Fortigate - Initial 4G remote config until shipped to remote site
I have a question surrounding making the process of onboarding/migrating new acquisition offices to our infrastructure more efficient.
What we currently do:
Historically, I organise delivery of a Fortigate, Server (Domain Controller), switch, Unifi AP etc. Then, the weekend of the migration date, me and my team go over there and setup Fortigate (Mesh site to site VPNs, UTM, access rules etc). Promote server to DC (DHCP, DNS, WSUS, Print, MDT etc), Configure switch VLANS and setup Unifi AP. This is always a major rush and inevitably involves late night/s and troubleshooting issues.
What I want to do:
What I want to do to eliminate this is get all the kit sent to my house (I WFH) and get the Fortigate connected on 4G and do the complete config ahead of time. Then all I have to do on migration weekend is physically rack the equipment and change the WAN IP.
I have looked at 4G modems compatible with the USB interface on a 60E for example and the official compatibility list doesn’t look current or even UK available. I have now started looking at a FortiExtender and this looks like it will do a job. What I want to know is using the Extender as a WAN port for initial config, I would then need to ‘unpick’ all my FortiExtender interface references and change to WAN1 – Access rules, VPNs etc when physically onsite at the new location/leased line. Whilst this isn’t a major problem, I would like to avoid it if possible. I was thinking perhaps I could make a redundant interface using WAN1 and the FortiExtender and reference in all my rules? Would that work? Or is there an even cleaner way of doing it? Can the Fortigate WAN port patch into the LAN port on the extender for example
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.