Fortinet Document Library

Version:


Table of Contents

Deploying FortiGate-VMX

VMware-NSX Security Fabric integration

Resources

Upgrade Path Tool
6.0.1
Download PDF
Copy Link

Terms and concepts

This product, more than most, is dependent on its interaction with a third party product as well as being designed differently from most of the other virtual Fortinet products, so a short listing of terms and concepts not common to our other products is included to avoid confusion.

dvPort Groups

Distributed port groups in VMware are similar to VLAN’s traditionally used to isolate traffic in a network.

VMware’s official definition of a dvPortGroup is "A distributed port group specifies port configuration options for each member port on a vSphere distributed switch. Distributed port groups define how a connection is made to a network."

dvSwitch

A dvSwitch is a distributed Virtual Switch. In the traditional virtual environment that hosts multiple VM instances on a single host, there is one virtual switch that all the instances are “attached” to inside the host. The difference in a distributed virtual switch is that this switch can span multiple hosts.

ESXi

ESXi is VMware's enterprise-class, type-1 hypervisor, used for deploying and hosting virtual computers. Because it is a type-1 hypervisor it is not a software application that is installed on top of an existing operating system. It has its own OS components and can be installed directly on the computer hardware or as its own virtual OS.

Host

In a VMware infrastructure, a host is an instance of ESXi that holds one or more VMs. These VMs can be virtual servers or virtual network devices.

Kernel agent

The kernel agent is a component of the infrastructure that is situated between each virtual NIC and its associated port on the vDistrubuted Switch. As traffic traverses between the vNIC and the vSwitch, it is re-directed to the FortiGate-VMX Security Node instance to be processed.

NetX

The Network Extensibility API (NetX) is available to specific Technical Alliance Partner (TAP) Elite partners. This allows the interception of traffic between a VMs vNIC and the virtual switch it’s plugged into to make policy decisions.

This API allows FortiGate-VMX to integrate into the VMware infrastructure.

NSX

NSX is VMware’s network virtualization platform for the Software-defined Data Center. In NSX, virtual networks are programmed, provisioned, and managed independently of the underlying hardware. It reproduces the entire network model in software, enabling any network topology to be created and provisioned without all the physical work of having to rewire, move and connect your hardware.

Security Node

The FortiGate-VMX Security Node is the virtual FortiGate-VMX Firewall instance deployed with each host.

Service Manager

The Service Manager (FortiGate-VMX Service Manager), is the interface between the FortiGate-VMX Security Nodes and the VMware infrastructure.It is through the Service Manager that the Security Nodes are deployed, configured and licensed.

vCenter

VMware vCenter Server is the centralized management application portion of vSphere that lets you centrally manage virtual machines and ESXi hosts. vCenter is a requirement to have enterprise features like vMotion, VMware High Availability, VMware Update Manager and VMware Distributed Resource Scheduler (DRS).

vSphere Enterprise

vSphere Enterprise is VMware's cloud computing virtualization operation system.

Resources

Terms and concepts

This product, more than most, is dependent on its interaction with a third party product as well as being designed differently from most of the other virtual Fortinet products, so a short listing of terms and concepts not common to our other products is included to avoid confusion.

dvPort Groups

Distributed port groups in VMware are similar to VLAN’s traditionally used to isolate traffic in a network.

VMware’s official definition of a dvPortGroup is "A distributed port group specifies port configuration options for each member port on a vSphere distributed switch. Distributed port groups define how a connection is made to a network."

dvSwitch

A dvSwitch is a distributed Virtual Switch. In the traditional virtual environment that hosts multiple VM instances on a single host, there is one virtual switch that all the instances are “attached” to inside the host. The difference in a distributed virtual switch is that this switch can span multiple hosts.

ESXi

ESXi is VMware's enterprise-class, type-1 hypervisor, used for deploying and hosting virtual computers. Because it is a type-1 hypervisor it is not a software application that is installed on top of an existing operating system. It has its own OS components and can be installed directly on the computer hardware or as its own virtual OS.

Host

In a VMware infrastructure, a host is an instance of ESXi that holds one or more VMs. These VMs can be virtual servers or virtual network devices.

Kernel agent

The kernel agent is a component of the infrastructure that is situated between each virtual NIC and its associated port on the vDistrubuted Switch. As traffic traverses between the vNIC and the vSwitch, it is re-directed to the FortiGate-VMX Security Node instance to be processed.

NetX

The Network Extensibility API (NetX) is available to specific Technical Alliance Partner (TAP) Elite partners. This allows the interception of traffic between a VMs vNIC and the virtual switch it’s plugged into to make policy decisions.

This API allows FortiGate-VMX to integrate into the VMware infrastructure.

NSX

NSX is VMware’s network virtualization platform for the Software-defined Data Center. In NSX, virtual networks are programmed, provisioned, and managed independently of the underlying hardware. It reproduces the entire network model in software, enabling any network topology to be created and provisioned without all the physical work of having to rewire, move and connect your hardware.

Security Node

The FortiGate-VMX Security Node is the virtual FortiGate-VMX Firewall instance deployed with each host.

Service Manager

The Service Manager (FortiGate-VMX Service Manager), is the interface between the FortiGate-VMX Security Nodes and the VMware infrastructure.It is through the Service Manager that the Security Nodes are deployed, configured and licensed.

vCenter

VMware vCenter Server is the centralized management application portion of vSphere that lets you centrally manage virtual machines and ESXi hosts. vCenter is a requirement to have enterprise features like vMotion, VMware High Availability, VMware Update Manager and VMware Distributed Resource Scheduler (DRS).

vSphere Enterprise

vSphere Enterprise is VMware's cloud computing virtualization operation system.