Deploying the Hub device
This is the final step for the Hub deployment. All previous configuration is assigned and installed to the model device. Once the model device is ready, the real device may register with FortiManager to receive its full configuration.
Following is a summary of how to deploy the Hub device:
- Add a Model Device. See Adding a model device.
A model device is used as a placeholder, until the real device connects to the FortiManager.
- Configure the Meta Fields. See Configuring Meta Fields.
Meta Field values are a one-time definition for each device as it is on boarded.
- Generate the certificate for the Hub device. See Generating and issuing certificates for Hub devices.
This step leverages the previously defined Hub Certificate Template.
- Install the overlay configuration to the Model Device. See Installing the overlay configuration.
When the real device connects, the model device configuration will be installed to the real device.
- Install the remaining configuration to the Model Device. See Installing the remaining configuration to the model device.
- Connect the real device. See Connecting the real device.
You can connect the real device manually or by using zero-touch provisioning (ZTP).
Adding a model device
A model device is used as a placeholder, until the real device connects to the FortiManager.
To add a model device:
- On Device Manager, click Add Device, and select Add Model Device.
- In the Name box, type the name of the Hub, and select the right parameters (such as device model).
In our example we have named the Hub device site1-H1.
- Select Add it to the Device Group, and select Hubs.
- Select Assign the Policy Package, and select Hubs.
- Select Assign Provisioning Template, and select default.
- Click Next, and complete the wizard.
Configuring Meta Fields
To configure Meta Fields:
- Right-click the Model Device named Hub, and select Edit.
- Fill in following Meta Fields used in CLI templates for the Hub device.
The following values correspond to our example:
Meta Field
site1-H
as
65001
inet-id
11
inet-intf
port1
inet-tunnel-net
10.201.1.0/24
lan-net
10.1.0.0/24
lan-summary
10.0.0.0/14
mpls-id
12
mpls-intf
port4
mpls-tunnel-net
10.202.1.0/24
tunnel-mask
255.255.255.0
- Optionally, set device location and/or other desired parameters.
After you complete the Meta Fields, it's a good time to add any other required configuration to the Model Device. It can be done either directly in the Device Manager or using Provisioning Templates, additional CLI Templates, or ad-hoc CLI Scripts. One typical example is underlay configuration. You may need to configure the missing VLAN interfaces, IP addresses, static routes, dynamic routing on the underlay and so on. This configuration is not specific to SD-WAN, and therefore it is out of scope for this document. |
Generating and issuing certificates for Hub devices
To generate and issue certificates for Hub devices:
- Navigate to Provisioning Templates > Certificate Templates.
- Right-click on Hub template, and select Generate.
- Select the Hub Model Device in the subsequent dialog, and click OK to issue a local certificate for the Hub device.
Installing the overlay configuration
Now it is necessary to install the overlay configuration on the Model Device. We must perform this step separately, because other templates will require the overlay interfaces to exist.
To install the overlay configuration:
- Go to Device Manager > Device & Groups.
- From the Column Settings menu, select CLI Template Status.
The CLI Template Status column is displayed.
- For the Hub device, right-click the CLI Template Status cell, and go to Assign CLI Template to select only the CLI template named 01-Hub-Overlay:
- Right-click the Hub device, and select Quick Install (Device DB) to install the 01-Hub-Overlay policy on the device:
Installing the remaining configuration to the model device
After successful configuration of the overlays, we are ready to install the rest of the configuration.
To install the remaining configuration to the model device:
- Go to the Device Manager > Device & Groups pane, and locate the Hub device.
- For the Hub device, right-click the CLI Template Status cell, and select the CLI Template Group named Hub-Template.
The CLI Template Group is assigned to the Hub device.
- Go to the SD-WAN > SD-WAN Templates.
- Select the Hub-Template, and click Assign to Device.
The Assign to Device dialog box is displayed.
- In the Available Entries list, select the Hub device, and click the right arrow (>) to move it to the Selected Entries list, and click OK.
The template is assigned to the Hub device.
- Right-click the Hub device, and select Quick Install (Device DB) to install the policies to the Hub device.
All of the assigned templates are installed. After successful installation, the Hub Model Device is ready:
Connecting the real device
Now it is time to connect the real device. You can use either Zero-Touch Provisioning, or you can manually initiate the registration from FortiGate CLI.
Once the real device is connected and online, the Hub will become a fully managed and a completely deployed device: