Fortinet black logo

Administration Guide

Home FortiGate Cloud 23.4.0 Administration Guide

FortiCloud and FortiDeploy keys

23.4.0
24.1.0
23.4.0
Copy Link
Copy Doc ID ce71c0e4-7759-11ee-a142-fa163e15d75b:855792
Download PDF

FortiCloud and FortiDeploy keys

The following table summarizes the differences between FortiCloud and FortiDeploy key usage:

Account type

Key type

Key reuse policy

Autojoin policy

Regular

FortiCloud

Valid until a new device is deployed

24 hours from first autojoin (grace period)

If join request is from the same IP address: 15 minutes after reenabling autojoin.

FortiDeploy

Valid only once

Always

Multitenancy

FortiCloud

Valid until a new device is deployed

Always

FortiDeploy

Valid only once

Always

A FortiGate that is imported by FortiCloud or FortiDeploy key which has not been registered in FortiCare is registered upon deployment to FortiGate Cloud or FortiManager.

You can reenable autojoin for a device in Assets or Inventory.

FortiCloud key

A FortiCloud key is printed on a sticker attached to a FortiGate/FortiWiFi's top surface. You can use this key for one of the following:

  • Directly add a new individual device to a FortiGate Cloud account.
  • Import the key to a FortiGate Cloud account inventory.

See To deploy a FortiGate/FortiWifi to FortiGate Cloud using the FortiCloud or FortiDeploy key:

Either action allows the next autojoin request from the device. After the device successfully connects to FortiGate Cloud, its FortiCloud key becomes invalid.

If you load a device by FortiCloud key to a regular account, FortiGate Cloud always allows the device's autojoin request if the source IP address is the same as the last time it autojoined. If the device source IP address differs from the last time it successfully autojoined, you have the option to reenable autojoin for 15 minutes. You must reboot the device within that time to finish the autojoin process. You have a maximum of five attempts to reenable autojoin and reboot the device. After you reach five attempts, you must contact Customer Service & Support to reset the number of attempts. When the device successfully completes the autojoin process, this resets the number of attempts.

For multitenancy accounts, autojoin is always allowed.

FortiDeploy key

A FortiDeploy key is purchased with a SKU to load one or multiple new FortiGate/FortiWiFi(s) to a FortiGate Cloud account inventory. See To deploy a FortiGate/FortiWifi to FortiGate Cloud using the FortiCloud or FortiDeploy key:. This load action allows autojoin requests from all devices on the FortiDeploy key. Once you use a FortiDeploy key to load devices to a FortiGate Cloud account, you cannot reuse it to reload the devices. FortiGate Cloud always allows autojoin for a device added by FortiDeploy key.

Previous
Next

FortiCloud and FortiDeploy keys

The following table summarizes the differences between FortiCloud and FortiDeploy key usage:

Account type

Key type

Key reuse policy

Autojoin policy

Regular

FortiCloud

Valid until a new device is deployed

24 hours from first autojoin (grace period)

If join request is from the same IP address: 15 minutes after reenabling autojoin.

FortiDeploy

Valid only once

Always

Multitenancy

FortiCloud

Valid until a new device is deployed

Always

FortiDeploy

Valid only once

Always

A FortiGate that is imported by FortiCloud or FortiDeploy key which has not been registered in FortiCare is registered upon deployment to FortiGate Cloud or FortiManager.

You can reenable autojoin for a device in Assets or Inventory.

FortiCloud key

A FortiCloud key is printed on a sticker attached to a FortiGate/FortiWiFi's top surface. You can use this key for one of the following:

  • Directly add a new individual device to a FortiGate Cloud account.
  • Import the key to a FortiGate Cloud account inventory.

See To deploy a FortiGate/FortiWifi to FortiGate Cloud using the FortiCloud or FortiDeploy key:

Either action allows the next autojoin request from the device. After the device successfully connects to FortiGate Cloud, its FortiCloud key becomes invalid.

If you load a device by FortiCloud key to a regular account, FortiGate Cloud always allows the device's autojoin request if the source IP address is the same as the last time it autojoined. If the device source IP address differs from the last time it successfully autojoined, you have the option to reenable autojoin for 15 minutes. You must reboot the device within that time to finish the autojoin process. You have a maximum of five attempts to reenable autojoin and reboot the device. After you reach five attempts, you must contact Customer Service & Support to reset the number of attempts. When the device successfully completes the autojoin process, this resets the number of attempts.

For multitenancy accounts, autojoin is always allowed.

FortiDeploy key

A FortiDeploy key is purchased with a SKU to load one or multiple new FortiGate/FortiWiFi(s) to a FortiGate Cloud account inventory. See To deploy a FortiGate/FortiWifi to FortiGate Cloud using the FortiCloud or FortiDeploy key:. This load action allows autojoin requests from all devices on the FortiDeploy key. Once you use a FortiDeploy key to load devices to a FortiGate Cloud account, you cannot reuse it to reload the devices. FortiGate Cloud always allows autojoin for a device added by FortiDeploy key.

Previous
Next