Fortinet black logo

Administration Guide

Home FortiManager 7.4.2 Administration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0

Zero-touch and low-touch provisioning

Zero-touch and low-touch provisioning

FortiManager supports zero-touch provisioning (ZTP) and low-touch provisioning (LTP) of FortiGate devices using model devices.

A model device is configured for a FortiGate device before it is added to FortiManager. The FortiManager administrator can apply device configurations and policies to the model device. When the real FortiGate comes online and is connected to FortiManager, the auto-link process begins, and the device settings and policies are installed on the real device. Once auto-linking is complete, the real device is configured and connected to FortiManager for central management, replacing the model device.

How the FortiGate devices discover and connect to the FortiManager determines if it is zero-touch or low-touch provisioning.

  • Zero-touch provisioning: Preconfiguration of FortiGate is not required. FortiGate boots up, obtains connectivity to the WAN or Internet, and connects to the FortiManager for auto-linking and central management. Example methods for ZTP include:
    • FortiCloud/FortiDeploy: FortiGate boots up and obtains its internet connectivity from a DHCP server, automatically connects to FortiCloud, and obtains the location of the FortiManager from FortiCloud.
    • DHCP Option 240/241: FortiGate boots up and obtains its WAN connectivity from a DHCP server, and the same DHCP server provides the location of FortiManager using DHCP Option 240/241.
    • USB boot method: FortiGate obtains its initial configuration from a USB stick.
  • Low-touch provisioning: Some preconfiguration on FortiGate is required before it can discover the FortiManager. For example, configuring network settings on FortiGate and providing the location of FortiManager.
    Note

    For ZTP methods where DHCP is used to establish the FortiGate’s network connection, only FortiGate models that have ports labeled as 'WAN' have the interface IP addressing mode set to DHCP client and provide the ability to connect with WAN upon boot from factory-default configuration.

    Models that have no explicit labeling of a "WAN" port require manual intervention to enable DHCP Client mode on the port chosen for WAN connectivity.

See the following related topics for more information:

Previous
Next

Zero-touch and low-touch provisioning

FortiManager supports zero-touch provisioning (ZTP) and low-touch provisioning (LTP) of FortiGate devices using model devices.

A model device is configured for a FortiGate device before it is added to FortiManager. The FortiManager administrator can apply device configurations and policies to the model device. When the real FortiGate comes online and is connected to FortiManager, the auto-link process begins, and the device settings and policies are installed on the real device. Once auto-linking is complete, the real device is configured and connected to FortiManager for central management, replacing the model device.

How the FortiGate devices discover and connect to the FortiManager determines if it is zero-touch or low-touch provisioning.

  • Zero-touch provisioning: Preconfiguration of FortiGate is not required. FortiGate boots up, obtains connectivity to the WAN or Internet, and connects to the FortiManager for auto-linking and central management. Example methods for ZTP include:
    • FortiCloud/FortiDeploy: FortiGate boots up and obtains its internet connectivity from a DHCP server, automatically connects to FortiCloud, and obtains the location of the FortiManager from FortiCloud.
    • DHCP Option 240/241: FortiGate boots up and obtains its WAN connectivity from a DHCP server, and the same DHCP server provides the location of FortiManager using DHCP Option 240/241.
    • USB boot method: FortiGate obtains its initial configuration from a USB stick.
  • Low-touch provisioning: Some preconfiguration on FortiGate is required before it can discover the FortiManager. For example, configuring network settings on FortiGate and providing the location of FortiManager.
    Note

    For ZTP methods where DHCP is used to establish the FortiGate’s network connection, only FortiGate models that have ports labeled as 'WAN' have the interface IP addressing mode set to DHCP client and provide the ability to connect with WAN upon boot from factory-default configuration.

    Models that have no explicit labeling of a "WAN" port require manual intervention to enable DHCP Client mode on the port chosen for WAN connectivity.

See the following related topics for more information:

Previous
Next