Preparing Provisioning Templates for projects
In this chapter, we are going to build our project foundation in FortiManager. In other words, we are going to prepare all the Provisioning Templates, Policy Packages, Device Groups, and other common elements necessary to deploy the Secure SD-WAN Solution. These elements must be configured once per project. They will be used by all the deployed sites.
Thanks to their generic nature, they will also be largely reused between different projects. This applies not only to the Jinja Templates (discussed in Preparing Jinja templates), but also to the other elements. For this reason, we recommend adopting one of the following methods to standardize the project foundation across different Customers:
-
Option 1: The creation of the project foundation can be fully automated with JSON API and using an automation framework of your choice. The elements will be created either on a newly deployed, dedicated FMG or in a newly created ADOM on a multi-tenant FMG, depending on the selected deployment blueprint. (See the MSSP deployment blueprints chapter of the SD-WAN / SD-Branch Architecture for MSSPs guide.)
-
Option 2: The project foundation can be created in a special ADOM used as a master ADOM for the Managed Service. For each new Customer project, this ADOM will be cloned, and the target ADOM will be then used for device onboarding.
Note that selecting this option does not change our recommendation to use automation for the creation of the "master ADOM", for its cloning, for device onboarding, or even for the Operations.
Our project foundation will consist of the following elements:
We will demonstrate how to create each element both interactively (using the FMG GUI) and using the API. (We will specify the respective API calls from the provided Postman collection in External resources.)