Fortinet black logo

VM Installation Guide

Home FortiADC 5.3.0 VM Installation Guide
5.3.0
5.3.0
5.2.2
5.1.1

Step 2: Configure virtual hardware settings

Step 2: Configure virtual hardware settings

After deploying the FortiADC-VM image and before powering on the virtual appliance, log into VMware vSphere and configure the virtual appliance hardware settings to suit the size of your deployment.

Virtual hardware settings summarizes the defaults that are set in the default image and provides rough guidelines to help you understand whether you need to upgrade the hardware before you power on the virtual appliance. For more precise guidance on sizing, contact your sales representative or Fortinet Technical Support.

Virtual hardware settings

Component Default Guidelines
Hard disk 32 GB

32 GB is insufficient for most deployments.

Upgrade the hard disk before you power on the appliance.

After you power on the appliance, you must reformat the FortiADC OS log disk with the following command:

execute formatlogdisk
Before you use this command you must upload a license file.
CPU 1 CPU 1 CPU is appropriate for a VM01 license. Upgrade to 2, 4, 8, 16, 32 CPU for VM02, VM04, and VM08, VM16, VM32 licenses, respectively.
RAM 4 GB 4 GB is the minimum. See the section on vRAM for guidelines based on expected concurrent connections.
Network interfaces 10 bridging vNICs are mapped to a port group on one virtual switch (vSwitch). Change the mapping as required for your VM environment and network.

Resizing the virtual disk (vDisk)

If you configure the virtual appliance storage repository to be internal (i.e. local, on its own vDisk), resize the vDisk before powering on the VM appliance.

Note

This step is not applicable if you set up the virtual appliance to use external network file system datastores (such as NFS).

The FortiADC-VM package that you downloaded includes pre-sized VMDK (Virtual Machine Disk Format) files. However, they are only 32 GB, which is not large enough for most deployments. You must resize the vDisk before powering on the virtual machine.

Before doing so, make sure that you understand the effects of the vDisk settings. These options affect the possible size of each vDisk.

1 MB block size — 256 GB maximum file size

2 MB block size — 512 GB maximum file size

4 MB block size — 1024 GB maximum file size

8 MB block size — 2048 GB maximum file size

For example, if you have an 800 GB datastore which has been formatted with 1 MB block size, you cannot size a single vDisk greater than 256 GB.

Consider also that, depending on the size of your network, you might require more or less storage for logs, reports, and other data.

For more information on vDisk sizing, see:

https://communities.vmware.com/docs/DOC-11920

To resize the vDisk:
  1. Use the VMware vSphere client to connect to VMware VSphere server.
  2. Turn off the power of your VMware.

  3. Right click and click Edit Settings. Under Hard disk, resize the logdisk.

Note: If you have resized logdisk (not bootdisk), after booting FortiADC and uploading a license file, you should execute the following command: execute formatlogdisk. Executing this command will clear all statistics and logs etc.

Important: If you upgrade the vDisk size, the vDisk size and FortiADC-VM log partition size likely do not match, and you will see the disk errors shown in the following figure when you attempt to log into the console.

To fix this:

  1. Press Enter repeatedly until you see the login prompt.
  2. At the login prompt, type admin and no password to log in.
  3. Enter the following command to fix the disk issue:


    4. execute formatlogdisk

Configuring the number of virtual CPUs (vCPUs)

By default, the virtual appliance is configured to use 1 vCPU. Depending on the FortiADC-VM license that you purchased, you can allocate 1, 2, 4, 8, 16, or 32 vCPUs.

For more information on vCPUs, see the VMware vSphere documentation:

https://www.vmware.com/support/vsphere-hypervisor.html

To change the number of vCPUs:
  1. Use the VMware vSphere client to connect to VMware vSphere server.

