Fortinet Document Library

Version:


Table of Contents

Deploying FortiGate-VMX

VMware-NSX Security Fabric integration

Resources

Upgrade Path Tool
6.0.1
Download PDF
Copy Link

Upgrades

To upgrade FortiGate-VMX, you must first upgrade FortiGate-VMX SVM, then upgrade the VMX security nodes. For information about required files, see Deployment files.

tooltip icon The FortiGate-VMX versions for SVM and VMX security nodes must match. Otherwise, SVM and VMX security nodes will not communicate properly. VMX security nodes will not appear as managed firewalls in SVM's management console, and firewall policies might no function as expected.

FortiGate-VMX SVM

  1. To upgrade the FortiGate-VMX SVM, obtain the upgrade file: FGT_VM64_SVM-v6-buildXXXX-FORTINET.out (Upgrade).
  2. Log in to the SVM management GUI at https://<IP_address>. From the Firmware menu, upload the .out file. The system reboots automatically.

VMX security nodes

After the Service Manager is upgraded, upgrade the VMX security nodes.To upgrade the VMX security nodes, do one of the following:

  1. For a small number of VMX nodes, manually apply the FGT_VM64_VMX-v6-buildXXXX-FORTINET.out (Upgrade) file in the same way you applied to the SVM. Log in to the VMX security node management GUI at https://<IP_address>, and from the Firmware menu, upload the VMX's .out file. The system reboots automatically.
  2. For a large number of VMX nodes, it is recommended to use NSX. This method is also recommended if you do not have direct access to each node's port 443 (for example, if VMX segments are isolated and only SVM has access to them).

 

For the supported upgrade path, refer to the Fortinet Cookbook. Note FortiOS is applicable to FortiGate products, including the FortiGate-VMX.

Once you have downloaded the deployment packages, extract the files from the zip file.

Upgrading the FortiGate-VMX Service Manager

  1. Download the FortiGate-VMX Security Node image files and upload them to the HTTP server

Example: FGT_VM64_VMX-v5-buildXXXX-FORTINET.out.ovf.zip.

Unzip the compressed file and place the three files included in the zip file (one OVF & two VMDKs) on the HTTP server.

  1. Open the CLI in the FortiGate-VMX Service Manager and type the following:

  1. Log in to your NSX Manager via the vSphere Web UI:
  • Select Networking & Security.
  • Choose Installation.
  • Click the Service Deployments tab.
  • Under the Installation Status column, you are now presented with the option to Upgrade.

 

Resources

Upgrades

To upgrade FortiGate-VMX, you must first upgrade FortiGate-VMX SVM, then upgrade the VMX security nodes. For information about required files, see Deployment files.

tooltip icon The FortiGate-VMX versions for SVM and VMX security nodes must match. Otherwise, SVM and VMX security nodes will not communicate properly. VMX security nodes will not appear as managed firewalls in SVM's management console, and firewall policies might no function as expected.

FortiGate-VMX SVM

  1. To upgrade the FortiGate-VMX SVM, obtain the upgrade file: FGT_VM64_SVM-v6-buildXXXX-FORTINET.out (Upgrade).
  2. Log in to the SVM management GUI at https://<IP_address>. From the Firmware menu, upload the .out file. The system reboots automatically.

VMX security nodes

After the Service Manager is upgraded, upgrade the VMX security nodes.To upgrade the VMX security nodes, do one of the following:

  1. For a small number of VMX nodes, manually apply the FGT_VM64_VMX-v6-buildXXXX-FORTINET.out (Upgrade) file in the same way you applied to the SVM. Log in to the VMX security node management GUI at https://<IP_address>, and from the Firmware menu, upload the VMX's .out file. The system reboots automatically.
  2. For a large number of VMX nodes, it is recommended to use NSX. This method is also recommended if you do not have direct access to each node's port 443 (for example, if VMX segments are isolated and only SVM has access to them).

 

For the supported upgrade path, refer to the Fortinet Cookbook. Note FortiOS is applicable to FortiGate products, including the FortiGate-VMX.

Once you have downloaded the deployment packages, extract the files from the zip file.

Upgrading the FortiGate-VMX Service Manager

  1. Download the FortiGate-VMX Security Node image files and upload them to the HTTP server

Example: FGT_VM64_VMX-v5-buildXXXX-FORTINET.out.ovf.zip.

Unzip the compressed file and place the three files included in the zip file (one OVF & two VMDKs) on the HTTP server.

  1. Open the CLI in the FortiGate-VMX Service Manager and type the following:

  1. Log in to your NSX Manager via the vSphere Web UI:
  • Select Networking & Security.
  • Choose Installation.
  • Click the Service Deployments tab.
  • Under the Installation Status column, you are now presented with the option to Upgrade.