
l Encryption: Use plain FTP
l Logon type: Anonymous
Before saving the site, click on the Transfer Settings tab and select Active as the transfer mode.
A wizard opens.
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 31
Fortinet Technologies Inc.
Local-Windows
3. Click Save.
4. Repeat steps 2 and 3 for the following VMs:
32 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Local-Windows
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 33
Fortinet Technologies Inc.
Local-Windows
c:\Perl64\bin
3. Add shortcuts to the Windows task bar and desktop for the following applications: File Explorer, Firefox, PuTTY,
command prompt, Notepad++, Windows Remote Desktop Connection, and FileZilla.
4. Add the following paths to the Path System variable:
C:\Users\Administrator\Desktop\Resources\FortiGate-II\IPS\nikto-2.1.5
C:\Program Files (x86)\GnuWin32\bin
C:\Users\Administrator\Desktop\Resources\FortiGate-I\Logging
C:\Users\Administrator\Desktop\Resources\FortiGate-II\IPv6
5. Open Mozilla and add the following four bookmarks to the bookmarks toolbar:
l Local-FortiGate: http://10.0.1.254
l Remote-FortiGate: http://10.200.3.1
l FortiManager: https://10.0.1.241
l FortiAnalyzer: https://10.0.1.210
34 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
FortiManager
Even though FortiManager is not the focus of FortiAnalyzer and FortiGate courses, it is required for the lab setup
due to the use of closed network mode. More information about the FortiManager closed network mode can be
found in this document:
http://docs.fortinet.com/uploaded/files/2153/LicensingIsolatedFortiGates.pdf
Alternatively, as with registration, you can attach a spreadsheet that contains serial
and license numbers if you want to ask for entitlement files for two or more FortiGate
VMs at the same time. Fortinet Technical Support will provide one entitlement file that
contains validation information for all of your FortiGate VMs. All FortiGate VMs must
be registered with the same account;devices registered under different accounts
cannot be combined into the same entitlement file.
Within a day or two, you should receive an entitlement file from customer service.
2. Connect to the GUI from the Local-Windows VM and restore the FMG-5.4.2-initial.dat file from the folder
Resources/FortiManager/initial-config.
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 35
Fortinet Technologies Inc.
FortiManager
7. Click Apply.
8. Wait until FortiManager has downloaded and synchronized all the service packages and updates. This could take
several hours.
If you previously built your environment for the FortiGate 5.4.1 course and are now
updating your environment for the FortiAnalyzer and FortiManager 5.4.2 courses, you
must re-download all the service packages and updates again.
9. Check the status of the updates through the following CLI commands:
36 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
FortiManager
Once complete, the upullStat should say Synced. Note that it will sync after every package
FortiManager downloads, so you can run these commands multiple times to verify the status. It should take
several hours to complete.
If you do not see any progress in the downloads, for example, the UpullStat
remains in the Connected state, you can manually trigger the update through the
following commands:
# diagnose fmupdate updatenow fds
# diagnose fmupdate updatenow fdg
10. Once complete, the file size for web filtering (FURL) and email filter (SPAM00x) under Query Server
Management > Receive Status should be approximately as they appear in this screenshot:
12. After the FortiGuard packages and updates are synchronized, click Advanced Settings and turn off Enable
Communication with FortiGuard Server.
13. Click Apply.
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 37
Fortinet Technologies Inc.
FortiAnalyzer
The following procedure outlines how to configure the FortiAnalyzer system settings.
3. Connect to the GUI from the Local-Windows VM and restore the file from the folder
Resources/FortiAnalyzer/initial-config/FAZ-5.4.2-initial.dat
If you are teaching the FortiAnalyzer 5.4.2 course, you can confirm whether the IOC
license you uploaded to FortiManager is successfully being managed by
FortiManager by running the following command on FortiManager:
# diag fmupdate dbcontract
Under the FortiAnalyzer serial number, you should see a contract that starts with
PBDS. This is the IOC license.
38 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Restoring the Local-FortiGate Initial Configuration and License
At this stage, you are ready to restore the Local-FortiGate initial configuration and license.
If the license status does not appear as Valid, run the following command:
# execute update-now
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 39
Fortinet Technologies Inc.
Remote-FortiGate
The following procedure outlines how to configure the network interfaces on Remotel-FortiGate.
4. Connect to the GUI from the Local-Windows VM and upload the remote-initial.conf file from the folder
Resources/FortiGate-I/Introduction.
5. Upload the VM license for this device.
FortiGate should validate the license against FortiManager. None of the FortiGuard services are required in
this FortiGate.
If the license status does not appear as Valid, run the following command:
# execute update-now
40 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Remote-Windows
Windows8.1-KB9089134-x64.exe
This file can be found compressed in the Lab Setup ZIP file.
If you get an error indicating that the hotfix has expired, change the Local-Windows system date to April 1,
2015 and try the installation again. After the installation, you can change it back to the right date.
l Firefox
l PuTTY
l Wireshark
l Java
l Adobe Flash
l Notepad++
l FortiClient (install only the VPN module)
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 41
Fortinet Technologies Inc.
Remote-Windows
Once installed, add shortcuts to the Windows task bar and desktop for the following applications:
l File Explorer
l Firefox, PuTTY
l command prompt
l FortiClien.
42 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Testing
Once you have all VMs installed, and have configured all LAN segments, host IP settings and virtual network
connections, test connectivity.
10.0.1.241 FortiManager
10.0.1.210 FortiAnalyzer
10.0.1.20 FIT (only if you are teaching the FortiAnalyzer 5.4.2 course)
10.0.1.241 FortiManager
10.0.1.210 FortiAnalyzer
10.0.1.20 FIT (only if you are teaching the FortiAnalyzer 5.4.2 course)
4.2.2.2 LAN0
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 43
Fortinet Technologies Inc.
Testing
10.200.1.241 FortiManager
10.200.1.210 FortiAnalyzer
10.0.1.20 FIT (only if you are teaching the FortiAnalyzer 5.4.2 course)
44 Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4
Fortinet Technologies Inc.
Creating Snapshots
Once you have completed and tested your configuration, save a snapshot of each VM. These snapshots are what
you will deploy for each student in the class.
You can also re-deploy these snapshots to revert a student's VM if their configuration is not working and they
need to quickly restore it to a functional state.
Virtual Lab Setup Guide for FortiGate, FortiAnalyzer, and FortiManager 5.4 45
Fortinet Technologies Inc.
No part of this publication may be reproduced in any form or by any means or used to make any
derivative such as translation, transformation, or adaptation without permission from Fortinet Inc.,
as stipulated by the United States Copyright Act of 1976.
Copyright 2017 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiCare and FortiGuard, and certain other marks are registered trademarks of Fortinet,
Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and
actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein
represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified
performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. In no event does Fortinet make any
commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking statements herein are not accurate.
Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.