Many enterprises and service providers use Fortinet products like FortiGate, often running them as a VM’s. If running them virtually on vSphere, what are the current supported versions?
FortiOS supported vSphere versions
The vSphere 8 support status for FortiGate appliances in VM factor (including the pay-as-you-go variant) was until recently not clear in the Fortinet documentation.
After consulting a contact at Fortinet, he responded that FortiOS starting with version 7.2.0 is supported for vSphere 8 and that the release notes are updated accordingly.
In a nutshell the supported vSphere versions for FortiGate VM based deployments are:
|FortiOS major versions||FortiGate VM supported vSphere versions|
|7.4.x||8.0, 7.0, 6.7, 6.5|
|7.2.x||8.0, 7.0, 6.7, 6.5|
|7.0.5 – 7.0.x||7.0, 6.7, 6.5|
|7.0.0 – 7.0.4||7.0, 6.7, 6.5, 6.0, 5.5, 5.1, 5.0, (4.1, 4.0 incl. ESX and ESXi)|
|6.4.4 – 6.4.x||7.0, 6.7, 6.5, 6.0, 5.5, 5.1, 5.0, (4.1, 4.0 incl. ESX and ESXi)|
|6.4.0 – 6.4.3||6.7, 6.5, 6.0, 5.5, 5.1, 5.0, (4.1, 4.0 incl. ESX and ESXi)|
|6.2.x||6.7, 6.5, 6.0, 5.5, 5.1, 5.0, (4.1, 4.0 incl. ESX and ESXi)|
|6.0.x||6.7, 6.5, 6.0, 5.5, 5.1, 5.0, (4.1, 4.0 incl. ESX and ESXi)|
FortiOS VM hardware support
So how about the VM hardware version when deploying a new FortiGate instance. Fortinet itself does not specify a minumum VM hardware version in the documentation. In general I would advise to use the latest version possible in your environment. Practically that would be the VM hardware version supported by the lowest vSphere version in production.
For example: When running vSphere 7 U3 and 8.0 U1 in production, choosing VM hardware version 19 is the way to go. The VMware KB article “Virtual machine hardware versions (1003746)” shows the version overview.
Once a given VM hardware version is used, VMware does not advice to upgrade to a higher VM hardware version unless there is a specific reason to do so. For example: When you need a feature of a higher VM hardware version or when to a mitigate a security vulnerability. For the latter, think of the L1TF / Spectre / Metdown speculative execution vulnerabilities back in 2018 / 2019 which could required a VM hardware upgrade.
For a list of VM hardware features see the “Hardware Features Available with Virtual Machine Compatibility Settings” in the vSphere 8 documentation.
The FortiGate VM based next-gen firewall appliances are fully supported for vSphere 8 in the last 2 major versions (7.2 / 7.4) as shown in the table above at time of writing this post
When deploying FortiGate appliances choose the VM hardware version that matches the lowest vSphere version used in your production environment to make sure the VM’s can be moved around using vMotion and to be able to restore to other hosts.