Running FortiGate as a Qemu VM in GNS3

Running FortiGate as a Qemu VM in GNS3 

Published on January 17, 2016 

Li k e Ru n n i n g Fo rt i G at e as a Q e m u VMi S 3n G N

46 

Co mme n t

8 

S h are S h are Ru n n i n g Fo rt i G at e as a Q e m u VMi n G NS 3

5

Andras Dosztal FollowAndras Dosztal

Network Domain and Solution Architect at IT Services Hungary Kft.

This is a step by step guide on adding FortiGate to GNS3 where then you can use it as virtual network device, just like an IOS router running on Dynamips. GNS3 1.4.0 running on Linux was used for writing of this document.

Preparation 1. Get FortiGate VM. There's a 15 days demo available on the Fortinet site after registration. The required file's name will be something like this: FGT_VM64_KVM-FORTINET.out.kvm.zip

Make sure you download the KVM version; after extracting the archive, you should have a file named “fortios.qcow2”. 2. FortiGate requires a 2nd hard disk; create an empty one by entering this command in terminal: qemu-img create -f qcow2 fortigate_30g.qcow2 30G

3. Upload the images to you GNS3 VM (select Qemu as file type):

Creating the VM 1. In GNS3, go to Edit → Preferences → Qemu VMs, then click on New. 2. In the appearing window, select your GNS3 VM. Click on Next. 3. Leave the VM type on Default. Click on Next. 4. Enter a name (e.g. FortiGate 5.2.5) for your device. Click on Next. 5. Change RAM to 1024 MB. Click on Next. 6. Select "fortios.qcow2" from the disk image list (i.e. not the empty file you created before). Click on Finish.

Setting VM parameters FortiGate cannot be started right after creating the VM. Select the FortiGate VM from your Qemu VMs, then click on Edit. Change the following parameters on each tab:

General settings



Change category to "Security devices"

HDD 



Change HDA's interface to "virtio". Add "fortigate_30g.qcow2" to HDB's disk image. Change the disk interface to "virtio" as well.

Network 



Change the number of adapters to 10. Change type to "Paravirtualized Network I/O (virtio-netpci)".



Change name format to "Port{port1}"

Screenshots This is how it should look like:

Get your VM working

To test the VM, I created a simple topology with two Dynamips IOS devices:

Interface settings and ping tests can be found here. Note: for successful ping tests, you have to enable ping on port2 too ("set allowaccess ping"). 