    2. The following figure shows the vSphere client manager window.

  2. In the left pane, right-click the name of the virtual appliance, such as FortiADC‑VM-Doc, then select Edit Settings.

    3. The virtual appliance properties dialog appears.

  3. In the list of virtual hardware on the left side of the dialog, click CPUs.

  4. In Number of virtual processors, specify the maximum number of vCPUs to allocate. Valid values range from 1 to 8.
  5. Click OK.

Configuring the virtual RAM (vRAM) limit

The FortiADC-VM image is pre-configured to use 4 GB of vRAM. We recommend at least 4GB memory for all VM deployments. You can change this value. Appropriate values are suggested as follows, according to the number (n) of Layer-7 transactions that will be handled simultaneously by FortiADC-VM:

1 < n < 140,000 — 4 GB vRAM

140,001 < n < 300,000 —8 GB vRAM

300,001 < n < 600,000 —16 GB vRAM

Also, sizing should be adjusted if the FortiADC-VM will be handling Layer-4 connections, or a mixture of Layer-4 and Layer-7 connections.

It is possible to configure FortiADC-VM to use less vRAM, such as 2 GB. However, for performance reasons, it is not recommended.
To change the amount of vRAM:
  1. Use the VMware vSphere client to connect to VMware vSphere server.

    2. The following figure shows the vSphere client manager window.

  2. In the left pane, right-click the name of the virtual appliance, such as FortiADC‑VM-Doc, then select Edit Settings.

    3. The virtual appliance properties dialog appears.

  3. In the list of virtual hardware on the left side of the dialog, click Memory.

  4. In Memory Size, type the maximum number in gigabytes (GB) of the vRAM to allocate.
  5. Click OK.

Mapping the virtual NICs (vNICs) to physical NICs

When you deploy the FortiADC-VM package, 10 bridging vNICs are created and automatically mapped to a port group on one virtual switch (vSwitch) within the hypervisor. Each of those vNICs can be used by one of the 10 network interfaces in FortiADC-VM. (Alternatively, if you prefer, some or all of the network interfaces can be configured to use the same vNIC.) vSwitches are themselves mapped to physical ports on the server.

You can change the mapping, or map other vNICs, if your VM environment requires it.

The appropriate mappings of the FortiADC-VM network adapter ports to the host computer physical ports depends on your existing virtual environment.

Often, the default bridging vNICs work, and do not need to be changed.

If you are unsure of your network mappings, try bridging first before trying non-default vNIC modes such as NAT or host-only networks. The default bridging vNIC mappings are appropriate where each of the host’s guest virtual machines have their own IP addresses on your network.

The most common exceptions to this rule are for VLANs.

Example: Network mapping illustrates how vNICs could be mapped to the physical network ports on a server.

Example: Network mapping

Example: Network mapping

VMware vSphere

FortiADC-VM

Physical Network Adapter

Network Mapping (vSwitch Port Group)

Virtual Network Adapter for FortiADC‑VM

Network Interface Name in Web UI/CLI

eth0

VM Network 0

Management

port1

eth1

VM Network 1

External

port2

VM Network 2

Internal

port3

port4

port5

port6

port7

port8

port9

port10
To map network adapters:
  1. Use the VMware vSphere client to connect to VMware vSphere server.

    2. The following figure shows the vSphere client manager window.

  2. In the left pane, right-click the name of the virtual appliance, such as FortiADC‑VM-Doc, then select Edit Settings.

    3. The virtual appliance properties dialog appears.

  3. In the list of virtual hardware on the left side of the dialog, click the name of a virtual network adapter to see its current settings.

  4. From the Network Connection drop-down menu, select the virtual network mapping for the virtual network adapter.

    5. The correct mapping varies by the virtual environment network configuration. In the example illustration above, the vNIC Network adapter 1 is mapped to the virtual network (vNetwork) named VLAN 593.

  5. Click OK.

HA Configuration

When configuring HA on FortiADC appliances using VMware VMs, ensure that the vSwitch can accept MAC Address Changes and Forced Transmits on the HA Heartbeat VLAN. For more information, see the FortiADC D-Series Handbook.

