Greetings! Welcome to the third Fortinet Getting Started lesson. We've already met Fortinet, their basic Fortinet Security Fabric security concept, and the FortiGate firewall functionality. It's time to practice. Under the cut, a brief theory from the video is presented, as well as the video lesson itself.
Before we begin to deal with virtual solutions, I want to say a few words about hardware. Their initial initialization is quite simple. In fact, there are several initial initialization methods, all covered in the FortiGate Quick Start Guide and FortiAnalyzer Quick Start Guide. Now let's move on to the layout.
The layout topology is shown in the figure below. It consists of a FortiGate firewall that sits on an imaginary network perimeter. This gateway has three interfaces – external, internal and DMZ. There is also a user's computer, User PC, on it we will test the functionality of the firewall. FortiAnalyzer, a device for storing and analyzing logs, is also presented on the layout. We will meet him a little later, but in order not to break the installation of the layout into many stages, we will deploy it along with everything else. In the DMZ zone is WindowServer, which will play the role of a domain controller and a web server.
Where will we deploy the layout? There are three options – ESXi, VMWare Workstation and Virtual Box. I will use VMWare Workstation, since it is more convenient, especially since no one has an ESXi server at hand.
We will also need two images – the images of the FortiGate and FortiAnalyzer virtual machines. They can be taken to the support portal, if there is an appropriate account. You can also contact us.
FortiGate virtual machines are licensed by the number of CPU cores and the amount of RAM. Of course, there is an option to leave the trial license – it comes with the image of a virtual machine and is designed for 1 CPU core and 1 GB of RAM. But it lacks cryptographic encryption, and there is no way to connect to FortiGuard servers for updates. It also lasts only 15 days, then the virtual FortiGate becomes inaccessible. Therefore, for our layout, I will not use the trial license. For the course, I ordered a license for 8 GB of RAM and 8 CPU cores, but due to hardware limitations I will use only 2 GB of RAM and 2 CPU cores.
Virtual FortiAnalyzer is licensed in a slightly different way – the trial license is limited only by the permissible memory size and duration (also 15 days). But for the courses, I ordered a basic license, which is limited to 500 gigabytes of shared storage, and the ability to collect 1 gigabyte of logs per day. On the amount of total storage and the ability to collect more logs per day, if necessary, you can buy extensions. The amount of RAM and the number of CPU cores with this license are not limited in any way. FortiAnalyzer system requirements can be viewed on this resource.
We will also deploy all this in a virtual machine. Its characteristics are 8 CPU cores, 20 gigabytes of RAM and 200 gigabytes of hard drive.
The rest is up to practice. The above theory and practical part are discussed in more detail in the video tutorial:
In the next lesson, we will introduce security policies that can be used to control user access to various network segments. In order not to miss it, stay tuned for updates on the following channels: