Fortinet black logo

FortiLAN Cloud User Guide

Home FortiLAN Cloud 23.3.0 FortiLAN Cloud User Guide
23.3.0
24.1.0
23.4.0
23.3.0
23.2.0
23.1.0
22.4.0
22.3.0

Creating a zero-touch configuration

Creating a zero-touch configuration

You can create a zero-touch configuration using switch tags, FortiSwitch serial numbers, or a single FortiSwitch model. Zero-touch configurations are run on a scheduled date and time or when FortiSwitch units are deployed in FortiLAN Cloud. You can apply CLI commands or GUI configuration templates, update the firmware, or both.

  1. Navigate to Configuration > Zero Touch Configurations and select Add.

  2. Select Tags, Switches, or Model.
    • If you select Tags, select one or more switch tags to apply the zero-touch configuration to.
    • If you select Switches, select one or more FortiSwitch units.
      NOTE: Do not include the same switch or switches in both a zero-touch configuration and a scheduled upgrade.
    • If you select Model, select a FortiSwitch model to apply the zero-touch configuration to.
  3. You can exclude specific FortiSwitches from the scheduled upgrade. Click Exclude Switches and select the entries.
  4. Select when the configuration templates are applied to the devices. Click Run Template On.
    • If you select New device (First seen), the firmware is upgraded and the configuration applied when FortiSwitch units are deployed in FortiLAN Cloud.
    • If you select Scheduled, select the date and time for the firmware to be upgraded and the configuration applied .
  5. If you want to change the Firmware Version, select the firmware image to apply. The available firmware images and the latest version are listed.
  6. Select Force Downgrade to forcefully downgrade newly deployed FortiSwitches.
  7. Enable Proceed with ZTC on Failure to proceed with ZTC, bypassing intermediate failures (if any). If disabled, the ZTC process is halted in the event of an intermediate failure. For example, in case of a firmware failure, the CLI and GUI template configurations are not pushed to the FortiSwitch. This option is enabled by default; disable it if you want to halt the ZTC process in the event of any intermediate failures.

  8. Enable the Re-sync on re-connect option to ensure that the ZTC template configuration is applied to the FortiSwitch, each time it re-connects to FortiLAN Cloud. When this option is enabled and the configuration is pushed, there is a cool-down period of 30 minutes; during this period the configuration is not applied and the FortiSwitch is allowed to re-connect to FortiLAN Cloud.
    Note: Ensure that the ZTC template does not contain any configuration that could potentially cause the FortiSwitch to restart. This is to avoid the reboot-config-push loop.

Configurations

You can create CLI and GUI configuration templates.

CLI Configurations

Enter the CLI commands to apply to the selected FortiSwitch model or create a CLI template. A CLI template has parameter names (placeholders) instead of static parameter values. The parameter names are resolved dynamically to their switch specific parameter values when the CLI template is applied to a switch, as defined in the NVP data; the variables ($param) are declared in the NVP and called in the CLI template. See Defining Switch Name-Value Pairs. The parameter values are contained in braces. Enable CLI Templating to use configured templates. This example sets different values for hostname and password on multiple switches.


Refer to the FortiSwitchOS CLI Reference for available commands.

Note: You can enter 250 KB of CLI commands.

GUI Configurations

Create a GUI template, click Add and create the following template configurations.

  • VLAN - Create template configurations to add a VLAN, modify an existing VLAN or delete a VLAN. To configure a template, see VLAN Templates.
  • Ports - To configure the administrative status and PoE status of the FortiSwitch, see Ports.
  • Interfaces - To configure interface VLANs, see Configuring interface VLANs.
  • Port Security - To configure 802.1x/802.1x MAC based security, see Editing the port security.
  • Packet Capture - To configure a packet capture profile, see Creating a packet capture profile. You can add a packet capture profile, modify an existing profile or delete a profile.
  • Trunk - To configure a trunk, see Creating a trunk . You can add a trunk, modify an existing trunk or delete a trunk.
  • IGMP - To configure IGMP settings, see IGMP. You cannot modify Action.

  • System Interfaces - You can configure physical and VLAN interfaces on a FortiSwitch, see System Interfaces.

  • Router - Routing configuration is supported on FortiSwitches managed by FortiLAN Cloud. You canadd/modify the following configurations. Routing information and interfaces are monitored on the RoutingTable and Link Monitor pages. See Router.

  • LLDP - To configure LLDP Settings and Profile, see LLDP. You cannot modify Action when configuring the LLDP settings.
  • ACL - To configure ACL Settings, see ACL. You cannot modify Action.

  • Logging - To configure external Syslog server for switch logs, see Logging. You cannot modify Action.