The illustration below shows what the vSwitch Properties page looks like with these settings enabled

Previous
Next

Step 2: Configure virtual hardware settings

After deploying the FortiADC-VM image and before powering on the virtual appliance, log into VMware vSphere and configure the virtual appliance hardware settings to suit the size of your deployment.

Virtual hardware settings summarizes the defaults that are set in the default image and provides rough guidelines to help you understand whether you need to upgrade the hardware before you power on the virtual appliance. For more precise guidance on sizing, contact your sales representative or Fortinet Technical Support.

Virtual hardware settings

Component Default Guidelines
Hard disk 32 GB

32 GB is insufficient for most deployments.

Upgrade the hard disk before you power on the appliance.

After you power on the appliance, you must reformat the FortiADC OS log disk with the following command:

execute formatlogdisk
Before you use this command you must upload a license file.
CPU 1 CPU 1 CPU is appropriate for a VM01 license. Upgrade to 2, 4, 8, 16, 32 CPU for VM02, VM04, and VM08, VM16, VM32 licenses, respectively.
RAM 4 GB 4 GB is the minimum. See the section on vRAM for guidelines based on expected concurrent connections.
Network interfaces 10 bridging vNICs are mapped to a port group on one virtual switch (vSwitch). Change the mapping as required for your VM environment and network.

Resizing the virtual disk (vDisk)

If you configure the virtual appliance storage repository to be internal (i.e. local, on its own vDisk), resize the vDisk before powering on the VM appliance.

Note

This step is not applicable if you set up the virtual appliance to use external network file system datastores (such as NFS).

The FortiADC-VM package that you downloaded includes pre-sized VMDK (Virtual Machine Disk Format) files. However, they are only 32 GB, which is not large enough for most deployments. You must resize the vDisk before powering on the virtual machine.

Before doing so, make sure that you understand the effects of the vDisk settings. These options affect the possible size of each vDisk.

1 MB block size — 256 GB maximum file size

2 MB block size — 512 GB maximum file size

4 MB block size — 1024 GB maximum file size

8 MB block size — 2048 GB maximum file size

For example, if you have an 800 GB datastore which has been formatted with 1 MB block size, you cannot size a single vDisk greater than 256 GB.

Consider also that, depending on the size of your network, you might require more or less storage for logs, reports, and other data.

For more information on vDisk sizing, see:

https://communities.vmware.com/docs/DOC-11920

To resize the vDisk:
  1. Use the VMware vSphere client to connect to VMware VSphere server.
  2. Turn off the power of your VMware.

  3. Right click and click Edit Settings. Under Hard disk, resize the logdisk.

Note: If you have resized logdisk (not bootdisk), after booting FortiADC and uploading a license file, you should execute the following command: execute formatlogdisk. Executing this command will clear all statistics and logs etc.

Important: If you upgrade the vDisk size, the vDisk size and FortiADC-VM log partition size likely do not match, and you will see the disk errors shown in the following figure when you attempt to log into the console.

To fix this:

  1. Press Enter repeatedly until you see the login prompt.
  2. At the login prompt, type admin and no password to log in.
  3. Enter the following command to fix the disk issue:


    4. execute formatlogdisk

Configuring the number of virtual CPUs (vCPUs)

By default, the virtual appliance is configured to use 1 vCPU. Depending on the FortiADC-VM license that you purchased, you can allocate 1, 2, 4, 8, 16, or 32 vCPUs.

For more information on vCPUs, see the VMware vSphere documentation:

https://www.vmware.com/support/vsphere-hypervisor.html

To change the number of vCPUs:
  1. Use the VMware vSphere client to connect to VMware vSphere server.

    2. The following figure shows the vSphere client manager window.

  2. In the left pane, right-click the name of the virtual appliance, such as FortiADC‑VM-Doc, then select Edit Settings.

    3. The virtual appliance properties dialog appears.

  3. In the list of virtual hardware on the left side of the dialog, click CPUs.

  4. In Number of virtual processors, specify the maximum number of vCPUs to allocate. Valid values range from 1 to 8.
  5. Click OK.

