Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Abin_FTNT
Staff
Staff

Created on ‎10-04-2019 01:53 AM Edited on ‎01-11-2023 04:22 AM By Community Manager

Article Id 198087

Technical Tip: Zero touch provisioning of FortiGate using FortiDeploy

Description


This article explains the Zero touch provisioning of FortiGate using  FortiDeploy.

Useful link:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiDeploy.pdf

Solution


FortiDeploy is a feature, built into FortiCloud that allows for simplified import and provisioning of any quantity of devices.
It allows the user to deploy local or remote installed FortiGates and FortiAPs to their preferred management interface with a few clicks.
This feature is supported only when the FortiGate boots up from factory reset

Topology


Configuration steps:

1) Add the FortiGate Cloud product key to the FortiGate Cloud portal so that the FortiGate serial number appears in the portal.
 
 
2) Set up a configuration template with the basic configuration in the FortiGate Cloud portal.
3) Deploy the FortiGate to FortiGate Cloud with that template.
 
 
 
4) Ensure the FortiGate has an interface in default DHCP client mode and is connected to the ISP outlet.
5) Boot the FortiGate in factory reset. The FortiGate gets the DHCP lease so that it can access FortiGate Cloud in the Internet and join FortiGate Cloud.
 
Check the status through console:-
Initializing firewall...
System is starting...
FortiGate-201E login: admin
Password:
Welcome !
FortiGate-201E #
FortiGate-201E # dia debug cli 7
Debug messages will be on for 30 minutes.
FortiGate-201E # 0: config system fortiguard
0: set service-account-id "jxue@fortinet.com"
0: end
0: config log fortiguard setting
0: set status enable
0: end
FortiGate-201E # dia test application forticldd 1
System=FGT Platform=FG201E
Management vdom: root, id=0, ha=master.
acct_id=jxue@fortinet.com
acct_st=OK
FortiGuard log: status=enabled, full=overwrite, ssl_opt=1, source-ip=0.0.0.0
Centra Management: type=FGD, flags=000000bf.
active-tasks=0
FortiGate-201E #
The FortiGate Cloud server checks that the FortiGate key is valid and then deploys the FortiGate to FortiGate Cloud.
To prevent spoofing, FortiGate Cloud invalidates that key after a successful join.

6) Complete zero touch provisioning by obtaining configuration from platform template in the Cloud.
0:set admintimeout 50
0: end
0: config system interface
0:edit "wan1"
0:set allowaccess ping ssh fgfm
0:next
0:edit "port1"
0:set allowaccess ping
0:set ip 1.1.1.1 255.255.255.0
0:next
0:edit "port2"
0:set allowaccess ping
0:set ip 2.2.2.2 255.255.255.0
0:next
0: end
7) The FortiGate Cloud admin can change the template for different configuration requirements and then deploy the updated template to the FortiGate.
For example, add a secondary DNS to the template and deploy it to FortiGate.
 
 
Related Article:

 

Labels:
5912
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.