Create a FortiCloud account if you do not have one. Using FortiZTP requires a FortiCloud account.

You must register or import devices to the Asset Management portal in the same FortiCloud account for them to be available for provisioning in FortiZTP.

You must ensure that you have the license for the cloud services that you are using as provisioning targets, such as FortiGate Cloud, FortiLAN Cloud, or FortiManager Cloud. Refer to the specific cloud service documentation in the Fortinet Document Library for detailed licensing information.

To provision a FortiGate-VM using the FortiZTP portal, it must have a valid license applied.

FortiZTP requires a FortiGate model that supports the zero-touch provisioning (autojoin) feature. FortiGate/FortiWiFi/POE desktop and 1U models up to 100F support the zero touch provisioning feature. For other models, FortiZTP supports one-touch provisioning. For these models, you must configure DHCP on the port of choice. The FortiZTP server can push FortiManager settings to devices that fulfill this requirement. Having trained personnel handle larger deployments is recommended. FortiZTP is available for devices running FortiOS 5.2.2 and later.

A FG-VM01 or FG-VM01V license is recommended, as the autojoin feature is enabled by default.

To enable autojoining FortiGate Cloud:

From FortiOS 5.2.3 and later, the auto-join-forticloud option is enabled by default. You must enable it for FortiZTP to function correctly. You can ensure that the option is enabled by running the following commands:

config system fortiguard

set auto-join-forticloud enable

end

After changing this setting, restart the device and ensure that the device is sending traffic to FortiGate Cloud to verify that you have configured it correctly.

For a non-U.S. government FortiGate-VM, you must unset the FortiGuard location:

config system fortiguard

unset update-server-location

end