Fortinet black logo

Mass Provisioning Using FortiManager

Home FortiManager 7.4.0 Mass Provisioning Using FortiManager
7.4.0
7.4.0

Connect branch FortiGates to FortiManager

Connect branch FortiGates to FortiManager

With the FortiManager fully prepared for the branch devices, it is time to direct the branch FortiGates to the FortiManager. This involves configuring the FortiGates to FortiManager’s IP address for registration.

You may do this manually on the branch FortiGate using the GUI or CLI, or you may leverage FortiDeploy, which is a product built into FortiGate Cloud. FortiDeploy allows you to push the FortiManager settings to your branch devices so they will automatically join your FortiManager.

Using FortiZTP

FortiZTP is used to direct FortiGates which are able to reach the FortiGuard network to a FortiManager for configuration and management. For more details on FortiZTP, including requirements, please see the FortiZTP Admin Guide. In this example, we will use FortiZTP to direct the Branch FortiGates to the on-premise FortiManager. The FortiGate VMs have already been registered in the FortiCloud Asset Management.

To connect the branch FortiGate(s) to FortiManager using FortiZTP:

  1. Log in to fortiztp.forticloud.com.

  2. Select one or more FortiGates to provision.

  3. Select Setting in the top right of the device pane.

  4. In the window which pops up, enable REMOTE: FortiManager, and disable FortiGate Cloud and FortiManager Cloud.

  5. Provide the FortiManager serial number and IP address or FQDN, then select Update.

  6. Select one or more branch FortiGates to provision by checking the respective box in the device pane.

  7. Select Provision from the top right of the device pane.

  8. The FortiManager settings entered in step 5 should be listed under TARGET LOCATION.

  9. Select PROVISION NOW to complete the provisioning.

If the FortiGate is able to communicate with FortiGuard, it will receive the configuration required to direct it to your FortiManager for registration, configuration, and management.

Using the GUI

To connect the branch FortiGate(s) to FortiManager using the GUI:

  1. Log into your branch FortiGate and navigate to Security Fabric > Fabric Connectors.

  2. Under Security Fabric Connectors, double click Central Management. The Central Management Settings menu opens.

  3. Adjust Status to Enabled and configure your FortiManager settings.

  4. Click OK to finalize the settings. A dialog appears indicating the request has been sent and received. Select OK.

  5. A new menu will open indicating the FortiGate is not authorized on FortiManager. Close this as the device will automatically be accepted due to matching the model device.

  6. Check on the FortiManager that Br1 is online.

  7. Check that the config has been pushed to the device.

Using the CLI

To connect the branch FortiGate(s) to FortiManager using the CLI:

From the FortiGate CLI, or built-in CLI from the FortiGate GUI.

config system central-management
set type fortimanager
set fmg <IP_address_of_FMG>
end

Installation

Once the FortiGate has been connected to FortiManager, FortiManager will install the configuration contained in the matching model device. You can see the progress in the top-right corner of the FortiManager GUI. Expanding this window will show you Autolinking Device, and Push config to device.

When this completes, the branches will show as synchronized for their policy package, config status, and provisioning template. The Pre-run CLI template (if used) will no longer be listed under provisioning templates – it only runs once on the first install.

Previous
Next

Connect branch FortiGates to FortiManager

With the FortiManager fully prepared for the branch devices, it is time to direct the branch FortiGates to the FortiManager. This involves configuring the FortiGates to FortiManager’s IP address for registration.

You may do this manually on the branch FortiGate using the GUI or CLI, or you may leverage FortiDeploy, which is a product built into FortiGate Cloud. FortiDeploy allows you to push the FortiManager settings to your branch devices so they will automatically join your FortiManager.

Using FortiZTP

FortiZTP is used to direct FortiGates which are able to reach the FortiGuard network to a FortiManager for configuration and management. For more details on FortiZTP, including requirements, please see the FortiZTP Admin Guide. In this example, we will use FortiZTP to direct the Branch FortiGates to the on-premise FortiManager. The FortiGate VMs have already been registered in the FortiCloud Asset Management.

To connect the branch FortiGate(s) to FortiManager using FortiZTP:

  1. Log in to fortiztp.forticloud.com.

  2. Select one or more FortiGates to provision.

  3. Select Setting in the top right of the device pane.

  4. In the window which pops up, enable REMOTE: FortiManager, and disable FortiGate Cloud and FortiManager Cloud.

  5. Provide the FortiManager serial number and IP address or FQDN, then select Update.

  6. Select one or more branch FortiGates to provision by checking the respective box in the device pane.

  7. Select Provision from the top right of the device pane.

  8. The FortiManager settings entered in step 5 should be listed under TARGET LOCATION.

  9. Select PROVISION NOW to complete the provisioning.

If the FortiGate is able to communicate with FortiGuard, it will receive the configuration required to direct it to your FortiManager for registration, configuration, and management.

Using the GUI

To connect the branch FortiGate(s) to FortiManager using the GUI:

  1. Log into your branch FortiGate and navigate to Security Fabric > Fabric Connectors.

  2. Under Security Fabric Connectors, double click Central Management. The Central Management Settings menu opens.

  3. Adjust Status to Enabled and configure your FortiManager settings.

  4. Click OK to finalize the settings. A dialog appears indicating the request has been sent and received. Select OK.

  5. A new menu will open indicating the FortiGate is not authorized on FortiManager. Close this as the device will automatically be accepted due to matching the model device.

  6. Check on the FortiManager that Br1 is online.

  7. Check that the config has been pushed to the device.

Using the CLI

To connect the branch FortiGate(s) to FortiManager using the CLI:

From the FortiGate CLI, or built-in CLI from the FortiGate GUI.

config system central-management
set type fortimanager
set fmg <IP_address_of_FMG>
end

Installation

Once the FortiGate has been connected to FortiManager, FortiManager will install the configuration contained in the matching model device. You can see the progress in the top-right corner of the FortiManager GUI. Expanding this window will show you Autolinking Device, and Push config to device.

When this completes, the branches will show as synchronized for their policy package, config status, and provisioning template. The Pre-run CLI template (if used) will no longer be listed under provisioning templates – it only runs once on the first install.

Previous
Next