Additionally, you can export (save) the GUI and CLI configurations, edit and then import them to the GUI to facilitate reuse. Click on Export and Import as required; JSON file format is supported for both operations.

Previous
Next

Creating a zero-touch configuration

You can create a zero-touch configuration using switch tags, FortiSwitch serial numbers, or a single FortiSwitch model. Zero-touch configurations are run on a scheduled date and time or when FortiSwitch units are deployed in FortiLAN Cloud. You can apply CLI commands or GUI configuration templates, update the firmware, or both.

  1. Navigate to Configuration > Zero Touch Configurations and select Add.

  2. Select Tags, Switches, or Model.
    • If you select Tags, select one or more switch tags to apply the zero-touch configuration to.
    • If you select Switches, select one or more FortiSwitch units.
      NOTE: Do not include the same switch or switches in both a zero-touch configuration and a scheduled upgrade.
    • If you select Model, select a FortiSwitch model to apply the zero-touch configuration to.
  3. You can exclude specific FortiSwitches from the scheduled upgrade. Click Exclude Switches and select the entries.
  4. Select when the configuration templates are applied to the devices. Click Run Template On.
    • If you select New device (First seen), the firmware is upgraded and the configuration applied when FortiSwitch units are deployed in FortiLAN Cloud.
    • If you select Scheduled, select the date and time for the firmware to be upgraded and the configuration applied .
  5. If you want to change the Firmware Version, select the firmware image to apply. The available firmware images and the latest version are listed.
  6. Select Force Downgrade to forcefully downgrade newly deployed FortiSwitches.
  7. Enable Proceed with ZTC on Failure to proceed with ZTC, bypassing intermediate failures (if any). If disabled, the ZTC process is halted in the event of an intermediate failure. For example, in case of a firmware failure, the CLI and GUI template configurations are not pushed to the FortiSwitch. This option is enabled by default; disable it if you want to halt the ZTC process in the event of any intermediate failures.

  8. Enable the Re-sync on re-connect option to ensure that the ZTC template configuration is applied to the FortiSwitch, each time it re-connects to FortiLAN Cloud. When this option is enabled and the configuration is pushed, there is a cool-down period of 30 minutes; during this period the configuration is not applied and the FortiSwitch is allowed to re-connect to FortiLAN Cloud.
    Note: Ensure that the ZTC template does not contain any configuration that could potentially cause the FortiSwitch to restart. This is to avoid the reboot-config-push loop.

Configurations

You can create CLI and GUI configuration templates.

CLI Configurations

Enter the CLI commands to apply to the selected FortiSwitch model or create a CLI template. A CLI template has parameter names (placeholders) instead of static parameter values. The parameter names are resolved dynamically to their switch specific parameter values when the CLI template is applied to a switch, as defined in the NVP data; the variables ($param) are declared in the NVP and called in the CLI template. See Defining Switch Name-Value Pairs. The parameter values are contained in braces. Enable CLI Templating to use configured templates. This example sets different values for hostname and password on multiple switches.


Refer to the FortiSwitchOS CLI Reference for available commands.

Note: You can enter 250 KB of CLI commands.

GUI Configurations

Create a GUI template, click Add and create the following template configurations.

  • VLAN - Create template configurations to add a VLAN, modify an existing VLAN or delete a VLAN. To configure a template, see VLAN Templates.
  • Ports - To configure the administrative status and PoE status of the FortiSwitch, see Ports.
  • Interfaces - To configure interface VLANs, see Configuring interface VLANs.
  • Port Security - To configure 802.1x/802.1x MAC based security, see Editing the port security.
  • Packet Capture - To configure a packet capture profile, see Creating a packet capture profile. You can add a packet capture profile, modify an existing profile or delete a profile.
  • Trunk - To configure a trunk, see Creating a trunk . You can add a trunk, modify an existing trunk or delete a trunk.
  • IGMP - To configure IGMP settings, see IGMP. You cannot modify Action.

  • System Interfaces - You can configure physical and VLAN interfaces on a FortiSwitch, see System Interfaces.

  • Router - Routing configuration is supported on FortiSwitches managed by FortiLAN Cloud. You canadd/modify the following configurations. Routing information and interfaces are monitored on the RoutingTable and Link Monitor pages. See Router.

  • LLDP - To configure LLDP Settings and Profile, see LLDP. You cannot modify Action when configuring the LLDP settings.
  • ACL - To configure ACL Settings, see ACL. You cannot modify Action.

  • Logging - To configure external Syslog server for switch logs, see Logging. You cannot modify Action.


Additionally, you can export (save) the GUI and CLI configurations, edit and then import them to the GUI to facilitate reuse. Click on Export and Import as required; JSON file format is supported for both operations.

Previous
Next