Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

NSX-T service templates

NSX-T Service templates allow you to manage multiple FortiGate VMs running on NSX-T by automatically applying VDOM, policy, and configuration settings to each VM that belongs on the same registered service.

There are two main use cases for this feature:

  1. You need to deploy an additional VM in NSX-T.
    When a new VM is authorized in FortiManager, it has no configuration or policy. Using the NSX-T template, FortiManager automatically creates the VDOMs, links them to a policy package, and configures the service profile/VDOM association, log settings, etc.
  2. You need to change the existing configuration, for example adding a VDOM.
    FortiManager applies the same change to all VMs from the same service where the template is applied.

NSX-T templates can be created, cloned, deleted, and assigned in Device Manager > Provisioning Templates > NSX-T Service Template.

To create a new NSX-T service template:
  1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
  2. Click Create New in the toolbar.
  3. In the Create New Template pane, type a name for the template.
  4. Click OK to create the new NSX-T service template.
To edit a NSX-T service template:
  1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
  2. Select an NSX-T service template and click Edit. The Edit NSX-T Service Template pane opens.
  3. Adjust the settings as required, then click OK to save your changes:
To create a new VDOM:
  1. When editing an NSX-T service template, click Create New under the VDOMs section.
    The Create New VDOM pane opens.
  2. Enter a name for the VDOM, and select a Policy Package from the dropdown which will be applied to the template.
  3. The Virtual Wire Pair will be automatically filled based on the VDOM name.
  4. Dynamic interface mapping is mandatory to create a VDOM. Select the interface name and click Edit to configure the dynamic interface mapping for internal and external interfaces.
    Note

    The dynamic interface dropdown will only show normalized interfaces that have a default mapping. The default mapping name must be the same as the name of the interface on the Edit Interface page.

    You can create new interfaces using the + icon in the dropdown.

To assign an NSX-T service template to a device:
  1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
  2. Select a template to assign to managed devices.
  3. Right-click anywhere in the template list window, and select Assign to Device from the menu, or click Assign to Device from the toolbar above.
  4. Select the managed devices to which you want to assign the selected template from the Available Entries field, and move those entries to the Selected Entries field.
    Note

    In order for a device to show up in the list it must meet the following conditions.

    1. The VDOM feature must be enabled on the FortiGate.
    2. The FortiGate platform type must match the one selected in the template.
    3. The NSX-T Service name should match with devices.
  5. Once the template has been assigned to the device, you can install the changes using the Install Wizard at the top of the page.

NSX-T service templates

NSX-T Service templates allow you to manage multiple FortiGate VMs running on NSX-T by automatically applying VDOM, policy, and configuration settings to each VM that belongs on the same registered service.

There are two main use cases for this feature:

  1. You need to deploy an additional VM in NSX-T.
    When a new VM is authorized in FortiManager, it has no configuration or policy. Using the NSX-T template, FortiManager automatically creates the VDOMs, links them to a policy package, and configures the service profile/VDOM association, log settings, etc.
  2. You need to change the existing configuration, for example adding a VDOM.
    FortiManager applies the same change to all VMs from the same service where the template is applied.

NSX-T templates can be created, cloned, deleted, and assigned in Device Manager > Provisioning Templates > NSX-T Service Template.

To create a new NSX-T service template:
  1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
  2. Click Create New in the toolbar.
  3. In the Create New Template pane, type a name for the template.
  4. Click OK to create the new NSX-T service template.
To edit a NSX-T service template:
  1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
  2. Select an NSX-T service template and click Edit. The Edit NSX-T Service Template pane opens.
  3. Adjust the settings as required, then click OK to save your changes:
To create a new VDOM:
  1. When editing an NSX-T service template, click Create New under the VDOMs section.
    The Create New VDOM pane opens.
  2. Enter a name for the VDOM, and select a Policy Package from the dropdown which will be applied to the template.
  3. The Virtual Wire Pair will be automatically filled based on the VDOM name.
  4. Dynamic interface mapping is mandatory to create a VDOM. Select the interface name and click Edit to configure the dynamic interface mapping for internal and external interfaces.
    Note

    The dynamic interface dropdown will only show normalized interfaces that have a default mapping. The default mapping name must be the same as the name of the interface on the Edit Interface page.

    You can create new interfaces using the + icon in the dropdown.

To assign an NSX-T service template to a device:
  1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
  2. Select a template to assign to managed devices.
  3. Right-click anywhere in the template list window, and select Assign to Device from the menu, or click Assign to Device from the toolbar above.
  4. Select the managed devices to which you want to assign the selected template from the Available Entries field, and move those entries to the Selected Entries field.
    Note

    In order for a device to show up in the list it must meet the following conditions.

    1. The VDOM feature must be enabled on the FortiGate.
    2. The FortiGate platform type must match the one selected in the template.
    3. The NSX-T Service name should match with devices.
  5. Once the template has been assigned to the device, you can install the changes using the Install Wizard at the top of the page.