Fortinet white logo
Fortinet white logo

Azure Administration Guide

Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data

Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data

This section explains how to add bootstrapping of FortiGate CLI commands and BYOL license at the time of initial bootup as part of PowerShell deployment.

It is expected that you have thorough knowledge of PowerShell and various Azure services and features to adopt this deployment method. You should be able to author a ps1 file on your own as required by your organization.

You can find a sample PowerShell script that works with bootstrapping on GitHub.

To bootstrap the FortiOS CLI and BYOL license at initial bootup using user data:
  1. Create a directory on your PC with the path C:\Azure\misc.
  2. Create a MIME text file named azureinit.conf in the C:\Azure\misc directory. You can change the directory path and file name using the $customdataFile = C:\Azure\misc\azureinit.conf parameter in the ps1 file. azureinit.conf is the text file in MIME format that includes both FortiGate CLI commands and license file content. You can download a sample azureinit.conf from GitHub.
  3. You can download a license file from Customer Service & Support after registering your product code. Copy and paste the content of your license file to replace the license portion of azureinit.conf. FortiGate-VM license content resembles the following:

  4. In the example ps1 file, the FortiGate CLI command is shown as the following:

    config system global

    set timezone 03

    end

    This example sets the timezone as GMT-9 Alaska. You can replace these lines with your own set of CLI commands.

  5. After editing the sample ps1 file to reflect your own Azure environments and azureinit.conf file as required, run the ps1 file. It reads the conf file and passes FortiGate CLI commands and the license to the FortiGate-VM deployment using cloud-init user data.
  6. After the ps1 file execution ends, log into the FortiGate by accessing https://<IP_address> in your browser.
  7. The system displays the dashboard instead of a license upload window, since the license is already activated.

    To see how bootstrapping went, check if the command was successfully run. Open the CLI console and enter diag debug cloudinit show.

    If the cloud-init was run successfully, the CLI shows Azure customdata processed successfully.

    If you see an error with this diagnose command, resolve it and try again by editing azureinit.conf. There may be a syntax error.

  8. Check the timezone by running config system global and get commands.

    The timezone was changed to Alaska as expected, meaning that the bootstrapping CLI command was successful. This assumes that you used the default FortiGate CLI command in step 4. If you modified the command, test it accordingly.

Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data

Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data

This section explains how to add bootstrapping of FortiGate CLI commands and BYOL license at the time of initial bootup as part of PowerShell deployment.

It is expected that you have thorough knowledge of PowerShell and various Azure services and features to adopt this deployment method. You should be able to author a ps1 file on your own as required by your organization.

You can find a sample PowerShell script that works with bootstrapping on GitHub.

To bootstrap the FortiOS CLI and BYOL license at initial bootup using user data:
  1. Create a directory on your PC with the path C:\Azure\misc.
  2. Create a MIME text file named azureinit.conf in the C:\Azure\misc directory. You can change the directory path and file name using the $customdataFile = C:\Azure\misc\azureinit.conf parameter in the ps1 file. azureinit.conf is the text file in MIME format that includes both FortiGate CLI commands and license file content. You can download a sample azureinit.conf from GitHub.
  3. You can download a license file from Customer Service & Support after registering your product code. Copy and paste the content of your license file to replace the license portion of azureinit.conf. FortiGate-VM license content resembles the following:

  4. In the example ps1 file, the FortiGate CLI command is shown as the following:

    config system global

    set timezone 03

    end

    This example sets the timezone as GMT-9 Alaska. You can replace these lines with your own set of CLI commands.

  5. After editing the sample ps1 file to reflect your own Azure environments and azureinit.conf file as required, run the ps1 file. It reads the conf file and passes FortiGate CLI commands and the license to the FortiGate-VM deployment using cloud-init user data.
  6. After the ps1 file execution ends, log into the FortiGate by accessing https://<IP_address> in your browser.
  7. The system displays the dashboard instead of a license upload window, since the license is already activated.

    To see how bootstrapping went, check if the command was successfully run. Open the CLI console and enter diag debug cloudinit show.

    If the cloud-init was run successfully, the CLI shows Azure customdata processed successfully.

    If you see an error with this diagnose command, resolve it and try again by editing azureinit.conf. There may be a syntax error.

  8. Check the timezone by running config system global and get commands.

    The timezone was changed to Alaska as expected, meaning that the bootstrapping CLI command was successful. This assumes that you used the default FortiGate CLI command in step 4. If you modified the command, test it accordingly.