Getting a Fortigate firewall image into Eve-NG

Getting a Fortigate firewall image into Eve-NG
Photo by Jakob Braun / Unsplash

If you checked in with me earlier, you saw the following placeholder text, but I thought I would leave it here, so you can get a flavour for how excited I was to bust out something--anything--on this topic. "I’m out and about with my beautiful bride at the moment and will give this post a(n  im)proper writeup later. For now, here is the video that will accompany the post"

First, what is Eve-NG?

Eve is a virtual machine that allows you to run the operating system images of multiple network devices and emulate their configurations. It differs from a simulator (such as Cisco's Packet Tracer) in that it uses real, production-ready software that you will find on network appliances in the wild. It is real. but virtual.  

My instance of Eve-NG is running on Google's cloud platform. Don't get me wrong, I would love to have my Eve-NG lab on a local computer, but the emulated routers and switches eat up enough hardware resources that it wouldn't be cost effective for me to buy the hardware to run everything from home. 

The choice to use Google cloud was made simple in that GCP is the only (to my knowledge) cloud provider that allows for nested virtualization. Nested virtualization is best explained when you think of Russian nesting dolls. Eve-NG is itself a virtual machine (VM) and the network appliance VMs run within the Eve-NG VM. Confused yet? Just think of building a computer inside a computer that has another (group of) computer(s) inside it, all connected to each other with a virtual network. It's pretty wild, but it does work. And it is much easier to blow up and rebuild one of these networks than dealing with the aftermath of melting down a real production network as a learning exercise. In short, it is easiest to employ this kind of lab using Google to house the whole lab.

What about the images?

So that's Eve-NG. You will need to source the images of whatever network appliances you are planning to emulate and lab with. For this demonstration, I am using Fortios v7 from Fortinet to emulate a few Fortigates.

If you want to follow along and already have an emulation environment (Eve-NG or GS3) set up, you can get the images directly from Fotinet (link provided below).

You should be redirected to a page that looks like this. Log in if you are already registered; make an account and log in if you are not.

From there, you will need to navigate to the support tab and click the link for VM Images.

Next, select the platform you plat to deploy your VM on. This may seem a bit odd, because I told you before that I deployed Eve-NG on the Google cloud; you cannot use the package labled "Google" to follow this tutorial. Rather you will need the KVM package to load into Eve-NG, because Eve is in the Google cloud, but your Fortinet appliances are deployed to Eve-NG (resting dolls).

Once that downloads, it is a matter of copying the KVM file to the right directory on your Eve-NG server, renaming the file to match the scheme Eve-NG is expecting, and fixing the permissions. Check out the video walkthrough.

And with that, you now have a virtual lab running in Google cloud, ready for you to configure.