Fortinet Document Library

Version:


Table of Contents

Deploying FortiGate-VMX

VMware-NSX Security Fabric integration

Resources

Upgrade Path Tool
6.0.1
Download PDF
Copy Link

Comparing VM and VMX

FortiGate-VMX and FortiGate-VM - similarities

Both the FortiGate VM and VMX are security virtual appliances. In fact, they are based on the same FortiOS firmware. FortiGate-VMX supports FortiOS v5.4 and FortiOS 5.6.3 and later. Just like the FortiGate hardware appliances and FortiGate-VM virtual appliances, FortiGate-VMX includes the following advanced functions and features:

  • Firewall
  • Application Control
  • Application Security
  • Anti Virus
  • Data Leak Prevention
  • Email Filter
  • IPS/IDS
  • Web filtering
  • Explicit Proxy
  • FortiGuard Services

FortiGate-VMX and FortiGate-VM - differences

While a FortiGate-VMX functions in the same way as a FortiGate VM, securing and filtering traffic that goes through it, there are some differences which include:

  • The FortiGate-VM is an edge security solution. It has features like VPN termination and NAT. The FortiGate-VMX security service secures traffic between vNICs of each VM and the virtual ports of the vSwitch they are connected to. FortiGate-VMX is a platform-centric security solution, with VMware NSX API integration to provide complete visibility and inspection for East-West inter-VM traffic across security clusters.
  • FortiGate-VMX is a two component system encompassing a Service Manager and Security Nodes. Both are required for it to function properly.
  • A FortiGate VM is a virtual appliance deployed from an OVF file either manually by the VM administrator or as part of an orchestrated event. It has the same feature set of the hardware version of a FortiGate. It is intended for a static environment. By comparison, the FortiGate VMX is part of an automated deployment process that is part of the VMware virtual environment through the use of an API.
  • Once the FortiGate-VMX Service Manager is integrated into the SDDC, any time an ESXi host is added, a FortiGate-VMX instance will auto deploy and self-register with the FortiGate-VMX Service Manager.
  • The configuration of FortiGate-VMX instances is handled by the FortiGate-VMX Service Manager. No manual configuration of nodes is required.
  • The licensing of FortiGate-VM relates to the number of vCPUs assigned to it. FortiGate-VMX is instance-based; 1 instance requires 1 license regardless of the resources assigned to it.
  • The two products may not have the same support options. For available support options, please contact your distributors.
  • FortiGate-VM is an edge or perimeter security solution that supports a number of features that are not relevant in a FortiGate-VMX security environment:
  • VPN tunnels
  • WAN optimization
  • NAT
  • Dynamic Routing

Resources

Comparing VM and VMX

FortiGate-VMX and FortiGate-VM - similarities

Both the FortiGate VM and VMX are security virtual appliances. In fact, they are based on the same FortiOS firmware. FortiGate-VMX supports FortiOS v5.4 and FortiOS 5.6.3 and later. Just like the FortiGate hardware appliances and FortiGate-VM virtual appliances, FortiGate-VMX includes the following advanced functions and features:

  • Firewall
  • Application Control
  • Application Security
  • Anti Virus
  • Data Leak Prevention
  • Email Filter
  • IPS/IDS
  • Web filtering
  • Explicit Proxy
  • FortiGuard Services

FortiGate-VMX and FortiGate-VM - differences

While a FortiGate-VMX functions in the same way as a FortiGate VM, securing and filtering traffic that goes through it, there are some differences which include:

  • The FortiGate-VM is an edge security solution. It has features like VPN termination and NAT. The FortiGate-VMX security service secures traffic between vNICs of each VM and the virtual ports of the vSwitch they are connected to. FortiGate-VMX is a platform-centric security solution, with VMware NSX API integration to provide complete visibility and inspection for East-West inter-VM traffic across security clusters.
  • FortiGate-VMX is a two component system encompassing a Service Manager and Security Nodes. Both are required for it to function properly.
  • A FortiGate VM is a virtual appliance deployed from an OVF file either manually by the VM administrator or as part of an orchestrated event. It has the same feature set of the hardware version of a FortiGate. It is intended for a static environment. By comparison, the FortiGate VMX is part of an automated deployment process that is part of the VMware virtual environment through the use of an API.
  • Once the FortiGate-VMX Service Manager is integrated into the SDDC, any time an ESXi host is added, a FortiGate-VMX instance will auto deploy and self-register with the FortiGate-VMX Service Manager.
  • The configuration of FortiGate-VMX instances is handled by the FortiGate-VMX Service Manager. No manual configuration of nodes is required.
  • The licensing of FortiGate-VM relates to the number of vCPUs assigned to it. FortiGate-VMX is instance-based; 1 instance requires 1 license regardless of the resources assigned to it.
  • The two products may not have the same support options. For available support options, please contact your distributors.
  • FortiGate-VM is an edge or perimeter security solution that supports a number of features that are not relevant in a FortiGate-VMX security environment:
  • VPN tunnels
  • WAN optimization
  • NAT
  • Dynamic Routing