Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.0.2 Administration Guide
    7.0.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    NSX-T service templates

    NSX-T service templates

    NSX-T Service templates allow you to manage multiple FortiGate VMs running on NSX-T by automatically applying VDOM, policy, and configuration settings to each VM that belongs on the same registered service.

    There are two main use cases for this feature:

    1. You need to deploy an additional VM in NSX-T.
      When a new VM is authorized in FortiManager, it has no configuration or policy. Using the NSX-T template, FortiManager automatically creates the VDOMs, links them to a policy package, and configures the service profile/VDOM association, log settings, etc.
    2. You need to change the existing configuration, for example adding a VDOM.
      FortiManager applies the same change to all VMs from the same service where the template is applied.

    NSX-T templates can be created, cloned, deleted, and assigned in Device Manager > Provisioning Templates > NSX-T Service Template.

    To create a new NSX-T service template:
    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
    2. Click Create New in the toolbar.
    3. In the Create New Template pane, type a name for the template.
    4. Click OK to create the new NSX-T service template.
    To edit a NSX-T service template:
    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
    2. Select an NSX-T service template and click Edit. The Edit NSX-T Service Template pane opens.
    3. Adjust the settings as required, then click OK to save your changes:
    To create a new VDOM:
    1. When editing an NSX-T service template, click Create New under the VDOMs section.
      The Create New VDOM pane opens.
    2. Enter a name for the VDOM, and select a Policy Package from the dropdown which will be applied to the template.
    3. The Virtual Wire Pair will be automatically filled based on the VDOM name.
    4. Dynamic interface mapping is mandatory to create a VDOM. Select the interface name and click Edit to configure the dynamic interface mapping for internal and external interfaces.
      Note

      The dynamic interface dropdown will only show normalized interfaces that have a default mapping. The default mapping name must be the same as the name of the interface on the Edit Interface page.

      You can create new interfaces using the + icon in the dropdown.

    To assign an NSX-T service template to a device:
    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
    2. Select a template to assign to managed devices.
    3. Right-click anywhere in the template list window, and select Assign to Device from the menu, or click Assign to Device from the toolbar above.
    4. Select the managed devices to which you want to assign the selected template from the Available Entries field, and move those entries to the Selected Entries field.
      Note

      In order for a device to show up in the list it must meet the following conditions.

      1. The VDOM feature must be enabled on the FortiGate.
      2. The FortiGate platform type must match the one selected in the template.
      3. The NSX-T Service name should match with devices.
    5. Once the template has been assigned to the device, you can install the changes using the Install Wizard at the top of the page.
    Previous
    Next

    NSX-T service templates

    NSX-T service templates

    NSX-T Service templates allow you to manage multiple FortiGate VMs running on NSX-T by automatically applying VDOM, policy, and configuration settings to each VM that belongs on the same registered service.

    There are two main use cases for this feature:

    1. You need to deploy an additional VM in NSX-T.
      When a new VM is authorized in FortiManager, it has no configuration or policy. Using the NSX-T template, FortiManager automatically creates the VDOMs, links them to a policy package, and configures the service profile/VDOM association, log settings, etc.
    2. You need to change the existing configuration, for example adding a VDOM.
      FortiManager applies the same change to all VMs from the same service where the template is applied.

    NSX-T templates can be created, cloned, deleted, and assigned in Device Manager > Provisioning Templates > NSX-T Service Template.

    To create a new NSX-T service template:
    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
    2. Click Create New in the toolbar.
    3. In the Create New Template pane, type a name for the template.
    4. Click OK to create the new NSX-T service template.
    To edit a NSX-T service template:
    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
    2. Select an NSX-T service template and click Edit. The Edit NSX-T Service Template pane opens.
    3. Adjust the settings as required, then click OK to save your changes:
    To create a new VDOM:
    1. When editing an NSX-T service template, click Create New under the VDOMs section.
      The Create New VDOM pane opens.
    2. Enter a name for the VDOM, and select a Policy Package from the dropdown which will be applied to the template.
    3. The Virtual Wire Pair will be automatically filled based on the VDOM name.
    4. Dynamic interface mapping is mandatory to create a VDOM. Select the interface name and click Edit to configure the dynamic interface mapping for internal and external interfaces.
      Note

      The dynamic interface dropdown will only show normalized interfaces that have a default mapping. The default mapping name must be the same as the name of the interface on the Edit Interface page.

      You can create new interfaces using the + icon in the dropdown.

    To assign an NSX-T service template to a device:
    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
    2. Select a template to assign to managed devices.
    3. Right-click anywhere in the template list window, and select Assign to Device from the menu, or click Assign to Device from the toolbar above.
    4. Select the managed devices to which you want to assign the selected template from the Available Entries field, and move those entries to the Selected Entries field.
      Note

      In order for a device to show up in the list it must meet the following conditions.

      1. The VDOM feature must be enabled on the FortiGate.
      2. The FortiGate platform type must match the one selected in the template.
      3. The NSX-T Service name should match with devices.
    5. Once the template has been assigned to the device, you can install the changes using the Install Wizard at the top of the page.
    Previous
    Next