DEPLOYMENT GUIDE

Fortinet and Vyatta

Fortinet and Vyatta

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Deployment Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Architecture Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Figure 1: Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Partner Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Hardware Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Figure 2: Vyatta Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Figure 3: Vyatta Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Fortinet Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Figure 4: Vyatta Virtualization Console Access . . . . . . . . . . . . . . . . . . 5

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Access to Vyatta Demo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

How to Get Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2
Overview
The Brocade 5600 vRouter (formerly Vyatta 5600 vRouter) providesa solution for Network
Functions Virtualization (NFV). It offers easy scalability, a broad set of capabilities, and reliability.
Deployment Prerequisites
In addition, it utilizes Intel Data Plane Development Kit (DPDK) to deliver higher The Fortinet and Brocade Vyatta
performance, and it can be installed on hypervisors and any x86-based system. deployment requires the following:
Together, Fortinet and Brocade deliver an industry-leading security and network solution. 1. Vyatta OS
FortiGate virtual firewall products enable customers to deploy branch office services.
2. Supermicro x86-Based Hardware
Customers can deploy Virtual CPE combined with industry-leading FortiGate security.
3. FortiGate KVM Firewall
The Brocade Vyatta Network OS with Fortinet network security appliances and subscription
services provides broad, integrated, and high-performance protection against dynamic security
threats while simplifying the IT security infrastructure. Fortinet offers a flexible, end-to-end
solution that incorporates wireless and wired access, security, authentication, switching, and
management in an easily managed system that allows system-wide policy enforcement.

Architecture Overview
The following diagram illustrates the various services and components that are part of
the Fortinet Vyatta integration.The Brocade Vyatta Network OS for vCPE can be installed
on a slim Supermicro Mini-ITX chassis with Intel Atom processor C2758 running Fortinet
FortiGate Next-Generation Firewall as a guest service. The Brocade 5600 vRouter supports
foundation networking services including routing, firewall, Virtual Private Networking (VPN),
Quality of Service (QoS), and Network Address Translation (NAT) with high-performance and efficient Brocade vPlane technology. The
Vyatta vPlane architecture consists of the following main components:
1. hvvol plane services such as BGP, DHCP, OSPF, RIP, and SNMP.
2. Controller daemon—provides the data plane interface to the Linux kernel and CLI, and manages the data plane.
Data Plane: Forwards traffic between ports and passes local traffic to the controller. The data plane consists of the following components:
1. Data plane daemon—provides packet forwarding, QoS, and firewall services.
2. User space I/O drivers—provide network interface.
Linux Kernel: Hosts the data plane and other user space processes.
The FortiGate Firewall virtual appliance runs as VNFs to provide next-generation security protection.

Figure 1: Topology.

3
Deployment guide | Fortinet and Vyatta

Partner Configuration

Hardware Installation
For the integration, Brocade provided us with their hardware, a Supermicro SYS-E300-8D Intel Xeon D-1518 mini-pc. You install the system
from Vyatta LiveCD, which you create before installation. The installation process uses LiveCD as the source image, formats the device,
installs the system, and the device is rebooted after installation. Figure 2 below shows the dashboard of Vyatta OS.

Figure 2: Vyatta Dashboard.

To integrate FortiGate, we create a virtualization instance under the virtualization tab. Configure remote access to the console using VNC
and assign a port number, then install the FortiGate KVM image using the console.

4
Deployment guide | Fortinet and Vyatta

Figure 3: Vyatta Virtualization.

You can VNC to access the console.

Fortinet Configuration
Log in to the console using the VNC viewer, and you should be able to install and log in to the FortiGate console, as shown below in Figure 4:

Figure 4: Vyatta Virtualization Console Access.

5
Deployment guide | Fortinet and Vyatta

The Vyatta hardware topology is shown below. Physical interface dp01 is connected to the management interface, dp02 is connected to
the WAN link, and interface dp03 is the LAN interface. Configure the IP address on the FortiGate and connect the ports to the network.
Refer to the FortiGate Administration Guide.

Summary

Access to Vyatta Demo

This demo is part of the EntLab portal. Contact the Technical Marketing Group to access the setup.

How to Get Help

Fortinet:

This demo is part of the EntLab portal. Contact the Technical Marketing Group to access the setup.
nnhttp://docs.fortinet.com/d/fortiweb-5.6-administration-guide

nnhttps://fuse.fortinet.com/p/do/sd/sid=2298&fid=3538&req=direct

[email protected]

Fortinet:
nnhttp://www.brocade.com/en/products-services/software-networking/network-functions-virtualization/5600-vrouter.html

nnhttp://www.brocade.com/en/products-services/software-networking/network-functions-virtualization/vrouter.html

www.fortinet.com

Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other
results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied,
except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in
such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal
lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most
current version of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this
publication without notice, and the most current version of the publication shall be applicable. June 26, 2019 11:19 PM
D:\Fortinet\Deployment Guide\Vyatta\DG - Fortinet and Vyatta
91828-A-0-EN