Routing logic inside FortiGate:
All of this runs on a single laptop.
FortiOS expects hardware acceleration. While VirtualBox doesn’t support SR-IOV or PCI passthrough perfectly, these tips help: fortigate vm virtualbox
Without a license, the VM runs in "Evaluation Mode" – limited to 10 policies, no updates, and a nag screen.
To obtain a free 15-day trial license:
execute license <paste-license-key>
Pro Tip: After the 15 days expire, you do not need to reinstall Windows. Simply remove the VM from VirtualBox (keeping the VMDK) and create a new VM with the same disk. FortiOS will reset the evaluation timer on a new VM UUID.
Cause: VirtualBox network adapter type is too old.
Fix: In CLI: VBoxManage modifyvm "FortiGate-Lab" --nictype1 virtio. Or set to 82545EM (Intel PRO/1000 MT Server) for best compatibility. Routing logic inside FortiGate:
Once logged in, assign IPs to the interfaces:
config system interface
edit port1
set mode static
set ip 192.168.122.2/24
set allowaccess ping https http ssh
next
edit port2
set mode dhcp
next
edit port3
set mode static
set ip 10.0.0.1/24
set allowaccess ping
next
end
Then set default route (if using NAT on port2): All of this runs on a single laptop
config router static
edit 1
set gateway 10.0.2.2 # VirtualBox NAT default gateway
set device port2
next
end
The FortiGate VM is a virtual appliance that runs the FortiOS operating system. It provides the same features as the physical FortiGate firewalls (Firewall, IPS, VPN, Antivirus, Web Filtering, etc.) in a software format.
Why VirtualBox? VirtualBox is a free, open-source hypervisor. While Fortinet officially lists VMware and KVM as preferred hypervisors, the FortiGate VM runs perfectly well on VirtualBox for lab purposes.