Configuring the virtual RAM (vRAM) limit

The FortiADC-VM image is pre-configured to use 4 GB of vRAM. We recommend at least 4GB memory for all VM deployments. You can change this value. Appropriate values are suggested as follows, according to the number (n) of Layer-7 transactions that will be handled simultaneously by FortiADC-VM:

1 < n < 140,000 — 4 GB vRAM

140,001 < n < 300,000 —8 GB vRAM

300,001 < n < 600,000 —16 GB vRAM

Also, sizing should be adjusted if the FortiADC-VM will be handling Layer-4 connections, or a mixture of Layer-4 and Layer-7 connections.

It is possible to configure FortiADC-VM to use less vRAM, such as 2 GB. However, for performance reasons, it is not recommended.
To change the amount of vRAM:
  1. Use the VMware vSphere client to connect to VMware vSphere server.

    2. The following figure shows the vSphere client manager window.

  2. In the left pane, right-click the name of the virtual appliance, such as FortiADC‑VM-Doc, then select Edit Settings.

    3. The virtual appliance properties dialog appears.

  3. In the list of virtual hardware on the left side of the dialog, click Memory.

  4. In Memory Size, type the maximum number in gigabytes (GB) of the vRAM to allocate.
  5. Click OK.

Mapping the virtual NICs (vNICs) to physical NICs

When you deploy the FortiADC-VM package, 10 bridging vNICs are created and automatically mapped to a port group on one virtual switch (vSwitch) within the hypervisor. Each of those vNICs can be used by one of the 10 network interfaces in FortiADC-VM. (Alternatively, if you prefer, some or all of the network interfaces can be configured to use the same vNIC.) vSwitches are themselves mapped to physical ports on the server.

You can change the mapping, or map other vNICs, if your VM environment requires it.

The appropriate mappings of the FortiADC-VM network adapter ports to the host computer physical ports depends on your existing virtual environment.

Often, the default bridging vNICs work, and do not need to be changed.

If you are unsure of your network mappings, try bridging first before trying non-default vNIC modes such as NAT or host-only networks. The default bridging vNIC mappings are appropriate where each of the host’s guest virtual machines have their own IP addresses on your network.

The most common exceptions to this rule are for VLANs.

Example: Network mapping illustrates how vNICs could be mapped to the physical network ports on a server.

Example: Network mapping

Example: Network mapping

VMware vSphere

FortiADC-VM

Physical Network Adapter

Network Mapping (vSwitch Port Group)

Virtual Network Adapter for FortiADC‑VM

Network Interface Name in Web UI/CLI

eth0

VM Network 0

Management

port1

eth1

VM Network 1

External

port2

VM Network 2

Internal

port3

port4

port5

port6

port7

port8

port9

port10
To map network adapters:
  1. Use the VMware vSphere client to connect to VMware vSphere server.

    2. The following figure shows the vSphere client manager window.

  2. In the left pane, right-click the name of the virtual appliance, such as FortiADC‑VM-Doc, then select Edit Settings.

    3. The virtual appliance properties dialog appears.

  3. In the list of virtual hardware on the left side of the dialog, click the name of a virtual network adapter to see its current settings.

  4. From the Network Connection drop-down menu, select the virtual network mapping for the virtual network adapter.

    5. The correct mapping varies by the virtual environment network configuration. In the example illustration above, the vNIC Network adapter 1 is mapped to the virtual network (vNetwork) named VLAN 593.

  5. Click OK.

HA Configuration

When configuring HA on FortiADC appliances using VMware VMs, ensure that the vSwitch can accept MAC Address Changes and Forced Transmits on the HA Heartbeat VLAN. For more information, see the FortiADC D-Series Handbook.

The illustration below shows what the vSwitch Properties page looks like with these settings enabled

Previous
Next