Overview:
So, a lot of you work for an MSP or an IT firm where you need to constantly unbox hardware such as firewalls, then change your network adapter configuration on your main work laptop simply to configure and test new hardware.
In order to set up a new firewall, you typically use a computer on the same subnet. For example, the new firewall is configured with 192.168.1.1, so you can use a notebook on the same subnet, say 192.168.1.50, and connect a network cable between the two.
Now, anyone can open a browser on the notebook and go to https://192.168.1.1 and get the web GUI for the firewall.
Use Case:
Let us say we don’t have a spare notebook so I want to create a virtual machine (VMWare Workstation) on my existing desktop to help me configure the firewall. I want to connect the new firewall to a switch or router on my home network and use this virtual machine to reach the web GUI. How would one make this work.
I will be showing you how to utilize a working VM to get this job done even easier with simply a few steps.
Prerequisites:
- Type 2 Hypervisor, I prefer VMware Workstation Player for this.
- An Operating system ISO file, I prefer using something lightweight such as Linux Ubuntu or Windows 10/11
- Adequate Hard Drive Space on host machine
- 2x Network cables
- Network switch, or router with a switch built in.
Prepare The Environment:
- On your desktop, open your web browser and navigate to VMware Workstation. At the time of this writing we are currently on version 17.
- Click download on the system file for 64bit Windows.
- Next, navigate to Ubuntu.com and download the latest Ubuntu .iso file. As of the time of this writing we are currently using version 22.10-desktop
- I’m going to assume that you have setup Workstation Player 17 already with the working operating system of your choosing. If you haven’t please refer to this article, I don’t like to reinvent the wheel. How to Install Ubuntu 22.10 on VMware Workstation 17 in Windows 10
- Install the minimal desktop version of Ubuntu since this is just a configuration VM.
- The most important option that we NEED is to make sure on the VM for the network configuration to utilize the “bridge” interface which is similar to VMnet0.
- Select the virtual machine and select VM > Settings.
- On the Hardware tab, select Network Adapter.
- Select Bridged: Connected directly to the physical network.
- If you use the virtual machine on a laptop or other mobile device, select Replicate physical network connection state.
- This setting causes the IP address to be renewed when you move from one wired or wireless network to another.
Click OK to save your changes.
- Once that has been completed it’s time to connect an network/Ethernet cable from the network switch and or router that we have in the environment directly to LAN1 on the FortiGate Firewall. Please make sure this is connected to LAN1 and not connected to WAN.
- Next, from within the VM operating system, navigate to the network adapter settings. From here, my internal network is running on the 192.168.0.X subnet; yours might be 192.168.1.X no matter.
- Look at the FortiGate Firewall, typically the admin IP is http://192.168.1.99. You should change your network adapter to be on the same subnet within your VM environment such as 192.168.1.30.
Linux/Ubuntu
The guide below provides an equivalent of ipconfig /release and ipconfig /renew commands on Linux. Use these steps to force DHCP Client to Renew IP Address.
- Press CTRL+ALT+T to launch Terminal on Linux.
- In Terminal, type sudo dhclient – r and press Enter to release current IP.
- Then type sudo dhclient and press Enter to get a new IP address from DHCP server.
sudo dhclient -r sudo dhclient
If you are on a windows pc run the command ipconfig /release and ipconfig /renew.
Now you should be able to do a ifconfig while on Linux to see if the interface reflects the new iP and subnet.
If your linux OS says that it can’t run ifconfig, run the below command:sudo apt install net-tools
If on Windows run the command, ipconfig to see your current IP reflects the network adapter changes.
Now it’s time to test connectivity once your firewall has power…….
If everything was successfully followed from the above steps you should be able to access the FortiGate Mgmt Firewall.