Building a FortiOS Vagrant Libvirt Box

FortiOS (FortiGate) is supported by the netlab libvirt package command. To build a fortinet/fortios box:

  • Create an empty directory on an Ubuntu machine with libvirt and Vagrant.

  • Copy the FortiGate image (usually a .zip file) into that directory

  • If needed, unzip the FortiGate image with unzip file to get the fortios.qcow2 disk image.

  • Execute netlab libvirt package fortios qcow-file-name and follow the instructions

Warning

  • netlab supports FortiGate devices that use username/password to authenticate API calls.

  • Before 7.2.0, the FortiGate VM included a 15 day evaluation license. The vagrant box would need to be recreated 15 days after the initial build to continue using it.

  • Starting with 7.2.0, you can use a permanent evaluation license, linked to your FortiGate Support Portal account.

  • Limitations of the evaluation license can be found in the FortiGate documentation.

  • If you’re using a ‌netlab release older than 1.8.2, or if you’re using a Linux distribution other than Ubuntu, please read the box-building caveats first.

Initial Device Configuration

The initial device configuration is prepared on a CD-ROM image that is read by the device during the initial boot process. All you have to do is check the applied configuration and shut down the device.

netlab libvirt config fortios command displays the build recipe:

Creating initial configuration for FortiGate 6.x/7.0/7.4/7.6
============================================================

Initial configuration for the FortiGate device is prepared in a bootstrap CD-ROM
image. Once the device boots and the configuration is applied:

* Log in with username 'admin' and password 'admin'
* Check the applied configuration with "diagnose debug cloudinit show"
* Optionally, add any other configuration you might want to have burned into
  the vagrant box
* Execute "execute shutdown".
* Disconnect from console if needed (ctrl-] usually works).

If you don't like our initial configuration and would like to start with a
pristine one:

1. Execute "virsh change-media vm_box sda --eject" in another shell
2. Run "execute factoryreset" on the console
3. Log in with username 'admin' and empty password
4. Set the new 'admin' password to 'admin'
5. Apply your initial configuration

In the past, the following initial configuration was recommended
 
====================================================
config system admin
    edit "vagrant"
        set accprofile "super_admin"
        set ssh-public-key1 "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
        set password ENC SH28SLSP20eURl8us/aceUFwjdJOggVKBfSQSP8eZi2dyoNferE+lgfmTIitbE=
    next
end
config system interface
    edit "port1"
        set vdom "root"
        set mode dhcp
        set allowaccess ping https ssh http fgfm
    next
end
config system dns
    set primary 1.1.1.1
end
====================================================

Tip

If you plan to use a permanent evaluation license, install it before shutting down the FortiGate virtual machine