Fortinet black logo

VMware NSX-T Administration Guide

Home FortiGate Private Cloud 6.4.0 VMware NSX-T Administration Guide

Deploying the FortiGate-VM on NSX-T

6.4.0
7.0.0
6.4.0
Copy Link
Copy Doc ID cf31fe37-64b1-11eb-b9ad-00505692583a:387402
Download PDF

Deploying the FortiGate-VM on NSX-T

After you deploy FortiManager and configure it to register services on NSX-T, you can deploy FortiGate-VM on the NSX-T management console.

To deploy the FortiGate-VM on NSX-T:
  1. Log in to NSX-T Manager.
  2. Go to System > Service Deployments > Configuration) > Deployment.
  3. Select the service definition that you just registered through FortiManager in the Partner Service dropdown list.
  4. Click DEPLOY SERVICE.
  5. Do one of the following:
    1. For North-South deployments, populate the attachment points, compute manager, cluster, and datastore as required. Click SAVE.
    2. For East-West deployments, populate the attachment points, compute manager, cluster, and datastore as required. From the Deployment type dropdown list, select Host based or Clustered. Uplink connection is defined in the Service Segments section. See Add a Service Segment. Click SAVE.

  6. Configure the networks:

    1. For North-South deployments, set static network configuration for only the management IP address port1 (eth0). eth1 is mapped to port2. eth3 is mapped to port3. This operates as virtual wire pair to handle traffic. eth3 is mapped to port4 if you want to configure two FortiGate-VM nodes to form an active-passive high availability (HA) cluster. This will be the HA heartbeat. NSX-T only allows North-South deployments to have A-P HA. If you set the Deployment Mode field to standalone, interface eth3 is unused. Assigning static IP addresses to all interfaces is recommended in case you want to configure HA in the future.
    2. For East-West deployments, you only need to configure network configuration for the management IP address port1 (eth0). You can set the management IP address via DHCP or NSX-T IP address pools. Using NSX-T IP address pools is recommended for easier administration. See Create an IP Pool in Manager Mode. eth1 mapped to port2 is split into two virtual interfaces and operated as a virtual wire pair to handle traffic. This is not user-configurable.
    3. Click SAVE in the Networks dialog.
  7. Click SAVE in the DEPLOY SERVICE dialog to initiate deployment. A few minutes later, the service and service instance appear in the DEPLOYMENT and SERVICE INSTANCES tab, respectively.
Previous
Next

Deploying the FortiGate-VM on NSX-T

After you deploy FortiManager and configure it to register services on NSX-T, you can deploy FortiGate-VM on the NSX-T management console.

To deploy the FortiGate-VM on NSX-T:
  1. Log in to NSX-T Manager.
  2. Go to System > Service Deployments > Configuration) > Deployment.
  3. Select the service definition that you just registered through FortiManager in the Partner Service dropdown list.
  4. Click DEPLOY SERVICE.
  5. Do one of the following:
    1. For North-South deployments, populate the attachment points, compute manager, cluster, and datastore as required. Click SAVE.
    2. For East-West deployments, populate the attachment points, compute manager, cluster, and datastore as required. From the Deployment type dropdown list, select Host based or Clustered. Uplink connection is defined in the Service Segments section. See Add a Service Segment. Click SAVE.

  6. Configure the networks:

    1. For North-South deployments, set static network configuration for only the management IP address port1 (eth0). eth1 is mapped to port2. eth3 is mapped to port3. This operates as virtual wire pair to handle traffic. eth3 is mapped to port4 if you want to configure two FortiGate-VM nodes to form an active-passive high availability (HA) cluster. This will be the HA heartbeat. NSX-T only allows North-South deployments to have A-P HA. If you set the Deployment Mode field to standalone, interface eth3 is unused. Assigning static IP addresses to all interfaces is recommended in case you want to configure HA in the future.
    2. For East-West deployments, you only need to configure network configuration for the management IP address port1 (eth0). You can set the management IP address via DHCP or NSX-T IP address pools. Using NSX-T IP address pools is recommended for easier administration. See Create an IP Pool in Manager Mode. eth1 mapped to port2 is split into two virtual interfaces and operated as a virtual wire pair to handle traffic. This is not user-configurable.
    3. Click SAVE in the Networks dialog.
  7. Click SAVE in the DEPLOY SERVICE dialog to initiate deployment. A few minutes later, the service and service instance appear in the DEPLOYMENT and SERVICE INSTANCES tab, respectively.
Previous
Next