Step‑by‑Step Guide to Setting Up FortiOS Open‑Source ICS Training Environment

Name: Fortiphyd ICS Security Training - GRFICS Setup
Uploaded: 2026-01-31T13:24:56.146562+00:00
Channel: Fortiphyd Logic Inc
Description: Summary and key takeaways on Step‑by‑Step Guide to Setting Up FortiOS Open‑Source ICS Training Environment, covering Introduction This article walks you

Fortiphyd Logic Inc

Jan 31, 2026

•

4 min read

YouTube video ID: CCj9iW4KJvU

Source: YouTube video by Fortiphyd Logic Inc — Watch original video

PDF

Introduction

This article walks you through the complete process of installing and configuring the FortiOS open‑source Industrial Control System (ICS) training environment using VirtualBox. By following the steps, you can have a fully functional simulation of a chemical plant, PLCs, SCADA, and a pfSense firewall without needing to watch the original video.

Prerequisites

A computer running Windows, macOS, or Linux.
At least 8 GB of RAM (16 GB recommended) and 30 GB of free disk space.
Administrative rights to install software and create network adapters.

1. Download and Install VirtualBox

Visit the VirtualBox download page.
Choose the latest version for your operating system.
Run the installer and accept all default options.
After installation, launch VirtualBox.

2. Obtain the Pre‑Built VM Images

You can either build the VMs from source or, much easier, download ready‑made images from the FortiOS GitHub repository. 1. Open the repository’s Download VMs section. 2. Click each link (five VMs total) and download the .ova files.

3. Create Two Host‑Only Network Adapters

In VirtualBox, go to Tools → Host Network Manager → Create.
Adapter 1: set IP = 192.168.95.111, Netmask = 255.255.255.0, enable DHCP.
Adapter 2: set IP = 192.168.90.111, Netmask = 255.255.255.0, enable DHCP.
Note that VirtualBox may assign different names (e.g., VirtualBox Host‑Only Ethernet Adapter). Use the adapter that matches the IP address, not the name.

4. Import the VM Appliances

For each downloaded .ova file: 1. Click File → Import Appliance. 2. Browse to the .ova location. 3. Keep default settings, optionally change the destination folder. 4. Click Import. Repeat until all five VMs (PLC, SCADA‑BR, Chemical Plant, Workstation, pfSense) are imported.

5. Attach Host‑Only Adapters to the VMs

PLC VM

Settings → Network → Adapter 1 → Enable.
Attach to Host‑Only Adapter → select the adapter with IP 192.168.95.111.
Advanced → Promiscuous Mode: Allow VMs.
Adapter type: Paravirtualized Network (or the closest option).

SCADA‑BR VM

Same as PLC, but attach to the adapter with IP 192.168.90.111.

Chemical Plant VM

Disable Adapter 1.
Enable Adapter 2 and attach it to the 192.168.95.111 host‑only adapter.

Workstation VM

Enable Adapter 1 and attach it to the 192.168.95.111 adapter.

pfSense VM

Enable Adapter 1 → attach to 192.168.95.111.
Enable Adapter 2 → attach to 192.168.90.111.
Keep the same promiscuous and adapter‑type settings as above.

Tip: After configuring adapters, a system reboot may be required for the host‑only networks to work correctly.

6. Initial pfSense Configuration

Start the pfSense VM and wait for the console.
When prompted, answer No to VLAN setup.
Choose the WAN interface (e.g., vtnet0 or em0).
Choose the LAN interface (e.g., vtnet1 or em1).
Confirm with Y and wait for the configuration to finish.
Once the console shows Enter an option, you can safely close the VM window.

7. Power Up All VMs

Select each VM and click the Start arrow.
Allow a few minutes for each machine to finish booting.

8. Verify the Environment

Open a web browser on your host and navigate to http://192.168.95.10. You should see the Web Visualization of the chemical plant.
Access the SCADA‑BR HMI by opening the address shown on its console. Log in with admin / admin.
If you see a small triangle with an exclamation mark, the HMI cannot reach the PLC – double‑check network assignments.
In the Workstation VM, open a terminal and run ping 192.168.95.2. A successful ping confirms proper connectivity.

9. Troubleshooting Common Issues

Incorrect Adapter Assignment – Verify each VM is attached to the correct host‑only adapter (match IP addresses, not names).
DHCP Not Working – Ensure the DHCP server checkbox is enabled for both host‑only adapters.
Promiscuous Mode – The setting must be Allow VMs; otherwise traffic may be blocked.
Adapter Type Mismatch – Some hosts require Intel PRO/1000 MT Desktop instead of Paravirtualized.
Restart Required – If adapters appear inactive, reboot the host machine.

Conclusion

By following this guide you will have a fully operational FortiOS open‑source ICS training lab, complete with a simulated chemical plant, PLCs, SCADA, and a pfSense firewall. The environment is ready for hands‑on practice with network security, intrusion detection, and incident response in an industrial setting.

You can now run a complete FortiOS ICS training lab locally, enabling realistic practice without any additional hardware or video tutorials.

Frequently Asked Questions

Who is Fortiphyd Logic Inc on YouTube?

