Fortinet Document Library

Version:


Table of Contents

VMware ESXi Cookbook

Resources

Upgrade Path Tool
6.2.0
Download PDF
Copy Link

vMotion in a VMware environment

This guide provides sample configuration of a vMotion FortiGate-VM in a VMware environment. VMware vMotion enables the live migration of a running FortiGate-VM from one physical server to another with zero downtime, continuous service availability, and complete transaction integrity. It also provides transparency to users.

The following depicts the network topology for this sample deployment. In this sample deployment, there are two hosts, Host 60 (10.6.30.60) and Host 80 (10.6.30.80), which are members of Cluster 1 in the DataCenter 1. The vCenter server (10.6.30.99) manages DataCenter 1.

The following prerequisites must be met for this configuration:

  • The vCenter server has been set up and the data center and cluster have been created.
  • Host 60 and Host 80 are part of the cluster.
  • A Gigabit Ethernet network interface card with a VMkernel port enabled for vMotion exists on both ESXi hosts.
  • A FortiGate-VM is set up and able to handle traffic.
To migrate the FortiGate-VM on the vCenter web portal:
  1. Log into the vCenter web portal.
  2. Verify the current location of the FortiGate-VM:
    1. Go to the FortiGate-VM.
    2. On the Summary tab, check the Host. In this example, the host is currently Host 60 (10.6.30.60).
    3. Go to Storage > Files. Check that the FortiGate-VM is located in the correct datastore. In this example, the datastore is currently Datastore 60, which is in Host 60.
  3. Right-click the FortiGate-VM and select Migrate.
  4. Configure the migration options:
    1. For Select a migration type, select Change both compute resource and storage. Click NEXT.
    2. For Select a compute resource, select the desired new compute resource. In this example, Host 80 (10.6.30.80) is selected. Click NEXT.
    3. For Select storage, select the storage associated with the compute resource selected in step 5. In this example, Datastore 80 (as corresponds to Host 80) is selected. Click NEXT.
    4. For Select networks, select the desired destination network at the compute resource selected in step 5. In this example, the source network is at Host 60, and the destination network is at Host 80. Click NEXT.s
    5. For Select vMotion priority, select Schedule vMotion with high priority (recommended). Click NEXT.
  5. Before initiating the migration, open the CLI for the FortiGate-VM to check on traffic during the migration. Enter the diag sniffer packet any 'icmp and host 8.8.8.8' command to check if traffic is stable. If no traffic is lost during migration and the FortiGate-VM SSH session does not break, the output resembles the following:

  6. Click FINISH. After a few seconds, the FortiGate-VM is migrated to the new compute resources, in this case Host 80.
  7. Log into the vCenter web portal. Go to the FortiGate-VM. On the Summary tab, the Host is now the new compute resources, in this case Host 80 (10.6.30.80).
  8. Go to Storage > Files. It shows that the FortiGate-VM is now located in a new datastore, in this example Datastore 80.

To configure the FortiGate-VM using the CLI:

config system interface

edit "port1"

set vdom "root"

set ip 10.6.30.61 255.255.255.0

set allowaccess ping https ssh snmp http telnet

set type physical

next

edit "port2"

set vdom "root"

set ip 10.1.100.61 255.255.255.0

set allowaccess ping https ssh snmp http telnet

set type physical

next

edit "port3"

set vdom "root"

set ip 172.16.200.61 255.255.255.0

set allowaccess ping https ssh snmp http telnet

set type physical

next

end

config router static

edit 1

set gateway 172.16.200.254

set device "port3"

next

end

config firewall policy

edit 1

set srcintf "port2"

set dstintf "port3"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set nat enable

next

end

Resources

vMotion in a VMware environment

This guide provides sample configuration of a vMotion FortiGate-VM in a VMware environment. VMware vMotion enables the live migration of a running FortiGate-VM from one physical server to another with zero downtime, continuous service availability, and complete transaction integrity. It also provides transparency to users.

The following depicts the network topology for this sample deployment. In this sample deployment, there are two hosts, Host 60 (10.6.30.60) and Host 80 (10.6.30.80), which are members of Cluster 1 in the DataCenter 1. The vCenter server (10.6.30.99) manages DataCenter 1.

The following prerequisites must be met for this configuration:

  • The vCenter server has been set up and the data center and cluster have been created.
  • Host 60 and Host 80 are part of the cluster.
  • A Gigabit Ethernet network interface card with a VMkernel port enabled for vMotion exists on both ESXi hosts.
  • A FortiGate-VM is set up and able to handle traffic.
To migrate the FortiGate-VM on the vCenter web portal:
  1. Log into the vCenter web portal.
  2. Verify the current location of the FortiGate-VM:
    1. Go to the FortiGate-VM.
    2. On the Summary tab, check the Host. In this example, the host is currently Host 60 (10.6.30.60).
    3. Go to Storage > Files. Check that the FortiGate-VM is located in the correct datastore. In this example, the datastore is currently Datastore 60, which is in Host 60.
  3. Right-click the FortiGate-VM and select Migrate.
  4. Configure the migration options:
    1. For Select a migration type, select Change both compute resource and storage. Click NEXT.
    2. For Select a compute resource, select the desired new compute resource. In this example, Host 80 (10.6.30.80) is selected. Click NEXT.
    3. For Select storage, select the storage associated with the compute resource selected in step 5. In this example, Datastore 80 (as corresponds to Host 80) is selected. Click NEXT.
    4. For Select networks, select the desired destination network at the compute resource selected in step 5. In this example, the source network is at Host 60, and the destination network is at Host 80. Click NEXT.s
    5. For Select vMotion priority, select Schedule vMotion with high priority (recommended). Click NEXT.
  5. Before initiating the migration, open the CLI for the FortiGate-VM to check on traffic during the migration. Enter the diag sniffer packet any 'icmp and host 8.8.8.8' command to check if traffic is stable. If no traffic is lost during migration and the FortiGate-VM SSH session does not break, the output resembles the following:

  6. Click FINISH. After a few seconds, the FortiGate-VM is migrated to the new compute resources, in this case Host 80.
  7. Log into the vCenter web portal. Go to the FortiGate-VM. On the Summary tab, the Host is now the new compute resources, in this case Host 80 (10.6.30.80).
  8. Go to Storage > Files. It shows that the FortiGate-VM is now located in a new datastore, in this example Datastore 80.

To configure the FortiGate-VM using the CLI:

config system interface

edit "port1"

set vdom "root"

set ip 10.6.30.61 255.255.255.0

set allowaccess ping https ssh snmp http telnet

set type physical

next

edit "port2"

set vdom "root"

set ip 10.1.100.61 255.255.255.0

set allowaccess ping https ssh snmp http telnet

set type physical

next

edit "port3"

set vdom "root"

set ip 172.16.200.61 255.255.255.0

set allowaccess ping https ssh snmp http telnet

set type physical

next

end

config router static

edit 1

set gateway 172.16.200.254

set device "port3"

next

end

config firewall policy

edit 1

set srcintf "port2"

set dstintf "port3"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set nat enable

next

end