Fortinet Document Library

Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Assign policy packages and system templates during device approval 6.4.3

When you are authorizing a FortiGate device for central management, you can assign a policy package and a system template as part of the authorization process, and you can override some system template settings.

Note

You can specify what settings in a system template can be overridden.

This example describes how to assign a policy package and system template when authorizing a FortiGate for central management. It also describes how to allow and execute overrides in a system template during device authorization.

To assign policy packages and system templates during device authorization:
  1. In FortiOS, ensure that central management is enabled, and FortiManager is selected.

    These settings allow FortiGate to appear in FortiManager as an unauthorized device.

  2. In FortiManager, ensure that you have created the policy packages and system templates that you want to assign to unauthorized devices.
  3. In system templates, ensure that you have specified what overrides are allowed.
    1. Go to Device Manager > Provisioning Templates.
    2. Under System Templates, select the system template to open it for editing.
    3. Select the Allow Override checkbox beside settings for which you want to allow overrides, and click Apply.
    4. For example, you can allow overrides of settings in the DNS widget and in the Interface widget.

  4. In FortiManager, go to Device Manager > Device & Groups > Unauthorized Devices.

    The list of unauthorized FortiGate devices is displayed.

  5. Select the unauthorized devices, and click Authorize.

    The Authorize Device dialog box is displayed.

  6. In the Assign Policy Package list, select a policy package.
  7. In the Assign Provisioning Template list, select a system template, and click the Override Profile Value button.

    The system template is displayed.

  8. Override the editable settings, and click OK.

    For example, change the interface settings. The settings are saved, and the Override Profile Value button turns red to indicate values have been overridden.

  9. Click OK.

    Device authorization begins, and you can view details for each step in the process.

    You can click View Details to display more details about each step.

    The device is authorized.

  10. Check that the provisioning template is assigned to the authorized device.
    1. Go to Provisioning Templates > System Templates, and select the template.

      The list of devices to which the template is assigned is displayed.

  11. Check that the installation target for the policy package lists the authorized device.
    1. Go to Policy & Object > Policy Packages, and expand the policy package you selected.
    2. Inside the policy package, select Installation Targets.

      The list of target devices for the policy package is displayed.

  12. Go to Device Manager > Device & Groups > Managed Devices.

    The authorized device is displayed. The Config Status is Modified, and a configuration installation is needed. Until the configuration is installed, the system interface displays the result of the interface template.

  13. Install the configuration to the authorized device.

    The config installation completes.

  14. In the lower tree menu, select the device, and go to System:Interface.

    The setting from the override is displayed.

Assign policy packages and system templates during device approval 6.4.3

When you are authorizing a FortiGate device for central management, you can assign a policy package and a system template as part of the authorization process, and you can override some system template settings.

Note

You can specify what settings in a system template can be overridden.

This example describes how to assign a policy package and system template when authorizing a FortiGate for central management. It also describes how to allow and execute overrides in a system template during device authorization.

To assign policy packages and system templates during device authorization:
  1. In FortiOS, ensure that central management is enabled, and FortiManager is selected.

    These settings allow FortiGate to appear in FortiManager as an unauthorized device.

  2. In FortiManager, ensure that you have created the policy packages and system templates that you want to assign to unauthorized devices.
  3. In system templates, ensure that you have specified what overrides are allowed.
    1. Go to Device Manager > Provisioning Templates.
    2. Under System Templates, select the system template to open it for editing.
    3. Select the Allow Override checkbox beside settings for which you want to allow overrides, and click Apply.
    4. For example, you can allow overrides of settings in the DNS widget and in the Interface widget.

  4. In FortiManager, go to Device Manager > Device & Groups > Unauthorized Devices.

    The list of unauthorized FortiGate devices is displayed.

  5. Select the unauthorized devices, and click Authorize.

    The Authorize Device dialog box is displayed.

  6. In the Assign Policy Package list, select a policy package.
  7. In the Assign Provisioning Template list, select a system template, and click the Override Profile Value button.

    The system template is displayed.

  8. Override the editable settings, and click OK.

    For example, change the interface settings. The settings are saved, and the Override Profile Value button turns red to indicate values have been overridden.

  9. Click OK.

    Device authorization begins, and you can view details for each step in the process.

    You can click View Details to display more details about each step.

    The device is authorized.

  10. Check that the provisioning template is assigned to the authorized device.
    1. Go to Provisioning Templates > System Templates, and select the template.

      The list of devices to which the template is assigned is displayed.

  11. Check that the installation target for the policy package lists the authorized device.
    1. Go to Policy & Object > Policy Packages, and expand the policy package you selected.
    2. Inside the policy package, select Installation Targets.

      The list of target devices for the policy package is displayed.

  12. Go to Device Manager > Device & Groups > Managed Devices.

    The authorized device is displayed. The Config Status is Modified, and a configuration installation is needed. Until the configuration is installed, the system interface displays the result of the interface template.

  13. Install the configuration to the authorized device.

    The config installation completes.

  14. In the lower tree menu, select the device, and go to System:Interface.

    The setting from the override is displayed.