Fortinet black logo

New Features

FortiFlex token and bootstrap configuration file fields in custom OVF template 7.0.2

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:614679
Download PDF

FortiFlex token and bootstrap configuration file fields in custom OVF template 7.0.2

New License Token and Configuration URL fields have been added to custom Open Virtualization Format (OVF) templates to allow inputting a FortiFlex token code and web URL where a bootstrap configuration file for the FortiGate are stored. This reduces the number of steps when provisioning and bootstrapping a FortiGate-VM.

Having FortiGate use a configuration file available on a web server dramatically reduces the deployment complexity:

  • You can use a centralized web server to host all bootstrapping configuration files. You do not need to upload ISO files to multiple clouds and datastores.
  • You do not need to attach a CD-ROM to the VM.
  • You only need to create the configuration file on the web server and enter the file URL as an OVF custom property.

In the following example, the license token is 182C8C8143C841028572 and the configuration URL is http://172.18.64.219/fgt-17491.txt.

To provision a FortiGate-VM using the FortiFlex token and bootstrap configuration file fields:
  1. Create a new FGT-VM64 from the vCenter GUI with the datadrive.vmdk, fortios.vmdk and FortiGate-VM64.vapp.ovf files extracted from FGT_VM64-v7-build0203-FORTINET.out.ovf.zip. On the Customize template page, configure the License Token and Configuration URL fields with the FortiFlex token and the URL where the bootstrap configuration file is stored.

  2. Configure the FortiGate as desired. This example configures the hostname and admin timeout:

    root@CtrlPC-1:~# curl http://172.18.64.219/fgt-17491.txt

    config sys global

    set hostname fgt-17491

    set admintimeout 480

    end

    After the FortiGate-VM boots up, it activates the VM license and automatically loads the configuration.

  3. Verify the license and configuration data was populated to the FortiGate. Verify that the configuration you modified in step 2 was populated to the FortiGate:

    fgt-17491 # get sys stat Version: FortiGate-VM64 v7.0.2,build0203,210906 (interim) Serial-Number: FGVMMLTM20000045 License Status: Valid License Expiration Date: 2022-10-31 fgt-17491 # diagnose debug cloudinit show >> Checking metadata source ovf >> Cloudinit downloading config: >> Cloudinit download config successfully >> Found metadata source: ovf >> Trying to install vmlicense ... >> License-token:182C8C8143C841028572 >> Run config script >> Finish running script >> FortiGate-VM $ config sys global >> FortiGate-VM (global) $ set hostname fgt-17491 >> FortiGate-VM (global) $ set admintimeout 480 >> FortiGate-VM (global) $ end >> fgt-17491 $ fgt-17491 # diagnose vmware ovfenv <?xml version="1.0" encoding="UTF-8"?> <Environment ... <PropertySection> <Property oe:key="config-url" oe:value="http://172.18.64.219/fgt-17491.txt"/> <Property oe:key="license-token" oe:value="182C8C8143C841028572"/> ...

FortiFlex token and bootstrap configuration file fields in custom OVF template 7.0.2

New License Token and Configuration URL fields have been added to custom Open Virtualization Format (OVF) templates to allow inputting a FortiFlex token code and web URL where a bootstrap configuration file for the FortiGate are stored. This reduces the number of steps when provisioning and bootstrapping a FortiGate-VM.

Having FortiGate use a configuration file available on a web server dramatically reduces the deployment complexity:

  • You can use a centralized web server to host all bootstrapping configuration files. You do not need to upload ISO files to multiple clouds and datastores.
  • You do not need to attach a CD-ROM to the VM.
  • You only need to create the configuration file on the web server and enter the file URL as an OVF custom property.

In the following example, the license token is 182C8C8143C841028572 and the configuration URL is http://172.18.64.219/fgt-17491.txt.

To provision a FortiGate-VM using the FortiFlex token and bootstrap configuration file fields:
  1. Create a new FGT-VM64 from the vCenter GUI with the datadrive.vmdk, fortios.vmdk and FortiGate-VM64.vapp.ovf files extracted from FGT_VM64-v7-build0203-FORTINET.out.ovf.zip. On the Customize template page, configure the License Token and Configuration URL fields with the FortiFlex token and the URL where the bootstrap configuration file is stored.

  2. Configure the FortiGate as desired. This example configures the hostname and admin timeout:

    root@CtrlPC-1:~# curl http://172.18.64.219/fgt-17491.txt

    config sys global

    set hostname fgt-17491

    set admintimeout 480

    end

    After the FortiGate-VM boots up, it activates the VM license and automatically loads the configuration.

  3. Verify the license and configuration data was populated to the FortiGate. Verify that the configuration you modified in step 2 was populated to the FortiGate:

    fgt-17491 # get sys stat Version: FortiGate-VM64 v7.0.2,build0203,210906 (interim) Serial-Number: FGVMMLTM20000045 License Status: Valid License Expiration Date: 2022-10-31 fgt-17491 # diagnose debug cloudinit show >> Checking metadata source ovf >> Cloudinit downloading config: >> Cloudinit download config successfully >> Found metadata source: ovf >> Trying to install vmlicense ... >> License-token:182C8C8143C841028572 >> Run config script >> Finish running script >> FortiGate-VM $ config sys global >> FortiGate-VM (global) $ set hostname fgt-17491 >> FortiGate-VM (global) $ set admintimeout 480 >> FortiGate-VM (global) $ end >> fgt-17491 $ fgt-17491 # diagnose vmware ovfenv <?xml version="1.0" encoding="UTF-8"?> <Environment ... <PropertySection> <Property oe:key="config-url" oe:value="http://172.18.64.219/fgt-17491.txt"/> <Property oe:key="license-token" oe:value="182C8C8143C841028572"/> ...