Building a FortiOS Vagrant Libvirt Box

FortiOS (FortiGate) is supported by the netlab libvirt package command. To build a fortinet/fortios box:

  • Create an empty directory on an Ubuntu machine with libvirt and Vagrant.

  • Copy the FortiGate image (usually a .zip file) into that directory

  • If needed, unzip the FortiGate image with unzip file to get the fortios.qcow2 disk image.

  • Execute netlab libvirt package fortios qcow-file-name and follow the instructions

Warning

  • netlab supports FortiGate devices that use username/password to authenticate API calls. The last software releases known to work are 7.0.x and 7.2.0.

  • If you’re using a ‌netlab release older than 1.8.2, or if you’re using a Linux distribution other than Ubuntu, please read the box-building caveats first.

Initial Device Configuration

You’ll have to copy-paste initial device configuration during the box-building process. netlab libvirt config fortios command displays the build recipe:

Creating initial configuration for FortiGate 6.x/7.0
====================================================

* Log in with username 'admin' and empty password
* Set the new 'admin' password to 'admin'
* Copy-paste the following configuration (see also NOTE below the configuration)

====================================================
config system admin
    edit "vagrant"
        set accprofile "super_admin"
        set ssh-public-key1 "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
        set password ENC SH28SLSP20eURl8us/aceUFwjdJOggVKBfSQSP8eZi2dyoNferE+lgfmTIitbE=
    next
end
config system interface
    edit "port1"
        set vdom "root"
        set mode dhcp
        set allowaccess ping https ssh http fgfm
    next
end
config system dns
    set primary 1.1.1.1
end
====================================================

* Execute "execute shutdown".
* Disconnect from console if needed (ctrl-] usually works).

Tip

If you plan to use a permanent evaluation license, install it before shutting down the FortiGate virtual machine