Fortinet black logo

KVM Deployment Guide

Home FortiProxy Private Cloud 7.0.0 KVM Deployment Guide
7.0.0
7.4.0
7.2.0
7.0.0

Initial settings

Initial settings

The first time that you start the FortiProxy-VM, you will only have access through the console window of your KVM environment. After you configure one FortiProxy network interface with an IP address and administrative access, you can access the FortiProxy-VM GUI.

Every FortiProxy-VM includes a 15-day trial license. During this time the VM operates in evaluation mode. Before using the VM, you must upload the license file that you downloaded from Customer Service & Support upon registration.

More information about configuring and operating FortiProxy-VM after a successful deployment is available in the Fortinet Document Library.

To configure GUI access on the port1 interface:

  1. In your hypervisor manager, start the FortiProxy‑VM and access the console window. You might need to press Enter to see the login prompt.

  2. At the login prompt, enter the username admin then press Enter.

  3. Enter an administrator password, and then confirm the password.

  4. Configure the port1 IP address and netmask:

    config system interface
    edit port1
        set mode static
        set ip <IP address> <netmask>
        append allowaccess https
    next
end

  5. Configure the default gateway:

    config router static
    edit 1
        set device port1
        set gateway <ip_address>
    next
end

  6. Optionally, configure the DNS servers:

    config system dns
    set primary <Primary DNS server>
    set secondary <Secondary DNS server>
end

    The default DNS servers are 208.91.112.53 and 208.91.112.52.

To connect to the FortiProxy‑VM GUI:

  1. Launch a web browser, and enter the IP address you configured for the port1 management interface. For example: https://192.168.0.1.

  2. At the login page, enter the username admin and the password that you configured.

To upload the license file:

  1. Go to System > FortiGuard and click FortiProxy‑VM License.

  2. Click Upload and find the license file (.lic) on your computer.

  3. Click OK to upload the license.

  4. Log in to the FortiProxy‑VM.

  5. Confirm that the license has been successfully uploaded and validated by FortiGuard Distribution Network (FDN):

    1. Go to Dashboard > Status. The VM registration status appears as valid in the Virtual Machine and Licenses widgets

    2. Go to System > FortiGuard and click FortiProxy‑VM License. A message reports that the license was successfully authenticated.

    3. If logging is enabled, the log message "License status changed to VALID" is recorded in the event log.

    4. If the update failed:

      1. Check the following settings on the FortiProxy‑VM:

        • Time and time zone

        • DNS settings

        • Network interface statuses and IP addresses

        • Static routes

      2. On the management computer, verify that FortiGuard domain names are resolving:

        C:\>nslookup update.fortiguard.net
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    fds1.fortinet.com
Addresses:  2620:101:9005:1100::205
          192.168.100.205
          192.168.100.220
Aliases:  update.fortiguard.net

      3. On the FortiProxy, verify that communication with the internet and FortiGuard is possible:

        # execute ping update.fortiguard.net
PING fds1.fortinet.com (173.243.138.67): 56 data bytes
64 bytes from 173.243.138.67: icmp_seq=0 ttl=58 time=8.1 ms
64 bytes from 173.243.138.67: icmp_seq=1 ttl=58 time=3.2 ms
64 bytes from 173.243.138.67: icmp_seq=2 ttl=58 time=3.0 ms
64 bytes from 173.243.138.67: icmp_seq=3 ttl=58 time=3.8 ms
64 bytes from 173.243.138.67: icmp_seq=4 ttl=58 time=2.6 ms

--- fds1.fortinet.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 2.6/4.1/8.1 ms
        # execute traceroute update.fortiguard.net
traceroute to update.fortiguard.net (173.243.138.67), 32 hops max, 3 probe packets per hop, 84 byte packets
 1  192.168.0.7  10.584 ms  2.927 ms  5.073 ms
 2  10.29.206.1  5.982 ms  8.006 ms  4.199 ms
 3  154.11.11.113  3.584 ms  7.947 ms  8.679 ms
 4  154.11.2.86  2.428 ms  2.337 ms  2.645 ms
 5  * 66.163.69.46 <rd3bb-tge0-11-0-0.vc.shawcable.net>  1.586 ms  1.915 ms
 6  * 64.141.25.113 <h64-141-25-113.bigpipeinc.com>  3.491 ms  2.571 ms
 7  64.141.25.114 <h64-141-25-114.bigpipeinc.com>  1.563 ms  2.385 ms  1.966 ms
 8  96.45.47.39  2.475 ms  2.106 ms  2.105 ms
 9  173.243.138.252  2.452 ms  2.305 ms  1.877 ms
10  173.243.138.67 <update.fortiguard.net>  2.220 ms  1.620 ms  1.990 ms

      4. Wait for the next automatic license query (about 30 minutes), or reboot the FortiProxy‑VM: execute reboot.

      If FortiProxy is unable to validate the license after four hours a warning message it displayed in the local console.

