Appendix: GNS3 Basics

In this chapter, we will be going through the basics in GNS3. Try to play with and familiarize yourself with this environment as this is a good tool for network simulations.

Adding a FortiGate Firewall to GNS3

  1. Start by adding a new template.
    Figure A.1: Create a New template
  2. We want to install it from the GNS3 Server, so keep the option default and then press next.
    Figure A.2: Select Install an appliance from the GNS3 server
  3. On the next window, search for “FortiGate”, and select the option under “Firewalls”, then click “Install.”
    Figure A.3: Search for “FortiGate”
  4. Press “Next” on this screen:
    Figure A.4: Install the appliance on the GNS3 VM
  5. Press “Next” on this screen:
    Figure A.5: Qemu settings
  6. Tick the “Allow custom files” box.
    Figure A.6: Tick Allow custom files
  7. Click “Yes” on this screen:
    Figure A.7: Click on Yes
  8. Highlight a random version.
    Figure A.8: Highlight a random version
  9. Click “Create a new version.”
    Figure A.9: Create a new version
  10. Create a new custom version and select optional name for it.
    Figure A.10: Create a custom version
  11. Press OK on this one, too:
    Figure A.11: Click on OK
  12. Press OK again.
    Figure A.12: Click on OK
  13. Click on any empty30G file, and click Download. Save that file to your computer.
    Figure A.13: Download empty30G.qcow2
  14. Scroll down to your custom version and click the arrow on the left:
    Figure A.14: Select Custom version
  15. Click the FGT filename under your custom version and click “Import.”
    Figure A.15: Import FortiGate Image
  16. Navigate to your downloaded FortiGate Firewall image and click “Open.”
    Figure A.16: Select FortiGate Image
  17. Still under your custom version, click “Import” on the empty30G file.
    Figure A.17: Select empty30G.qcow2
  18. Navigate to your downloaded empty30G file and click “Open.”
    Figure A.18: Import empty30G.qcow2 file
  19. After that, highlight the custom version again and click “Next.”
    Figure A.19: Select custom version and then click on Next
  20. Click “Yes” on this window:
    Figure A.20: Click on “Yes”
  21. Then click “Finish.”
    Figure A.21: Click on “Finish”

Configuring Your Palo Alto Firewall Template and Adding the Device

  1. Let’s start by modifying the GNS3 template of the Palo Alto firewall by right clicking the existing template, and clicking on “Configure template.”
    Figure A.22: Configure Palo Alto template
  2. Make sure the max amount of RAM is set to at least 4096MB, and the amount of vCPUs are at least 2.
    Figure A.23: Configure template
  3. Now close the window, and drag in the Palo Alto device from the left hand pane.
    Figure A.24: Drag a Palo Alto in the workspace
  4. Once you’ve dragged in the Palo Alto device, right click it, then click “Start.”
    Figure A.25: Start Palo Alto

    Keep in mind that this device takes a while to start.

Webterm Installation

    1. Let’s begin by clicking “New template” on the bottom left hand of GNS3.
      Figure A.26: Create a new template
    2. We want to install this into the GNS3 VM. Click on the option to “Install an appliance from the GNS3 Server,” then click next.
      Figure A.27: Install an appliance from the GNS3 server
    3. On the next window, search for “webterm,” select the option under “guests,” then click “Install.”
      Figure A.28: Search for “webterm”
    4. On the next screen, ensure that “Install the appliance on the GNS3 VM” is already selected, then click “Next.”
      Figure A.29: Select “Install the appliance on the GNS3 VM”
    5. On the next screen, click “Finish.”
      Figure A.30: Click on Finish

      After that, it should appear under all devices in GNS3

Configuring Your Webterm Device with a Static IP

  1. Drag in the webterm device from the left pane. Then once it finishes downloading the docker file, right click it and select “Edit config.”
    Figure A.31: Edit config
  2. A window will pop up containing the device’s network configuration. We want to modify this file to match the specified IP address. The final modification should look like a little like this:
    Figure A.32: Static IP address configuration

    After these modifications, click on the save button on the bottom right of the window.

Configuring a Webterm DHCP Client

We just need to uncomment these 2 lines to enable DHCP. Click on save and we are done.

Figure A.33: DHCP IP address configuration

Connecting Devices in GNS3

Please see the example below:[1]

Figure A.34: Connecting devices

Using NAT in GNS3

The NAT device in GNS3 will allow devices in our virtual topology to communicate with the internet. This device is under the all devices section of GNS3.

Figure A.35: NAT

Make sure you select the GNS3 VM as the option whenever you see this window (applies for all devices)

Figure A.36: Choose GNS3 VM

Using Kali in GNS3

Sometimes we need to use Kali to demonstrate an attack. Please keep in mind that Kali is used strictly for testing purposes, and should not be used as a daily driver, to hack your friends, or to pretend to look cool.

  1. Let’s begin by clicking “New template” on the bottom left hand of GNS3.
    Figure A.37: Create a new template
  2. We want to install this into the GNS3 VM. Click on the option to “Install an appliance from the GNS3 Server,” then click “Next.”
    Figure A.38: Select “Install an appliance from the GNS3 Server”
  3. On the next window, search for “kali”, and select the non “CLI” option.
    Figure A.39: Select Kali Linux
  4. On the next screen, ensure that “Install the appliance on the GNS3 VM” is already selected, then click “Next.”
    Figure A.40: Install the appliance on the GNS3 VM
  5. “Next” again:
    Figure A.41: Qemu binary
  6. Expand the “2019” option, and download both missing files.
    Figure A.42: Select the Kali-Linux version and then Download
  7. After that, import the downloaded file to the specified 2019 selection.
    Figure A.43: Select the Kali-Linux downloaded file
  8. It should take a second, but GNS3 will start to load up the ISO into the GNS3 VM.
    Figure A.44: Load the image
  9. After that, click the 2019 version again, then click “Next.”
    Figure A.45: Ready to install Kali 2019.3
  10. Then click “Finish.”
    Figure A.46: Click on “Finish”

Using WordPress in GNS3

Sometimes we need a basic webserver to demonstrate website functionality. This can be accomplished using the WordPress appliance in GNS3. Start by clicking the new template button on the bottom of the page.

Figure A.47: Create a new template

We want to install an appliance from the GNS3 server.

Figure A.48: Install an appliance from the GNS3 server

Look up “WordPress,” then click “Install.”

Figure A.49: Search for “WordPress”

Just press next for the following dialogue boxes, and you should now have WordPress!

Figure A.50: WordPress installed successfully!

Running WordPress

After changing the interface configuration, start the machine. You will see a dialogue box:

Figure A.51: Running WordPress

Press enter and you’ll see the device under some basic configuration. Once you get to the prompt, you can exit that window, and you will have WordPress ready!

Figure A.52: WordPress is ready!

Using Switches in GNS3

Usually we just use switches to connect multiple devices together in GNS3. However, it can also be used for VLANs. Start by dragging one in and double clicking it.

Figure A.53: Switch configuration

Here you can see that they are all basically untagged. To configure a specific port, simply double click your desired port

Figure A.54: Switch port configuration

Configure the necessary settings for them (access is for tagging, dot1q is for trunking).

Figure A.55: Switch port configuration

Click on add to Apply the changes.

Figure A.56: Switch port configuration

Then click Apply and OK.


  1. If using an offline version of the book, navigate to https://opentextbc.ca/fortigatefirewall/back-matter/appendix/ in order to see this animated example.

License

Icon for the Creative Commons Attribution 4.0 International License

FortiGate Firewall Copyright © 2023 by Hamid Talebi is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book