It happens occasionally that a customer has to choose between a Palo and a Forti. While I would always favour the Palo for good reasons, I can understand that the Forti is chosen for cost savings, for example.
Fortunately, there is a hidden way of installing PAN-OS, the operating system from Palo Alto Networks, on FortiGate hardware firewalls. Here’s how you can do it:
I’m using a Fortinet FortiGate FG-501E for this demo with (formerly) FortiOS v7.2.7. I’m upgrading it to PAN-OS 11.1.1.
The main step is to upload and reboot the FortiGate into an alternative image, that is: a PAN-OS image. For generic FortiGates, you must choose the KVM-based PAN-OS images. With the following CLI command on the FortiGate, you can download the image from an TFTP server and reboot into it:
execute restore image tftp PA-VM-KVM-11.1.1.qcow2 192.168.21.5
The whole process in my lab was as follows. Note that you have to acknowledge the upgrade to an “unsupported image”:
fg2 # execute restore image tftp PA-VM-KVM-11.1.1.qcow2 192.168.21.5 This operation will replace the current firmware version! Do you want to continue? (y/n)y Please wait... Connect to tftp server 192.168.21.5 ... ########################################################## Get image from tftp server OK. Warning: Upgrading to an unsupported image. Do you want to proceed? (y/n)y Checking new firmware integrity ... pass Please wait for system to restart.
After the reboot, you’re in the normal startup configuration of a Palo Alto firewall. –> Connect to it via the default IPv4 address of 192.168.1.1 with username:password of admin:admin.
In the dashboard, you can see the model and serial number, which are the ones from my FortiGate in this case:
Funnily enough, all those different interface names are used as well, that is:
Photo by Lindsay Henwood on Unsplash.