Lab Setup

Setting Up & Installation

  • For this lab, I used EVE-NG to emulate a simple network environment. I downloaded and installed the following:

    • Eve-ng community edition from their website: https://www.eve-ng.net/index.php/download/

    • Eve-ng windows client side (Optional, for wireshark and vnc for windows machiens)

    • FileZilla (To transfer the object files through FTP)

    • OS Images, you can find these online, I got some from here, https://drive.google.com/file/d/1M9LGlev0IgXNQvCbrqtGcAdTJTRIMZLX/view and others like the fortigate firewall I downloaded manually (More on that below)

  • After creating the VM in VMware and completing the setup, I logged in to the console using root:eve. When accessing the web GUI, use admin:eve, I spent several minutes trying to log in as root before realizing no error message appears to indicate the correct credentials.

Importing OS Images

  • To add devices (switches, routers, PCs, etc.), first import their OS images:

  • On the EVE-NG VM, navigate to /opt/unetlab/addons/, which contains three subfolders:

    • dynamips (Cisco routers)

    • iol (Linux-based images)

    • qemu (other generic images)

  • Each image must follow a specific naming convention. For example, for FortiGate:

    • Download the KVM file from the FortiGate support site.

    • Check the naming convention at https://www.eve-ng.net/index.php/documentation/qemu-image-namings/ (for FortiGate, it should be virtioa.qcow2).

    • Rename the file to virtioa.qcow2.

    • Create a new folder under /opt/unetlab/addons/qemu/ named fortinet-FGT-7.2.11/, grant it full permissions (chmod 777), and place the renamed file there.

FortiGate KVM

Setting up Local Network

  • My simple local network setup included:

    • 1 FortiGate firewall

    • 1 core switch

    • 2 additional switches

    • 4 PCs (2 connected to each switch)

    • 1 management network (to simulate WAN for FortiGate)

  • This is how the topology should look:

Simple Topology

  • Right-click the workspace, choose Network, then Management to add the management network.

  • Add the four PCs, then the switches, and finally the FortiGate.

  • While all devices are powered off, connect them as per the diagram.

  • Power on all devices and begin configuration.

Fortigate Setup

  • Log in to verify the license.

  • Navigate to Network -> Interfaces.

    • Port1: WAN (no additional configuration needed).

    • Port2:

      • Role: LAN

      • Addressing Mode: Manual

      • IP/Netmask: 192.168.1.1/255.255.255.0

      • DHCP Server: On

      • Address Range: 192.168.1.100 to 192.168.1.200

      • Default Gateway: 192.168.1.1

      • DNS Server: “Same as System DNS” or specify (8.8.8.8, 8.8.4.4)

  • Configure a firewall policy to allow LAN-to-WAN access:

    • Go to Policy & Objects → IPv4 Policy.

    • Click Create New.

      • Name: LAN_to_WAN_Access

      • Incoming Interface: Port2 (LAN_Network)

      • Outgoing Interface: Port1 (WAN)

      • Source: All

      • Destination: All

      • Schedule: Always

      • Service: ALL (for lab simplicity)

      • Action: ACCEPT

      • NAT: Enabled (“Use Outgoing Interface Address”)

      • Log Allowed Traffic: Enable all sessions or security events

Switch Configuration

On each switch I had to do some configurations,

Main Switch

enable
configure terminal

! Port to FortiGate LAN (port2)
interface G0/2
 description Link-to-FortiGate-LAN
 switchport mode access
 spanning-tree portfast
 no shutdown
exit

! Port to Switch 2
interface G0/0
 description Link-to-SW2
 switchport mode access
 no shutdown
exit

! Port to Switch 3
interface G0/1
 description Link-to-SW3
 switchport mode access
 no shutdown
exit

end
write memory

Switch 1

enable
configure terminal

! Port to Main Switch (SW1)
interface G0/0
 description Link-to-SW1
 switchport mode access
 no shutdown
exit

! Ports for PCs
interface G0/1
 description To-PC1
 switchport mode access
 spanning-tree portfast
 no shutdown
exit

interface G0/2
 description To-PC2
 switchport mode access
 spanning-tree portfast
 no shutdown
exit

end
write memory

Switch 2

enable
configure terminal

! Port to Main Switch (SW1)
interface G0/0
 description Link-to-SW1
 switchport mode access
 no shutdown
exit

! Ports for PCs
interface G0/1
 description To-PC3
 switchport mode access
 spanning-tree portfast
 no shutdown
exit

interface G0/2
 description To-PC4
 switchport mode access
 spanning-tree portfast
 no shutdown
exit

end
write memory

  • Once complete, each device should have its own IP address and be able to communicate with the rest of the network and access the internet.

PreviousCyber Security ProductsNextFortigate Firewall

Last updated