Create a Fortinet Fortigate Firewall Device

This topic explains how to create and operate a Fortinet FortiGate Firewall virtual device. See Fortinet Specifications for more information about the Fortinet FortiGate virtual device.

Licensing

Obtain a license from the vendor device reseller for a FortiGate Firewall device. Bring Your Own License (BYOL) is the only available option for this virtual device. Network Edge supports both file-based perpetual license as well as FortiFlex token-based license.

Note: FortiFlex license only supports license tokens for software versions 7.x.x.

Device Creation

To create a single FortiGate device:

  1. Sign in to the Equinix Customer Portal and navigate to Network Edge.

  2. From the Network Edge menu, select Create Virtual Device.

  3. Click Select and Continue on the Fortinet FortiGate Firewall card to begin device creation.

    4. Note: Click View Details to see a preview of the configuration options available for this virtual device.

  4. Click Create Single Edge Device. To increase the availability of the device, select Redundant Device and deploy routers in the other metro location.

  5. Click Begin Creating Edge Devices.
  6. In the Select Metro section, click a location where this virtual device is getting deployed.
  7. Select a billing account.

In order to create a device in a specific metro location, you need a billing account for the metro. You can continue without selecting an account, but you won’t be able to create your device.
You will be able to save your draft device.

Note: If you don’t have any available billing accounts, click Go to Account Management to set up a billing account. For more information about creating a billing account, see Billing Account Management.

  1. Click Next: Device Details.

  2. Licensing defaults to Bring Your own License. Uploading the BYOL license token or files for Fortinet FortiGate is optional. You can provision your device without license, and register the BYOL license after the device is provisioned.

    • Select I will enter license tokens if you are using a token-based FortiFlex license. In the field, enter your license token key.

    • Select I will upload license files if you are using a file-based license. Click Choose a file to upload your license file.

  3. Select the Device Resources.

  4. Select a Software Package.

  5. Select a Software Version.

    6. If a software version is being retired within the next 2 months, you will see a icon next to the version number. It is strongly recommended that you select a different version because once a version is retired, Equinix will not support it.

    Note: FortiFlex license only supports license tokens for software versions 7.x.x.

  6. In the Device Details section:

    • Device Name – Enter a name for the device.
    • Host Name Prefix – Enter the hostname configured for the device.
  7. In the Interfaces section, select the number of interfaces for your device.

    8. Note: The Interfaces drop-down defaults to 10. You can select the option to increase the number of the interface to 18.

  8. Select a WAN/SSH Interface. Ports 1 – 10 are available to be assigned to WAN interface if the 10 interface option is selected. When WAN interface is selected automatically or manually, the rest of the ports will be available for the private data connection for Virtual Connections or BYOC connections. You can use those private data connections for the firewall management as well.

  9. In the Device Status Notifications section, enter the email address(es) of the person(s) who will receive notifications about the status of this device.

  10. (Optional) In the Optional Details box, enter the Purchase Order Number and Order Reference/Identifier.

  11. In the Term Length drop-down menu, select a term length.
  12. Click Next: Additional Services.
    • Add Users – Add user names for accessing virtual device via SSH/HTTPS. For more information, see Network Edge Device Access.
    • (Optional) RSA Public Keys – Enter an existing RSA Public Key, or click Add New RSA Public Key to generate a new one.
    • Diverse Compute from an Existing Single Device – If you already have another single device and you want this new device to exist in a different plane, click Select Diverse From and select the existing device. See Achieve Resiliency Through Geo-Redundancy for more information.
    • Access Control List Template(s) – This access list is used to control ingress traffic toward the virtual device. Access list is applied to the adjacent gateway device where this virtual device WAN interface is connected.

      • Note: By default, the communication required for initial bootstrap (DNS, NTP, License Server communication, etc.) is allowed to properly configure the initial VNF configuration. Additional protocols such as SSH need to be intentionally permitted using an ACL template (Custom ACL). If you need to create a template to apply to your device, click Create Access Control List Template. See Configure Access Controls on Virtual Devices for more information.

    • Additional Internet Bandwidth – Add between 25 and 5000 additional Mbps of internet bandwidth (for a fee). 15 Mbps of Internet Bandwidth is included free in the package by default.
  13. Click Next: Review and review your order.
  14. Click Create Virtual Device.

The confirmation screen will display. Click Go to the Device to navigate to the device detail page. After the device provisioning process is complete, you will receive an email notifying you that device provisioning has completed.

Related Topics Link IconRelated Topics