update the FortiGate-VM evaluation license.

Before posting something, READ the changelog, WATCH the videos, howto and provide following:
Your install is: Bare metal, ESXi, what CPU model, RAM, HD, what EVE version you have, output of the uname -a and any other info that might help us faster.

Moderator: mike

Post Reply
victorino
Posts: 10
Joined: Thu Sep 17, 2020 12:06 pm

update the FortiGate-VM evaluation license.

Post by victorino » Sat Mar 04, 2023 10:30 pm

I downloaded KVM FortiOs 7.2.4. I need the Firewall to fortigate reach the ipaddress 8.8.8.8. To update the FortiGate-VM evaluation license.
Can someone help me?
You do not have the required permissions to view the files attached to this post.

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: update the FortiGate-VM evaluation license.

Post by Uldis (UD) » Wed Mar 08, 2023 8:58 am

It depends where did you connect your device, the cloud must have internet !! as well node must be configured properly

victorino
Posts: 10
Joined: Thu Sep 17, 2020 12:06 pm

Re: update the FortiGate-VM evaluation license.

Post by victorino » Sun Mar 12, 2023 3:14 am

VM-EVE-NG is configured with fixed IP 10.11.217.110/24. The fortigate image has port 1 configured with the IP 10.11.217.109/24, a static route 10.11.217.0/24 and the gateway 10.11.217.1 configured.
A VM-EVE-NG ping 8.8.8.8, 10.11.217.109(fortigate image). The image ping 10.11.217.110 (VM-EVE-NG) . I couldn't make the image fortigate ping 8.8.8.8.


sh sys inter
config system interface
edit "port1"
set vdom "root"
set ip 10.11.217.109 255.255.255.0
set allowaccess ping https ssh http telnet
set type physical
set alias "internal"
set snmp-index 1
next
edit "port2"
set vdom "root"
set type physical
set snmp-index 2
next
edit "port3"
set vdom "root"
set type physical
set snmp-index 3
next
edit "port4"
set vdom "root"
set type physical
set snmp-index 4
next
edit "naf.root"
set vdom "root"
set type tunnel
set src-check disable
set snmp-index 5
next
edit "l2t.root"
set vdom "root"
set type tunnel
set snmp-index 6
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 7
next
edit "fortilink"
set vdom "root"
set fortilink enable
set ip 10.255.1.1 255.255.255.0
set allowaccess ping fabric
set type aggregate
set lldp-reception enable
set lldp-transmission enable
set snmp-index 8
next
end
-------------------------------------
FGT(static) # show
config router static
edit 1
set dst 10.11.217.0 255.255.255.0
set gateway 10.11.217.110
set device "port1"

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: update the FortiGate-VM evaluation license.

Post by Uldis (UD) » Sun Mar 12, 2023 10:51 am

And where is default route on Forti, your node dont know where is 8.8.8.8
:)

victorino
Posts: 10
Joined: Thu Sep 17, 2020 12:06 pm

Re: update the FortiGate-VM evaluation license.

Post by victorino » Sun Mar 12, 2023 1:19 pm

I did not understand your question? You say on VM-EVE-NG/10.11.217.110?
Can you show which setting is missing?

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: update the FortiGate-VM evaluation license.

Post by Uldis (UD) » Sun Mar 12, 2023 3:55 pm

your fortinet with just ststic route to private subnet does not know how to reach 8.8.8.8
because you have not configured default route on forti with default gateway.
In your setup currently you, no logic how to reach internet...

Simply you have not default route to 0.0.0.0/0 via default GW 10.11.217.XX (same GW IP as for EVE VM itself)

victorino
Posts: 10
Joined: Thu Sep 17, 2020 12:06 pm

Re: update the FortiGate-VM evaluation license.

Post by victorino » Mon Mar 13, 2023 3:22 pm

I configured a static route as below. But the packet not reach the internet.

seeduc (static) # show
config router static
edit 2
set device "port1"
next
end

seeduc (static) # edit 2

seeduc (2) # set 0.0.0.0/0
seeduc # execute ping 10.11.217.110 (VM-EVE-NG)
PING 10.11.217.110 (10.11.217.110): 56 data bytes
64 bytes from 10.11.217.110: icmp_seq=0 ttl=64 time=0.7 ms
64 bytes from 10.11.217.110: icmp_seq=1 ttl=64 time=0.6 ms
64 bytes from 10.11.217.110: icmp_seq=2 ttl=64 time=0.8 ms
64 bytes from 10.11.217.110: icmp_seq=3 ttl=64 time=0.4 ms
64 bytes from 10.11.217.110: icmp_seq=4 ttl=64 time=0.4 ms

seeduc # execute ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

Post Reply