Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate Cloud 25.4.0 Administration Guide
    25.4.0
    26.1.a
    26.1.0
    25.4.a
    25.4.0

    Cloud provisioning

    Cloud provisioning

    Cloud provisioning is the mechanism to connect a FortiGate to FortiGate Cloud and configure it for cloud management and logging. You can provision a FortiGate to FortiGate Cloud using one of the following methods:

    After provisioning a FortiGate to FortiGate Cloud using one of the methods described, complete basic configuration by doing the following:

    1. Create a firewall policy with logging enabled. Configure log uploading if necessary.
    2. Log in to FortiGate Cloud using your FortiCloud account.
    To provision a FortiGate/FortiWifi to FortiGate Cloud using the FortiCloud key:
    1. Log in to FortiGate Cloud.
    2. Go to Devices and Provisioning > Device List > FortiGate, then click Add FortiGate.
    3. Click Import FortiGate.
    4. In the FortiCloud or FortiDeploy key field, enter your key value.
    5. For End user type, select A non-government user or A government user as required.
    6. From the Partner dropdown list, select the affiliated Fortinet partner.
    7. To provision your FortiGate to FortiGate Cloud after import, enable Provision after import.
    8. If desired, you can associate a script with the provisioning. The selected script is executed automatically once the FortiGate establishes a management tunnel with its management server. This feature is limited to FortiGates that have an active FortiGate Cloud subscription. If the script depends on a specific FortiOS version, you must specify the target FortiOS version to ensure compatibility. From the Pre-run Script dropdown list, select the desired script. CLI scripts configured in CLI scripts are available for selection. The Description and CLI Scripts fields populate according to the selected script. If needed, from the Enforce Firmware dropdown list, select the desired FortiOS version.
    9. Click OK.
    Note

    After the device is successfully provisioned, the device key becomes invalid. You can only use the key once to provision a device.
    To provision a FortiGate or FortiWifi to FortiGate Cloud using the inventory:
    1. Log in to the FortiGate Cloud.
    2. Go to Devices and Provisioning > Device List > FortiGate, then click Add FortiGate.
    3. Select the desired device from the displayed inventory. This displays all assets from the logged-in FortiCloud account. Click Provision > Provision to FortiGate Cloud.
    4. From the Select Display Timezone for Device dropdown list, select the desired time zone.
    5. Click Submit.
    To provision a FortiGate or FortiWifi to FortiGate Cloud in the FortiOS GUI:
    1. In the FortiCloud portal, ensure that you have a product entitlement for FortiGate Cloud for the desired FortiGate or FortiWifi.
    2. In FortiOS, in the Dashboard, in the FortiGate Cloud widget, the Status displays as Not Activated. Click Not Activated.
    3. Click the Activate button.
    4. In the Activate FortiGate Cloud panel, the Email field is already populated with the FortiCloud account that this FortiGate is registered to.
    5. In the Password field, enter the password associated with the FortiCloud account.
    6. Enable Send logs to FortiGate Cloud. Click OK.

    7. This should have automatically enabled Cloud Logging. Ensure that Cloud Logging was enabled. If it was not enabled, go to Security Fabric > Fabric Connectors > Cloud Logging, enable it, then set Type to FortiGate Cloud.
    8. You must set the central management setting to FortiCloud, as this is the initial requirement for enabling device management features.
    To configure a FortiGate-VM for FortiGate Cloud:

    FortiGate-VMs require additional configuration to ensure that they function with FortiGate Cloud. Run the following commands in the FortiOS CLI:

    config system fortiguard

    unset update-server-location

    end

    Previous
    Next

    Cloud provisioning

    Cloud provisioning

    Cloud provisioning is the mechanism to connect a FortiGate to FortiGate Cloud and configure it for cloud management and logging. You can provision a FortiGate to FortiGate Cloud using one of the following methods:

    After provisioning a FortiGate to FortiGate Cloud using one of the methods described, complete basic configuration by doing the following:

    1. Create a firewall policy with logging enabled. Configure log uploading if necessary.
    2. Log in to FortiGate Cloud using your FortiCloud account.
    To provision a FortiGate/FortiWifi to FortiGate Cloud using the FortiCloud key:
    1. Log in to FortiGate Cloud.
    2. Go to Devices and Provisioning > Device List > FortiGate, then click Add FortiGate.
    3. Click Import FortiGate.
    4. In the FortiCloud or FortiDeploy key field, enter your key value.
    5. For End user type, select A non-government user or A government user as required.
    6. From the Partner dropdown list, select the affiliated Fortinet partner.
    7. To provision your FortiGate to FortiGate Cloud after import, enable Provision after import.
    8. If desired, you can associate a script with the provisioning. The selected script is executed automatically once the FortiGate establishes a management tunnel with its management server. This feature is limited to FortiGates that have an active FortiGate Cloud subscription. If the script depends on a specific FortiOS version, you must specify the target FortiOS version to ensure compatibility. From the Pre-run Script dropdown list, select the desired script. CLI scripts configured in CLI scripts are available for selection. The Description and CLI Scripts fields populate according to the selected script. If needed, from the Enforce Firmware dropdown list, select the desired FortiOS version.
    9. Click OK.
    Note

    After the device is successfully provisioned, the device key becomes invalid. You can only use the key once to provision a device.
    To provision a FortiGate or FortiWifi to FortiGate Cloud using the inventory:
    1. Log in to the FortiGate Cloud.
    2. Go to Devices and Provisioning > Device List > FortiGate, then click Add FortiGate.
    3. Select the desired device from the displayed inventory. This displays all assets from the logged-in FortiCloud account. Click Provision > Provision to FortiGate Cloud.
    4. From the Select Display Timezone for Device dropdown list, select the desired time zone.
    5. Click Submit.
    To provision a FortiGate or FortiWifi to FortiGate Cloud in the FortiOS GUI:
    1. In the FortiCloud portal, ensure that you have a product entitlement for FortiGate Cloud for the desired FortiGate or FortiWifi.
    2. In FortiOS, in the Dashboard, in the FortiGate Cloud widget, the Status displays as Not Activated. Click Not Activated.
    3. Click the Activate button.
    4. In the Activate FortiGate Cloud panel, the Email field is already populated with the FortiCloud account that this FortiGate is registered to.
    5. In the Password field, enter the password associated with the FortiCloud account.
    6. Enable Send logs to FortiGate Cloud. Click OK.

    7. This should have automatically enabled Cloud Logging. Ensure that Cloud Logging was enabled. If it was not enabled, go to Security Fabric > Fabric Connectors > Cloud Logging, enable it, then set Type to FortiGate Cloud.
    8. You must set the central management setting to FortiCloud, as this is the initial requirement for enabling device management features.
    To configure a FortiGate-VM for FortiGate Cloud:

    FortiGate-VMs require additional configuration to ensure that they function with FortiGate Cloud. Run the following commands in the FortiOS CLI:

    config system fortiguard

    unset update-server-location

    end

    Previous
    Next