Step 2: Configure virtual hardware settings
After deploying the FortiDDoS-VM image and before powering on the virtual appliance, configure the virtual appliance hardware settings to suit the size of your deployment.
Virtual hardware settings summarizes the defaults that are set in the default image and provides rough guidelines to help you understand whether you need to upgrade the hardware before you power on the virtual appliance. For more precise guidance on sizing, contact your sales representative or Fortinet Technical Support.
| Component | Default | Guidelines |
|---|---|---|
| Hard disk | 32 GB |
32 GB is insufficient for most deployments. Upgrade the hard disk before you power on the appliance. After you power on the appliance, you must reformat the FortiDDoS OS log disk with the following command: execute formatlogdisk This will change the size to 200 GB. Note: Before you use this command you must first upload a license file. |
| CPU | 4 CPU | 4 CPU is appropriate for a VM04 license. Upgrade to 8 or 16 CPU for VM08 and VM16 licenses, respectively. |
| RAM | 4 GB | 4 GB is the minimum. See the section on vRAM for guidelines based on expected concurrent connections. |
| Network interfaces | 10 bridging vNICs are mapped to a port group on one virtual switch (vSwitch). | Change the mapping as required for your VM environment and network. |
Configuring the number of virtual CPUs (vCPUs)
By default, the virtual appliance is configured to use 4 vCPUs. Depending on the FortiDDoS-VM license that you purchased, you can allocate 8 or16 vCPUs.
To change the number of vCPUs:
- Use the ESXi client to connect to the server.
- In the left pane, right-click the name of the virtual appliance, such as FortiDDoS‑VM-Doc, then select Edit Settings.
- In the list of virtual hardware, click CPUs.
- In Number of virtual processors, specify the maximum number of vCPUs to allocate. Valid values range from 1 to 8.
- Click OK.
Configuring the virtual RAM (vRAM) limit
To change the amount of vRAM:
- Use the ESXi client to connect to the server.
- In the left pane, right-click the name of the virtual appliance, such as FortiDDoS‑VM-Doc, then select Edit Settings.
- In the list of virtual hardware on the left side of the dialog, click Memory.
- In Memory Size, type the maximum number in gigabytes (GB) of the vRAM to allocate.
- Click OK.
The virtual appliance properties dialog appears.
Mapping the virtual NICs (vNICs) to physical NICs
In FortiDDoS, we have 2 management ports, mgmt1 and mgmt2. In general practice mgmt1 will be used to manage the system using GUI/CLI.
mgmt2 is used for High-availability where 2 FortiDDoS mgmt2 ports share a same VLAN for HA communication.
Port 1 to Port 8 are data ports which form 4 port pairs.
Ports pairs are:
- Port 1 - Port 2
- Port 3 – Port 4
- Port 5 – Port 6
- Port 7 – Port 8
Odd numbers represent the LAN side and even numbers represent WAN side. Each Port pair that is in use should share the same VLAN which is unique to pair.
|
Physical Network Adapter |
Network Mapping (vSwitch Port Group) |
Virtual Network Adapter for FortiDDoS‑VM |
FortiDDoS-VMNetwork Interface Name in Web UI/CLI |
|
eth0 |
VM Network 0 |
Management |
mgmt1 |
|
eth1 |
VM Network 1 |
HA |
mgmt2 |
|
|
VM Network 2 |
Data |
port1 |
|
|
VM Network 3 |
port2 |
|
|
|
VM Network 4 |
port3 |
|
|
|
VM Network 5 |
port4 |
|
|
|
VM Network 6 |
port5 |
|
|
|
VM Network 7 |
port6 |
|
|
|
VM Network 8 |
port7 |
|
|
|
VM Network 9 |
port8 |
To add a VM adapter:
- Right click on ESXi and select Edit Settings.
- Because VM Network adapter1 is mapped to VM mgmt1, set this adapter VLAN to VM Network. VM Network adapter 3 is mapped to VM port1 and VM Network adapter 4 is mapped to port2, so set Network adapter 3 to 1051 and Network adapter 4 to 1052.
Note: ports come in pairs for input and output, so make sure you do not set an adapter to an existing pair.
- Click OK.
HA Configuration
Create a new VLAN for HA and mgmt2 ports of HA primary and secondary should be part of this VLAN. For more information, see the FortiDDoS Handbook.