How to Install FortiGate Firewall in GNS3

In this guide, you will learn how to set up a FortiGate VM within GNS3. We will cover creating a FortiCloud account, downloading the correct firmware image, importing the appliance, activating the free evaluation license, and configuring basic firewall policies for internet connectivity.

Part 1: Downloading the FortiGate VM Image

To begin, you need to acquire the correct VM image from Fortinet. This process requires a free account.

1. Create a FortiCloud Account

Navigate to support.fortinet.com and create a new account. The process is free. Once you have registered and verified your email, log in to the FortiCloud portal.

2. Locate the Firmware

In the support portal, navigate to Support > VM Images. Ensure you select FortiGate as the product and KVM as the platform for GNS3 compatibility.

3. Select the Correct Version

While newer versions exist, specific versions like 7.6.4 may have compatibility issues in certain environments. For this guide, we will use version 7.6.3.

Look for the file labeled "New Deployment" for ARM64 or x86 (depending on your system, though standard GNS3 usually uses the x86/64 KVM image). Download the file, which is approximately 108 MB.

4. Extract and Rename

Once downloaded, extract the zip file. You will see a file named fortios.qcow2 (or similar inside the folder). You must ensure the filename matches exactly what GNS3 expects during the import process (e.g., fortios.qcow2), or rename the directory/file structure as needed to match the appliance template.

Part 2: Importing the Appliance into GNS3

With the file ready, we can now configure GNS3.

1. Create a New Template

Open GNS3 and click the New Template button (plus sign) in the bottom left of the devices pane. Select Install an appliance from the GNS3 server.

2. Select FortiGate

Navigate to Firewalls > FortiGate and click Install. Select to install the appliance on the GNS3 VM.

3. Create a Custom Version

The default list may only go up to version 7.4. To use 7.6.3, click Create New Version.

Version Name: 7.6.3
File Name: Ensure this matches your downloaded file exactly (e.g., fortios.qcow2).

4. Import the Image

Select the newly created version 7.6.3 in the list. It will show the file as missing. Click Import and select the fortios.qcow2 file you extracted earlier. Once the status changes to "Ready to Install," proceed with the installation.

Note: The evaluation license is restrictive. It limits the VM to 1 CPU core and 2 GB of RAM. Do not attempt to increase these resources, or the license may fail.

Part 3: Initial Boot and Licensing

Now that the appliance is installed, drag the FortiGate 7.6.3 node into your workspace.

1. Connect to the Network

To activate the license, the FortiGate needs internet access. Add a Cloud node to your workspace and connect it to Port 1 on the FortiGate. This usually bridges the connection to your local network via NAT/DHCP.

2. Initial Login

Start the node and open the console. The system will format the disk and reboot once automatically. When the login prompt appears, use the default credentials:

User: admin
Password: (blank)

You will be immediately prompted to set a new password.

3. Verify IP Address

Check if the device received an IP address via DHCP on Port 1 by running:

get system interface

Take note of the IP address assigned to Port 1 (e.g., 192.168.122.x).

4. Activate Evaluation License via Web GUI

Open a web browser and navigate to the IP address found in the previous step using HTTP or HTTPS. Log in with admin and your new password.

You will be presented with a licensing screen. Select Evaluation License and enter your FortiCare email and password. The system will attempt to update the license and reboot.

Part 4: Troubleshooting License Timeouts

If the automatic license request times out, you can perform a manual activation.

1. Download License File

Go back to the FortiCloud portal and navigate to Services > Asset Management. You should see a registered product listed as "FortiGate VM Trial" with a matching serial number.

Click the product and download the License File.

2. Upload to FortiGate

In the FortiGate Web GUI (or by reloading the image in GNS3 to restart the process), select Full License or Upload File instead of entering credentials directly. Upload the license file you just downloaded. The system will reboot to apply the changes.

Part 5: Basic Configuration and Testing

After the reboot, log in to the Web GUI. You can now configure the device for a lab environment.

1. System Settings

Navigate to System > Settings.

Hostname: Set a unique name (e.g., FortiGate-GNS3).
Admin Ports: Change the HTTPS port if it conflicts with your local system (e.g., 4433).
Idle Timeout: Increase this from 5 minutes to 30 minutes or more to prevent frequent logouts.

2. Configure Internal Interface

Navigate to Network > Interfaces. Edit Port 2 to serve as your LAN.

Alias: LAN-HR
IP/Netmask: 192.168.1.1/24
Administrative Access: Enable Ping.
DHCP Server: Enable and set a range (e.g., .100 to .200).

3. Create Firewall Policy

Go to Policy & Objects > Firewall Policy. Create a new policy to allow traffic from the LAN to the Internet.

Name: HR-to-Internet
Incoming Interface: LAN-HR (Port 2)
Outgoing Interface: Port 1 (WAN)
Source/Destination: All / All
Service: ALL (or specific services like ICMP)
NAT: Enabled

4. Verify Connectivity

In GNS3, drag a Virtual PC (VPCS) into the workspace and connect it to Port 2 of the FortiGate. Start the VPCS and open the console.

Request an IP address via DHCP:

ip dhcp

Once an IP is assigned, test connectivity to the internet:

ping 1.1.1.1

If the ping is successful, your FortiGate firewall is correctly configured and routing traffic within GNS3.

← Back to Guides Homepage