Fortiphyd Logic Inc is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Computer Networking: A Top-Down Approach Kindle Edition Recommended

Provides foundational networking concepts that help understand the virtual network setup described in the article, essential for troubleshooting and expanding the lab

Amazon →

Comptia Network+ Certification Guide (Physical)

Covers practical networking skills and exam preparation, reinforcing the knowledge needed to configure VirtualBox host‑only adapters and pfSense correctly

Amazon →

The Linux Command Line (Physical)

Teaches command‑line operations used in the workstation VM for ping tests and other diagnostics, making lab interactions smoother

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

in this video i'll show you how to set
up fortified's open source
ics training environment the first step
is to download and install virtualbox if
you don't already have it installed
so go to the virtualbox download page
select the latest version for download
and install it with all the default
options
to create the vms you can either build
them from source
or you can download the images from our
github page
i think downloading the images from the
github page is the easiest way to do it
so
that's how we'll show it in this
tutorial on our github page
scroll down to the section that says
download vms
click on each of the links and click
download
now we need to create two network
adapters so
go to tools in the top left of
virtualbox and then click on create
this will create a new host only adapter
change its ip address to
192.168.95.111
and then keep the netmask 255.255.255.0
repeat this process to create a second
host only adapter
but this time give it the ip address
192.168.90.111
lastly click the checkboxes to enable
dhcp server for both the adapters
it's important to note that virtualbox
auto names the host only adapters
so your names may be different than mine
throughout the video whenever i
reference virtualbox host only ethernet
adapter
i am using the host only adapter that
has the ip address 192.1
so you should use whichever adapter of
yours has that ip address regardless of
name
and the same goes for virtualbox host
only ethernet adapter number two
that adapter is whichever adapter of
yours
has the ip address 192.168.90.111
now let's import the vm images that we
previously downloaded
in virtualbox click on file import
appliance
and then select the file location of one
of the vms we downloaded
keep all the default options except you
may want to change the file location
that the vm is imported to
and then click import
repeat this process for all five virtual
machines now we have to attach our host
only adapters to
each of the vms click on the plc vm
click on settings and then click on
network and it should open up a panel
for adapter one click the check box to
enable network adapter
in the attach to drop down box select
the host only adapter option
and then in the name select the host
only adapter that you made that has the
ip address
192.168.95.111
so in this case it's called virtualbox
host only ethernet adapter
expand the advanced category and set
promiscuous mode to
allow vms my adapter type is set to para
virtualized network but this is
something that may vary based on your
host computer's hardware
click ok and then we will set up the
rest of the vms in a similar fashion
open the network options for the scada
br vm
and set up everything the same as the
plc vm
except we want the name of the host only
adapter to be
the name of the adapter that has the ip
address 192.168.90.111
so in this case it's virtualbox host
only ethernet adapter
number two open the network options for
the chemical plant vm
and in this case we're not going to
enable the network adapter
for adapter 1. instead go to the adapter
2 tab
and assign it the virtual box host only
ethernet adapter
with all the same options as before for
the workstation vm
we assign adapter 1 to virtualbox host
only ethernet adapter
again with all the same options for the
pf sense vm we need to assign both the
host only adapters
so open the network options go to the
adapter 1 tab
enable that network adapter and assign
it the name virtualbox host only
ethernet adapter number 2.
then go to the adapter 2 tab enable that
network adapter as well
and assign it the name virtualbox host
only ethernet adapter
and set all the other options the same
as previously
at this point i had to restart my
computer for all the host only adapters
to operate properly but your mileage may
vary
there's some more setup we have to do
for the pf sense vm
so click on the pfsense vm and then
click on the green start arrow
and then you'll have to wait a while
while it does some of its startup
process
it will eventually ask you if you want
to set up a vlan type n for no
and hit enter you should then be
prompted to enter the name of a wan
interface
and in parentheses that will give you a
list of choices in my case it says
vtnet0
vtnet1 or a for automatic
you want to pick the first of those
choices so in my case it's vtnet0
in your case it may be something
different like em0
type that in and hit enter then you'll
be prompted to enter the name of a lan
interface
in parentheses you should see your
choices it should be a network name
a or nothing and we want to pick the
network name so
in my case it's vtnet1 in your case it
may be something like
em1 type that in and hit enter
it will ask if you want to proceed type
y for yes and hit enter
and then just wait a while until it gets
to a screen that says
enter an option at this point it's safe
to close out of the vm
this completes the setup process so
let's check to make sure everything's
working correctly
start all five vms by clicking on them
and then clicking on the start arrow
give all the vms time to go through
their startup process
and then open your browser and point it
to the address
192.168.95.10 and you should see the web
visualization
open on that page give it a little bit
of time to connect and initialize
and then you should see a visual
representation of the chemical plant
working
if you look at the scatter br vm it
should display an address that you can
go to on your browser to see if the web
interface for our hmi is working
so go to that address and when prompted
for a username and password
put admin for the username and admin for
the password
and you should see what looks like in
hmi with numerical values that change
occasionally if
beside those numerical values you see a
small triangle with an exclamation mark
inside of it
that means something went wrong with the
setup and the hmi is not able to connect
to the plc
lastly let's make sure that the
workstation vm is properly networked
so in the workstation vm open a terminal
and
ping 192.168.95.2
and the ping should be successful if all
that is successful then you have
correctly set up your environment
if some part of this doesn't work most
likely it has something to do with the
networking so go back
and make sure that all of the settings
in the host only adapters are the same
as mine
and that all of the vms are connected to
the correct host only adapters