Fortinet black logo

New Features

Home FortiManager 6.2.0 New Features
6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.7
6.2.3
6.2.2
6.2.1
6.2.0

Zero Touch Provisioning - CLI Template with Variables

Zero Touch Provisioning - CLI Template with Variables

In FortiManager 6.2, it is now possible to define a CLI template using variables, and to assign those variable definition per-device. For Zero-Touch Provisioning (ZTP), this allows to define a model device, and to assign a template with variables, so that on the first connection, the unique configuration for that site can be deployed without manual intervention.

To configure a CLI Template with variables:
  1. Go to System Settings > Advanced > Meta Fields. Define the variables which are used in the CLI templates.

  2. Go to Device Manager, edit the device and enter the value for the variables.

  3. Go to Script Manager. There are two new script types: CLI Template and CLI Template Group. Create a new CLI Script Template. Here is an example of CLI Template Script.
    config system interface
   edit "vlan32"
       set ip $(vlan32) $(mask)
       set interface "port2"
       set vlanid 32
   next
end
  4. The variables in the CLI Template can be modified. FortiManager only supports modified variable for IPv4 address format. Here is the example that a CLI Template could contain modified variables. 
    config router static
   edit 1
       set gateway $(vlan32:2,-1:3,+1:4,254)
       set device "vlan32"
   next
end

    In this example, the CLI Template mechanism will subtract -1 to the 2nd byte of the IP address defined in the variable subnet_lan and add 1 to the 3rd byte, and finally will set the 4th byte to 254.

  5. Create a CLI template group. You can drag and drop to re-order members.
  6. Assign the CLI template and template group to device (global) or VDOM.
  7. On the Device Manager page, a new column CLI Template Status was added on Managed FortiGate list page, and it works together with Config Status and Policy Package Status to indicate device status. Either Config Status or CLI Template Status is dirty, it is able to install device configuration changes to FortiGate.

  8. A CLI Template is implicitly applied when the administrator is triggering a push operation (Install Device Settings or Policy Package Install). There is no need for an explicit Apply CLI Template operation. When installing device settings or a policy package, FortiManager should always consider applying the CLI Template after all the copy operations.

Previous
Next

Zero Touch Provisioning - CLI Template with Variables

In FortiManager 6.2, it is now possible to define a CLI template using variables, and to assign those variable definition per-device. For Zero-Touch Provisioning (ZTP), this allows to define a model device, and to assign a template with variables, so that on the first connection, the unique configuration for that site can be deployed without manual intervention.

To configure a CLI Template with variables:
  1. Go to System Settings > Advanced > Meta Fields. Define the variables which are used in the CLI templates.

  2. Go to Device Manager, edit the device and enter the value for the variables.

  3. Go to Script Manager. There are two new script types: CLI Template and CLI Template Group. Create a new CLI Script Template. Here is an example of CLI Template Script.
    config system interface
   edit "vlan32"
       set ip $(vlan32) $(mask)
       set interface "port2"
       set vlanid 32
   next
end
  4. The variables in the CLI Template can be modified. FortiManager only supports modified variable for IPv4 address format. Here is the example that a CLI Template could contain modified variables. 
    config router static
   edit 1
       set gateway $(vlan32:2,-1:3,+1:4,254)
       set device "vlan32"
   next
end

    In this example, the CLI Template mechanism will subtract -1 to the 2nd byte of the IP address defined in the variable subnet_lan and add 1 to the 3rd byte, and finally will set the 4th byte to 254.

  5. Create a CLI template group. You can drag and drop to re-order members.
  6. Assign the CLI template and template group to device (global) or VDOM.
  7. On the Device Manager page, a new column CLI Template Status was added on Managed FortiGate list page, and it works together with Config Status and Policy Package Status to indicate device status. Either Config Status or CLI Template Status is dirty, it is able to install device configuration changes to FortiGate.

  8. A CLI Template is implicitly applied when the administrator is triggering a push operation (Install Device Settings or Policy Package Install). There is no need for an explicit Apply CLI Template operation. When installing device settings or a policy package, FortiManager should always consider applying the CLI Template after all the copy operations.

Previous
Next