Deploy Fortigate Firewall with Trial License to Azure Free Tier VM

Deploy Fortigate Firewall with Trial License to Azure Free Tier VM

There are lots of limitation for you to deploy Azure marketplace's Fortigate VM , such as VM size requirement, license requirement, also only for Pay As You Go subscription. For my lab, not for test drive, I might need to deploy a Fortigate firewall into 1vCPU, 1GB Ram B1S size VM, and I will need to use my azure credit or student subscription to play with it. 

That won't be able to happen if you are using Marketplace's product.

This post is going to show you how to download a proper Fortigate VM file and how to load it into Azure to create your own customized VM with minimum VM size and cost.

Download Fortigate VM

After logged into FortiCloud, you can find out VM Images download link from Support menu.

From VM Images page, you can filter download link based on your corresponding product, platform and version :

Based on my testing, you can choose either Azure platform or Hyper-V platform to download. The difference will be, for Azure platform, it does not have trial license and you will be prompted to add your own license. 

For Hyper-V platform vm image, it already has a 15 days trial license in it. As long as you started vm, 15 days trial license will be activated.

Covert Dynamic Disk to Fixed Size Disk

Since the downloaded VM image only has dynamic disks inside it, we will need to convert it to fixed size disk. That can be done by Hyper-V manager.

You will get a 2GB VHD file which can be uploaded to Azure blob storage.

Upload 2GB VHD File to Blob Container

Create Image Based on 2GB VHD

Search Images service and create an image based on the VHD file uploaded to Blob.

Create VM using new image

Access Fortigate VM

Once VM deployed using the image, you will get a public ip to access your vm. 

If you are using Azure Fortigate VM, you will  have following wo ways to access it, either using browser to open url https://<public ip> or using SSH client to ssh to it.

The username and password is the one you put in during creating VM.

From browser, after you logged in, you will get a license invalid error and it will not allow you continue until you uploaded a valid license. 

I will suggest to use Hyper-VM VHD file to create image , then create VM. In that case, you will have default username and passowrd : admin/null

You will need to open HTTP port to access URL.

SSH will be same to access. 

But you will automatically load with a trial license for 15 days. 

Adding Second NIC on VM

Create a new subnet for your LAN network, which will be used for your new NIC card.

To add a new network card for Fortigate VM, you will need to stop the VM. 

Create a new routing table for LAN network

Add a new route:

This new route will route all traffic in associated subnet(s) to Fortigate's LAN NIC IP.

Associate the LAN subnet with this new route.

References

via Blogger http://blog.51sec.org/2022/01/deploy-fortigate-firewall-with-trial.html
January 08, 2022 at 11:29AM Fortigate