Installing FortiAuthenticator VM in vSphere

In this recipe, you will install and register FortiAuthenticator VM in a VMware ESXi environment and configure basic network settings in the vSphere console tab.

This recipe assumes that you have already configured the VMware ESXi environment, installed the vSphere client, and acquired a FortiAuthenticator VM registration code, redeemable for a license file.

1. Downloading the FortiAuthenticator VM

Log in to the Fortinet Customer Service & Support portal and go to Download > Firmware Images.
Select FortiAuthenticator from the drop-down provided, and select the Download tab. A directory of Image Folders/Files will open.
Browse to the desired version that you would like to download (in the example, 4.0.0), and download the .ovf.zip file.
Browse to the file on your management computer and extract the files to a new folder (the example shows the contents of the deployment package).

2. Deploying package to VMware

Launch the VMware vSphere client and log in with valid credentials.

Go to File > Deploy OVF Template to launch the OVF Template wizard.

Browse to the deployment package’s OVF files. Note that two of the OVF files end with the extensions .hw04.ovf and hw07.ovf (.hw04.ovf is for VMware ESXi v3.5 servers).

Select the most appropriate OVF format of the two, based on your hardware and server settings.

Continue through the wizard: confirm the OVF template details, accept the End User License Agreement, and enter a name for the OVF template.

You have the choice of selecting one of three available disk formats. The best choice depends on your virtualization environment:

 

Thick Provision Lazy Zeroed: Allocates the disk space statically; no other volumes can take the space.

Thick Provision Eager Zeroed: Allocates the disk space statically, and writes zeros to all the blocks.

Thin Provision: Allocates the disk space only when a write occurs to a block, but the total volume size is reported by VMware’s Virtual Machine File System (VMFS) to the OS. Other volumes can take the remaining space. This allows you to float space between your servers.

The most optimal method is to deploy Thick Provisioned Format because the disk space is allocated at the time of the installation. Thin Provisioning has the benefit of using less disk space initially, however performance is decreased, and issues can occur if the disk becomes filled with other VM instances.

Network 1 maps to port1 of the FortiAuthenticator VM. Make sure to set the destination network for this entry so you will have access to the device console, then select Next.

Review the deployment settings.

Select Power on after deployment (or leave it deselected if you wish to configure the VM hardware settings prior to powering it on) and select Finish.

The deployment is successfully complete.

3. Configuring basic network settings

In the VMware vSphere client, open the Inventory and expand the host icon to display your virtual machines. Select the FortiAuthenticator-VM.

In the Getting Started tab, make sure that the VM is powered on—if you see an option to Power Off the virtual machine under Basic Tasks, then the VM is powered on.

Open the Console tab and log into the FortiAuthenticator VM. Login with the default administrator account: admin and no password.

Set the port1 IP address (set port1-ip) and the default gateway (set default-gw).

Open a browser, go to https://172.20.121.138/login/, and log into the FortiAuthenticator VM as administrator.

The FortiAuthenticator VM operates in evaluation mode until it is licensed. Evaluation mode only permits five users to be configured to the system.

The FortiAuthenticator VM must be registered with Fortinet Customer Service & Support, which will in turn provide you with the license file. This file will then be uploaded to the FortiAuthenticator VM.

Meanwhile, the FortiAuthenticator VM shows a default Serial Number of FAC-VM0000000000.

4. Registering FortiAuthenticator VM with Customer Service

Open a browser, go to the Fortinet Customer Service & Support portal, and log in with valid credentials.

Go to Asset > Register/Renew. This will take you to the Registration Wizard.

When the Wizard is complete, select License File Download.

.lic file will be saved to your management computer.

5. Uploading the FortiAuthenticator VM license file

In the FortiAuthenticator VM, go to System > Administration > Licensing and select Choose File.

You are warned that the system will require a reboot in order to install the license. Select OK to continue.

6. Backing up the VM with Snapshot

At this point, it is strongly recommended that you use the VMware Snapshot utility to backup the VM instance. In the event of an issue with a future firmware upgrade, or a configuration issue, you can use the Snapshot Manager to revert back to a previous Snapshot.

To create a Snapshot, right-click the VM instance in the vSphere Client and select Snapshot > Take Snapshot.

7. Results

In the FortiAuthenticator GUI, confirm that the Serial Number in the System Information widget has changed.

The FortiAuthenticator VM is now ready for further configuration.

Click here for a full list of FortiAuthenticator recipes that can be applied to FortiAuthenticator appliances and VMs.

Adam Bristow

Adam Bristow

Technical Writer at Fortinet
Adam Bristow is a Technical Writer working for the FortiOS technical documentation team. He has a Honours Bachelor of Arts in English and Minor in Film Studies and a graduate certificate in Technical Writing from Algonquin College. Stay tuned for more FortiOS Cookbook videos!
Adam Bristow

Latest posts by Adam Bristow (see all)

Share this recipe:

Facebooktwittergoogle_pluslinkedin

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.