Fortinet black logo

Administration Guide

Home FortiGate Cloud 23.4.0 Administration Guide

FortiDeploy

23.4.0
24.1.0
23.4.0
Copy Link
Copy Doc ID ce71c0e4-7759-11ee-a142-fa163e15d75b:681988
Download PDF

FortiDeploy

FortiDeploy is a product built into FortiGate Cloud for zero-touch provisioning (ZTP) when devices are deployed locally or remotely. FortiDeploy provides automatic connection of FortiGates for management by FortiGate Cloud or FortiManager.

At time of purchase, you can order a FortiDeploy SKU in addition to your FortiGate Cloud subscription.

When you visit the FortiGate Cloud portal and enter the FortiDeploy bulk key, you see a list of serial numbers from the order that contained the FortiDeploy SKU. After you confirm that the devices are connected, you can perform basic configuration on the devices remotely, such as sending a FortiManager IP address to all remote FortiGates, so that the FortiManager can manage them remotely.

FortiDeploy support starts the moment you send an email to cs@fortinet.com. You can also contact cs@fortinet.com if you already purchased a FortiGate Cloud subscription and want to purchase FortiDeploy to add to your existing subscription.

FortiDeploy requires a FortiGate model that supports the ZTP (autojoin) feature. FortiGate/FortiWiFi/POE desktop and 1U models up to 100F support the ZTP feature. For other models, FortiDeploy supports one-touch provisioning. For these models, you must configure DHCP on the port of choice. The FortiDeploy server can push FortiManager settings to devices that fulfill this requirement. Having trained personnel handle larger deployments is recommended. FortiDeploy is available for devices running FortiOS 5.2.2 and later.

To enable autojoining FortiGate Cloud:

From FortiOS 5.2.3 and later, the auto-join-forticloud option is enabled by default. You must enable it for FortiDeploy to function correctly. You can ensure that the option is enabled by running the following commands:

config system fortiguard

set auto-join-forticloud enable

end

After changing this setting, restart the device and ensure that the device sends traffic to FortiGate Cloud to verify that you configured it correctly.

To set central management to FortiGuard:

If your device is connected to FortiGate Cloud but not cloud-managed, ensure that central management is set to FortiGuard:

config system central-management

set type fortiguard

end

Reboot the device, log into FortiGate Cloud, and see if you can manage the device.

To use FortiDeploy with a device deployed behind a NAT device:

The internal or LAN interface default address is the 192.168.1.0/24 subnet. IP address conflicts can occur with departmentalization devices. You can unset each device's default IP address:

config system interface

edit internal

unset ip

end

end

config system interface

edit lan

unset ip

end

end

You can change the web-based management interface's internal interface IP address in Network > Interfaces.

To set a port to DHCP mode:

config system interface

edit "portX"

set mode dhcp

set role wan

next

end

Previous
Next

FortiDeploy

FortiDeploy is a product built into FortiGate Cloud for zero-touch provisioning (ZTP) when devices are deployed locally or remotely. FortiDeploy provides automatic connection of FortiGates for management by FortiGate Cloud or FortiManager.

At time of purchase, you can order a FortiDeploy SKU in addition to your FortiGate Cloud subscription.

When you visit the FortiGate Cloud portal and enter the FortiDeploy bulk key, you see a list of serial numbers from the order that contained the FortiDeploy SKU. After you confirm that the devices are connected, you can perform basic configuration on the devices remotely, such as sending a FortiManager IP address to all remote FortiGates, so that the FortiManager can manage them remotely.

FortiDeploy support starts the moment you send an email to cs@fortinet.com. You can also contact cs@fortinet.com if you already purchased a FortiGate Cloud subscription and want to purchase FortiDeploy to add to your existing subscription.

FortiDeploy requires a FortiGate model that supports the ZTP (autojoin) feature. FortiGate/FortiWiFi/POE desktop and 1U models up to 100F support the ZTP feature. For other models, FortiDeploy supports one-touch provisioning. For these models, you must configure DHCP on the port of choice. The FortiDeploy server can push FortiManager settings to devices that fulfill this requirement. Having trained personnel handle larger deployments is recommended. FortiDeploy is available for devices running FortiOS 5.2.2 and later.

To enable autojoining FortiGate Cloud:

From FortiOS 5.2.3 and later, the auto-join-forticloud option is enabled by default. You must enable it for FortiDeploy to function correctly. You can ensure that the option is enabled by running the following commands:

config system fortiguard

set auto-join-forticloud enable

end

After changing this setting, restart the device and ensure that the device sends traffic to FortiGate Cloud to verify that you configured it correctly.

To set central management to FortiGuard:

If your device is connected to FortiGate Cloud but not cloud-managed, ensure that central management is set to FortiGuard:

config system central-management

set type fortiguard

end

Reboot the device, log into FortiGate Cloud, and see if you can manage the device.

To use FortiDeploy with a device deployed behind a NAT device:

The internal or LAN interface default address is the 192.168.1.0/24 subnet. IP address conflicts can occur with departmentalization devices. You can unset each device's default IP address:

config system interface

edit internal

unset ip

end

end

config system interface

edit lan

unset ip

end

end

You can change the web-based management interface's internal interface IP address in Network > Interfaces.

To set a port to DHCP mode:

config system interface

edit "portX"

set mode dhcp

set role wan

next

end

Previous
Next