Zero(ish) Touch Provisioning – Linking the Configuration via FortiGate WebGUI
In a previous article I covered configuring the FortiManager to create a model device that can be used to automatically assign a configuration to a FortiGate upon registration. In this article, I will build upon that and explain one of the methods to show how the FortiGate can automatically acquire its configuration from the FortiManager by registration through the WebGUI.
This method is useful when you are sending a FortiGate (you know the serial number of) to a remote site and have non-technical staff to access the firewall. In this case, you can pre-build the configuration for the FortiGate on the FortiManager and tell the staff how to register the FortiGate via its WebGUI.
This method requires creating model device using the serial number as shown in the following screenshot:
This article assumes you have completed the tasks in the previous article. If you have not, please do so to make sure the FortiManager has staged a configuration for deploying to the FortiGate.
Before registering the FortiGate to the FortiManager, confirm the following:
- Ensure the FortiGate firmware version is at the correct version for the FortiManager ADOM
- Ensure the FortiGate is in a factory default state
To show the factory default state, here is a view of the interfaces before connecting the FortiGate to the FortiManager:
Configuring the FortiGate
Once the device has been created in FortiManager, you can register the FortiGate to the FortiManager. To do this, follow the procedure as listed below:
1.Log into the FortiGate GUI as an admin user
2. Click “Security Fabric | Settings”
3. Enable “Central Management” | Select Type:”FortiManager” | Select Mode:”Normal” | IP/DomainName: “<IP address of FortiManager” | Click “Apply”
4. Upon click “Apply” the FortiGate should provide confirmation of the FortiManager serial number it is registering to:
Validating on FortiManager
1.While logged into the FortiManager, you can see a new task pop up to show the auto-registration of the FortiGate
2. Observe the progress bar as the FortiManager pushes the configuration to the FortiGate
3. Once the task is finished, the FortiGate shows as “Synchronized”
4. You can log into the FortiGate and validate the settings have been pushed
As you can see, this capability adds methods to improve your workflow so that you do not need to wait to provision your FortiGate at the time of deployment, but instead, you can do it ahead of time.