Hey y'all,
I'm new here so bear with me
I'm looking for a solution to automate setting up a FortiGate machine - i.e. spin it up and have it automatically set rules, VIPs, etc. without ever necessarily having to log onto it. The obvious solution is Ansible/Chef/Puppet and the like but I've no experience using these tools on FortiOS, only Linux distros. Has anybody tried this? Or even better does anybody have a different solution to my conundrum?
Thanks in advance!
- Chloé
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can do this with a FortiManager (physical or virtual appliance). You can set everything up on the FortiManager and when the FortiGate connects to it it will pull down the new config.
There are two ways to get the FortiGate to connect to the FortiManager. Either you configure the IP address on the FortiGate (so you will have to boot it up and configure the setting), or alternatively if you have lots of devices to deploy and want true zero touch you can purchase a deploy license when you buy the FortiGates. This allows you to configure the FortiManager IP address in the FortiCloud service. When the FortiGates first boot up they will ask the cloud service what it's FortiManager IP address is, once it gets it it will then autoconnect and pull it's config.
I've seen this done with a 200 FortiGate global deployment and it works really well.
You can do this with a FortiManager (physical or virtual appliance). You can set everything up on the FortiManager and when the FortiGate connects to it it will pull down the new config.
There are two ways to get the FortiGate to connect to the FortiManager. Either you configure the IP address on the FortiGate (so you will have to boot it up and configure the setting), or alternatively if you have lots of devices to deploy and want true zero touch you can purchase a deploy license when you buy the FortiGates. This allows you to configure the FortiManager IP address in the FortiCloud service. When the FortiGates first boot up they will ask the cloud service what it's FortiManager IP address is, once it gets it it will then autoconnect and pull it's config.
I've seen this done with a 200 FortiGate global deployment and it works really well.
Awesome, thank you!
I did read a little into that before posting but thought I'd ask anyways. I'll definitely look into it though.
While I've got you here, have you any experience of uploading a CLI script to execute via the CLI interface?
I know you can upload it in the GUI, but is there a command that does it? I've been going around in circles all morning look on google...
All the best!
Chloé
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.