Previous
Next

Initial settings

The first time that you start the FortiProxy-VM, you will only have access through the console window of your KVM environment. After you configure one FortiProxy network interface with an IP address and administrative access, you can access the FortiProxy-VM GUI.

Every FortiProxy-VM includes a 15-day trial license. During this time the VM operates in evaluation mode. Before using the VM, you must upload the license file that you downloaded from Customer Service & Support upon registration.

More information about configuring and operating FortiProxy-VM after a successful deployment is available in the Fortinet Document Library.

To configure GUI access on the port1 interface:

  1. In your hypervisor manager, start the FortiProxy‑VM and access the console window. You might need to press Enter to see the login prompt.

  2. At the login prompt, enter the username admin then press Enter.

  3. Enter an administrator password, and then confirm the password.

  4. Configure the port1 IP address and netmask:

    config system interface
    edit port1
        set mode static
        set ip <IP address> <netmask>
        append allowaccess https
    next
end

  5. Configure the default gateway:

    config router static
    edit 1
        set device port1
        set gateway <ip_address>
    next
end

  6. Optionally, configure the DNS servers:

    config system dns
    set primary <Primary DNS server>
    set secondary <Secondary DNS server>
end

    The default DNS servers are 208.91.112.53 and 208.91.112.52.

To connect to the FortiProxy‑VM GUI:

  1. Launch a web browser, and enter the IP address you configured for the port1 management interface. For example: https://192.168.0.1.

  2. At the login page, enter the username admin and the password that you configured.

To upload the license file:

  1. Go to System > FortiGuard and click FortiProxy‑VM License.

  2. Click Upload and find the license file (.lic) on your computer.

  3. Click OK to upload the license.

  4. Log in to the FortiProxy‑VM.

  5. Confirm that the license has been successfully uploaded and validated by FortiGuard Distribution Network (FDN):

    1. Go to Dashboard > Status. The VM registration status appears as valid in the Virtual Machine and Licenses widgets

    2. Go to System > FortiGuard and click FortiProxy‑VM License. A message reports that the license was successfully authenticated.

    3. If logging is enabled, the log message "License status changed to VALID" is recorded in the event log.

    4. If the update failed:

      1. Check the following settings on the FortiProxy‑VM:

        • Time and time zone

        • DNS settings

        • Network interface statuses and IP addresses

        • Static routes

      2. On the management computer, verify that FortiGuard domain names are resolving:

        C:\>nslookup update.fortiguard.net
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    fds1.fortinet.com
Addresses:  2620:101:9005:1100::205
          192.168.100.205
          192.168.100.220
Aliases:  update.fortiguard.net

      3. On the FortiProxy, verify that communication with the internet and FortiGuard is possible:

        # execute ping update.fortiguard.net
PING fds1.fortinet.com (173.243.138.67): 56 data bytes
64 bytes from 173.243.138.67: icmp_seq=0 ttl=58 time=8.1 ms
64 bytes from 173.243.138.67: icmp_seq=1 ttl=58 time=3.2 ms
64 bytes from 173.243.138.67: icmp_seq=2 ttl=58 time=3.0 ms
64 bytes from 173.243.138.67: icmp_seq=3 ttl=58 time=3.8 ms
64 bytes from 173.243.138.67: icmp_seq=4 ttl=58 time=2.6 ms

--- fds1.fortinet.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 2.6/4.1/8.1 ms
        # execute traceroute update.fortiguard.net
traceroute to update.fortiguard.net (173.243.138.67), 32 hops max, 3 probe packets per hop, 84 byte packets
 1  192.168.0.7  10.584 ms  2.927 ms  5.073 ms
 2  10.29.206.1  5.982 ms  8.006 ms  4.199 ms
 3  154.11.11.113  3.584 ms  7.947 ms  8.679 ms
 4  154.11.2.86  2.428 ms  2.337 ms  2.645 ms
 5  * 66.163.69.46 <rd3bb-tge0-11-0-0.vc.shawcable.net>  1.586 ms  1.915 ms
 6  * 64.141.25.113 <h64-141-25-113.bigpipeinc.com>  3.491 ms  2.571 ms
 7  64.141.25.114 <h64-141-25-114.bigpipeinc.com>  1.563 ms  2.385 ms  1.966 ms
 8  96.45.47.39  2.475 ms  2.106 ms  2.105 ms
 9  173.243.138.252  2.452 ms  2.305 ms  1.877 ms
10  173.243.138.67 <update.fortiguard.net>  2.220 ms  1.620 ms  1.990 ms

      4. Wait for the next automatic license query (about 30 minutes), or reboot the FortiProxy‑VM: execute reboot.

      If FortiProxy is unable to validate the license after four hours a warning message it displayed in the local console.

Previous
Next