Fortinet Document Library

Version:


Table of Contents

About FortiGate for OCI

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on OCI

Deploying FortiGate-VM using Terraform

Security Fabric Connector Integration with OCI

Resources

Upgrade Path Tool
6.0.0
Copy Link

Bootstrapping FortiGate at Initial Boot-Up

This section explains how to add bootstrapping of FortiGate CLI commands and a BYOL license at the time of initial boot-up as part of a Terraform deployment.

  1. Create a text file that contains FortiGate CLI commands. In this example, let's save the file as config.txt. In this example, we will use the following CLI commands:

    config system global

    set timezone 03

    end

    The config text file is in MIME format and looks like the following:

    Content-Type: multipart/mixed; boundary="==OCI=="

    MIME-Version: 1.0

    --==OCI==

    Content-Type: text/x-shellscript; charset="us-ascii"

    MIME-Version: 1.0

    config system global

    set timezone 03

    end

    --==OCI==

    Content-Type: text/plain; charset="us-ascii"

    MIME-Version: 1.0

    Content-Transfer-Encoding: 7bit

    Content-Disposition: attachment; filename="license"

    ${license_file}

    --==OCI==--

    You can find the example file on GitHub.

    This example CLI sets the timezone as GMT-9 Alaska. You can replace these lines with your own set of CLI commands.

  2. Download a FortiGate-VM license file from Customer Service & Support after registering your product code. Save the license file as a .txt file. FortiGate-VM license content resembles the following:

  3. Upload the config.txt and license.txt files under the directory on your local PC where you also run Terraform. Point to the correct paths in variables.tf, the Terraform variables file. On Windows, you do not need to specify the C: drive in paths.
  4. Uncomment the following lines in the compute.tf file:

    32 // Required for bootstrapping / cloud-init

    33 // Comment out the following if you use the feature.

    34 metadata {

    35 user_data = "${base64encode(data.template_file.userdata_lic.rendered)}"

    36 }

    and

    99 // Commnet out the following if you use bootstrapping / cloud-init

    100 data "template_file" "userdata_lic" {

    101 template = "${file(var.bootstrap)}"

    102 vars {

    103 license_file = "${file("${var.license}")}"

    104 }

    105 }

  5. Run Terraform as described in Using Terraform to Deploy a Single FortiGate-VM.
  6. After deployment, log into the FortiGate by accessing https://<IP_address> in your browser. The system displays the dashboard instead of a license upload window, since the license is already activated.

    To see how bootstrapping went, check if the command was successfully run. Open the CLI console and enter diag debug cloudinit show.

    If the cloud-init was run successfully, the CLI shows Finish running script with no errors.

  7. Check the timezone by running config system global and get commands.

    The timezone was changed to Alaska as expected, meaning that the bootstrapping CLI command was successful.

Resources

Bootstrapping FortiGate at Initial Boot-Up

This section explains how to add bootstrapping of FortiGate CLI commands and a BYOL license at the time of initial boot-up as part of a Terraform deployment.

  1. Create a text file that contains FortiGate CLI commands. In this example, let's save the file as config.txt. In this example, we will use the following CLI commands:

    config system global

    set timezone 03

    end

    The config text file is in MIME format and looks like the following:

    Content-Type: multipart/mixed; boundary="==OCI=="

    MIME-Version: 1.0

    --==OCI==

    Content-Type: text/x-shellscript; charset="us-ascii"

    MIME-Version: 1.0

    config system global

    set timezone 03

    end

    --==OCI==

    Content-Type: text/plain; charset="us-ascii"

    MIME-Version: 1.0

    Content-Transfer-Encoding: 7bit

    Content-Disposition: attachment; filename="license"

    ${license_file}

    --==OCI==--

    You can find the example file on GitHub.

    This example CLI sets the timezone as GMT-9 Alaska. You can replace these lines with your own set of CLI commands.

  2. Download a FortiGate-VM license file from Customer Service & Support after registering your product code. Save the license file as a .txt file. FortiGate-VM license content resembles the following:

  3. Upload the config.txt and license.txt files under the directory on your local PC where you also run Terraform. Point to the correct paths in variables.tf, the Terraform variables file. On Windows, you do not need to specify the C: drive in paths.
  4. Uncomment the following lines in the compute.tf file:

    32 // Required for bootstrapping / cloud-init

    33 // Comment out the following if you use the feature.

    34 metadata {

    35 user_data = "${base64encode(data.template_file.userdata_lic.rendered)}"

    36 }

    and

    99 // Commnet out the following if you use bootstrapping / cloud-init

    100 data "template_file" "userdata_lic" {

    101 template = "${file(var.bootstrap)}"

    102 vars {

    103 license_file = "${file("${var.license}")}"

    104 }

    105 }

  5. Run Terraform as described in Using Terraform to Deploy a Single FortiGate-VM.
  6. After deployment, log into the FortiGate by accessing https://<IP_address> in your browser. The system displays the dashboard instead of a license upload window, since the license is already activated.

    To see how bootstrapping went, check if the command was successfully run. Open the CLI console and enter diag debug cloudinit show.

    If the cloud-init was run successfully, the CLI shows Finish running script with no errors.

  7. Check the timezone by running config system global and get commands.

    The timezone was changed to Alaska as expected, meaning that the bootstrapping CLI command was successful.