Fortinet black logo

Administration Guide

Configuring FortiVoice

A FortiVoice can be added to the Security Fabric on the root FortiGate. Once the FortiVoice is added and authorized, you can log in to the device from the Security Fabric topology pages or the topology tree. A FortiVoice can be authorized in FortiOS, or can be pre-authroized with its serial number or certificate. A FortiVoice can be added to the dashboard as a Fabric device widget.

Authorizing using the FortiOS GUI

To authorize a FortiVoice to join the Security Fabric:
  1. On the FortiVoice, enable the Security Fabric. See Enabling Security Fabric in the FortiVoice Phone System Administration Guide.

  2. On the root FortiGate, go to Security Fabric > Fabric Connectors. The FortiVoice is highlighted in the topology list in the right panel with the status Waiting for Authorization.

  3. Click the highlighted FortiVoice and select Authorize.

  4. Verify that the certificate is correct, then click Accept.

Pre-authorizing using the FortiVoice certificate

A FortiVoice can be pre-authorized using its serial number or certificate. When pre-authorizing, the FortiVoice can join at any time, and it will not need to be authorized in FortiOS. In the following example, the FortiVoice is pre-authorized using a certificate.

To pre-authorize a FortiVoice using a third-party or default certificate in the GUI:
  1. Log in to the FortiVoice.

  2. Download the certificate. For example, in Chrome:

    1. In the left side of the address bar, click the icon to view the site information.

    2. Click Certificate.

    3. In the Certificate window, click the Details tab, then click Copy to File.

    4. The Certificate Export Wizard opens. Click Next.

    5. Set the format to Base-64 encoded X.509 (.CER), then click Next.

    6. Browse to the folder location, enter a file name, then click Next.

    7. Click Finish, then click OK to close the wizard.

  3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

  4. Beside Device authorization, click Edit.

  5. Click Create New and enter the following:

    1. In the Name field, enter the FortiVoice serial number.

    2. Set the Authorization type to Certificate.

    3. Upload the .CER file.

    4. Click OK, then close the Device authorization pane.

To pre-authorize a FortiVoice using a third-party or default certificate in the CLI:
config system csf
    config trusted-list
        edit "FOV-300E"            
            set action accept
            set authorization-type certificate
            set certificate "-----BEGIN CERTIFICATE-----
...
<encrypted_certificate_data>
...
-----END CERTIFICATE-----"
        next
    end
end
To verify the connection status:
  1. After the FortiVoice is authorized, go to Security Fabric > Physical Topology and confirm that it is included in the topology.

  2. Go to Security Fabric > Logical Topology and confirm the FortiVoice is also displayed there.

Logging in to the FortiVoice using the Security Fabric

To log in using a topology page:
  1. Go to Security Fabric > Physical Topology or Security Fabric > Logical Topology.

  2. Click on the FortiVoice and select Login to <serial_number>.

To log in using the Fabric Connectors page:
  1. Go to Security Fabric > Fabric Connectors.

  2. In the topology tree, click the FortiVoice and select Login to <serial_number>.

A FortiVoice can be added to the Security Fabric on the root FortiGate. Once the FortiVoice is added and authorized, you can log in to the device from the Security Fabric topology pages or the topology tree. A FortiVoice can be authorized in FortiOS, or can be pre-authroized with its serial number or certificate. A FortiVoice can be added to the dashboard as a Fabric device widget.

Authorizing using the FortiOS GUI

To authorize a FortiVoice to join the Security Fabric:
  1. On the FortiVoice, enable the Security Fabric. See Enabling Security Fabric in the FortiVoice Phone System Administration Guide.

  2. On the root FortiGate, go to Security Fabric > Fabric Connectors. The FortiVoice is highlighted in the topology list in the right panel with the status Waiting for Authorization.

  3. Click the highlighted FortiVoice and select Authorize.

  4. Verify that the certificate is correct, then click Accept.

Pre-authorizing using the FortiVoice certificate

A FortiVoice can be pre-authorized using its serial number or certificate. When pre-authorizing, the FortiVoice can join at any time, and it will not need to be authorized in FortiOS. In the following example, the FortiVoice is pre-authorized using a certificate.

To pre-authorize a FortiVoice using a third-party or default certificate in the GUI:
  1. Log in to the FortiVoice.

  2. Download the certificate. For example, in Chrome:

    1. In the left side of the address bar, click the icon to view the site information.

    2. Click Certificate.

    3. In the Certificate window, click the Details tab, then click Copy to File.

    4. The Certificate Export Wizard opens. Click Next.

    5. Set the format to Base-64 encoded X.509 (.CER), then click Next.

    6. Browse to the folder location, enter a file name, then click Next.

    7. Click Finish, then click OK to close the wizard.

  3. In FortiOS, go to Security Fabric > Fabric Connectors and double-click the Security Fabric Setup card.

  4. Beside Device authorization, click Edit.

  5. Click Create New and enter the following:

    1. In the Name field, enter the FortiVoice serial number.

    2. Set the Authorization type to Certificate.

    3. Upload the .CER file.

    4. Click OK, then close the Device authorization pane.

To pre-authorize a FortiVoice using a third-party or default certificate in the CLI:
config system csf
    config trusted-list
        edit "FOV-300E"            
            set action accept
            set authorization-type certificate
            set certificate "-----BEGIN CERTIFICATE-----
...
<encrypted_certificate_data>
...
-----END CERTIFICATE-----"
        next
    end
end
To verify the connection status:
  1. After the FortiVoice is authorized, go to Security Fabric > Physical Topology and confirm that it is included in the topology.

  2. Go to Security Fabric > Logical Topology and confirm the FortiVoice is also displayed there.

Logging in to the FortiVoice using the Security Fabric

To log in using a topology page:
  1. Go to Security Fabric > Physical Topology or Security Fabric > Logical Topology.

  2. Click on the FortiVoice and select Login to <serial_number>.

To log in using the Fabric Connectors page:
  1. Go to Security Fabric > Fabric Connectors.

  2. In the topology tree, click the FortiVoice and select Login to <serial_number>.