Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chlo
New Contributor

Created on ‎01-29-2018 01:22 AM

Automating your FW configuration with agents

Hey y'all,

 

I'm new here so bear with me

I'm looking for a solution to automate setting up a FortiGate machine - i.e. spin it up and have it automatically set rules, VIPs, etc. without ever necessarily having to log onto it. The obvious solution is Ansible/Chef/Puppet and the like but I've no experience using these tools on FortiOS, only Linux distros. Has anybody tried this? Or even better does anybody have a different solution to my conundrum?

 

Thanks in advance!

- Chloé

 

 

4875
0 Kudos
1 Solution
neonbit
Valued Contributor

Created on ‎01-29-2018 04:10 AM

You can do this with a FortiManager (physical or virtual appliance). You can set everything up on the FortiManager and when the FortiGate connects to it it will pull down the new config.

 

There are two ways to get the FortiGate to connect to the FortiManager. Either you configure the IP address on the FortiGate (so you will have to boot it up and configure the setting), or alternatively if you have lots of devices to deploy and want true zero touch you can purchase a deploy license when you buy the FortiGates. This allows you to configure the FortiManager IP address in the FortiCloud service. When the FortiGates first boot up they will ask the cloud service what it's FortiManager IP address is, once it gets it it will then autoconnect and pull it's config.

 

I've seen this done with a 200 FortiGate global deployment and it works really well.

View solution in original post

1596
0 Kudos
2 REPLIES 2
neonbit
Valued Contributor

Created on ‎01-29-2018 04:10 AM

You can do this with a FortiManager (physical or virtual appliance). You can set everything up on the FortiManager and when the FortiGate connects to it it will pull down the new config.

 

There are two ways to get the FortiGate to connect to the FortiManager. Either you configure the IP address on the FortiGate (so you will have to boot it up and configure the setting), or alternatively if you have lots of devices to deploy and want true zero touch you can purchase a deploy license when you buy the FortiGates. This allows you to configure the FortiManager IP address in the FortiCloud service. When the FortiGates first boot up they will ask the cloud service what it's FortiManager IP address is, once it gets it it will then autoconnect and pull it's config.

 

I've seen this done with a 200 FortiGate global deployment and it works really well.

1597
0 Kudos
chlo
New Contributor
In response to neonbit

Created on ‎01-29-2018 04:20 AM

Awesome, thank you!

I did read a little into that before posting but thought I'd ask anyways. I'll definitely look into it though.

 

While I've got you here, have you any experience of uploading a CLI script to execute via the CLI interface?

I know you can upload it in the GUI, but is there a command that does it? I've been going around in circles all morning look on google...

 

All the best!

Chloé

1569
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.