Fortinet white logo
Fortinet white logo

Administration Guide

Using device blueprints for model devices

Using device blueprints for model devices

Device blueprints can be used when adding model devices to simplify configuration of certain device settings, including device groups, configuring pre-run templates, policy packages, provisioning templates, and more.

Once a device blueprint has been created, it can be selected when adding a model device or when importing multiple model devices from a CSV file. See Adding offline model devices.

Devices that are assigned the blueprint are automatically configured with the settings specified by the blueprint when they are added to FortiManager.

As an exmaple, device blueprints can be used to simplify the onboarding of branch devices in an SD-WAN configuration when using SD-WAN Overlay Templates by configuring the default device group to which the devices are added. See SD-WAN overlay templates.

To create a new device blueprint:
  1. Go to Device Manager > Device & Groups.

  2. From the Add Device dropdown, select Device Blueprint.

    Previously configured blueprints are displayed in the table below and can be edited or deleted.

  3. Click Create New to add a new blueprint.
  4. Configure the following information for the blueprint:
    NameEnter a name for the device blueprint.
    Device ModelSelect the model type that the device blueprint will be applied to.

    Automatically Link to Real Device

    Enable to allow the model device to automatically link to the real device. See Adding offline model devices.

    Enforce Firmware VersionEnable to choose an enforced firmware version.

    Enforce Device Configuration

    Enable to enforce the device configuration.

    The Enforce Device Configuration option allows auto-link to push changes on FortiGate management interface during ZTP/LTP. When enabled, this option will provision the configuration to the real device, as is. Misconfiguration of the FortiGate management interface may cause the device to not be able to connect to the FortiManager.

    Add to Device GroupEnable to add one or more device groups. All devices assigned this device blueprint are added to the selected device group(s).

    Add to Folder

    Enable to add the devices to the specified folder in the Device Manager.

    Fabric Authorization Template

    Enable to add a Fabric Authorization Template to the device blueprint, and then select or create a template from the dropdown menu. See Fabric authorization templates.

    Pre-Run CLI Template

    Enable to add a Pre-run CLI Template to the device blueprint, and then select or create a template from the dropdown menu. See Adding CLI templates.

    Assign Policy Package

    Enable to add a Policy Package to the device blueprint, and then select the Policy Package from the dropdown menu. Devices added with this device blueprint will be automatically assigned the selected Policy Package. See Managing policies.

    Provisioning Template

    Select provisioning templates. You can assign system, IPsec, SD-WAN, static route, BGP, CLI, and IPS templates, or select a template group. See Provisioning Templates.

    HA

    Enable to define an HA cluster.

    Monitor Interfaces

    Select the device interfaces to monitor.

    Heartbeat Interfaces

    Select the heartbeat interfaces and set their priority.

    Password

    Enter the cluster password.

  5. Click OK to save the blueprint.
    The blueprint can now be selected when adding a model device or importing devices from a CSV file. See Add devices.
To edit or delete a device blueprint:
  1. Go to Device Manager > Device & Groups.

  2. From the Add Device dropdown, select Device Blueprint.

  3. Select an existing device blueprint from the table. The following actions are available:
    1. Edit: You can edit an existing device blueprint. Changes made to existing blueprints only affect new devices added to FortiManager after the changes have been made; devices previously configured with the blueprint are not affected.
    2. Delete: Delete an existing device blueprint.
To generate a CSV file for a device blueprint:
  1. Go to Device Manager > Device & Groups.

  2. From the Add Device dropdown, select Device Blueprint.

  3. Select a blueprint and click Generate CSV.

Using device blueprints for model devices

Using device blueprints for model devices

Device blueprints can be used when adding model devices to simplify configuration of certain device settings, including device groups, configuring pre-run templates, policy packages, provisioning templates, and more.

Once a device blueprint has been created, it can be selected when adding a model device or when importing multiple model devices from a CSV file. See Adding offline model devices.

Devices that are assigned the blueprint are automatically configured with the settings specified by the blueprint when they are added to FortiManager.

As an exmaple, device blueprints can be used to simplify the onboarding of branch devices in an SD-WAN configuration when using SD-WAN Overlay Templates by configuring the default device group to which the devices are added. See SD-WAN overlay templates.

To create a new device blueprint:
  1. Go to Device Manager > Device & Groups.

  2. From the Add Device dropdown, select Device Blueprint.

    Previously configured blueprints are displayed in the table below and can be edited or deleted.

  3. Click Create New to add a new blueprint.
  4. Configure the following information for the blueprint:
    NameEnter a name for the device blueprint.
    Device ModelSelect the model type that the device blueprint will be applied to.

    Automatically Link to Real Device

    Enable to allow the model device to automatically link to the real device. See Adding offline model devices.

    Enforce Firmware VersionEnable to choose an enforced firmware version.

    Enforce Device Configuration

    Enable to enforce the device configuration.

    The Enforce Device Configuration option allows auto-link to push changes on FortiGate management interface during ZTP/LTP. When enabled, this option will provision the configuration to the real device, as is. Misconfiguration of the FortiGate management interface may cause the device to not be able to connect to the FortiManager.

    Add to Device GroupEnable to add one or more device groups. All devices assigned this device blueprint are added to the selected device group(s).

    Add to Folder

    Enable to add the devices to the specified folder in the Device Manager.

    Fabric Authorization Template

    Enable to add a Fabric Authorization Template to the device blueprint, and then select or create a template from the dropdown menu. See Fabric authorization templates.

    Pre-Run CLI Template

    Enable to add a Pre-run CLI Template to the device blueprint, and then select or create a template from the dropdown menu. See Adding CLI templates.

    Assign Policy Package

    Enable to add a Policy Package to the device blueprint, and then select the Policy Package from the dropdown menu. Devices added with this device blueprint will be automatically assigned the selected Policy Package. See Managing policies.

    Provisioning Template

    Select provisioning templates. You can assign system, IPsec, SD-WAN, static route, BGP, CLI, and IPS templates, or select a template group. See Provisioning Templates.

    HA

    Enable to define an HA cluster.

    Monitor Interfaces

    Select the device interfaces to monitor.

    Heartbeat Interfaces

    Select the heartbeat interfaces and set their priority.

    Password

    Enter the cluster password.

  5. Click OK to save the blueprint.
    The blueprint can now be selected when adding a model device or importing devices from a CSV file. See Add devices.
To edit or delete a device blueprint:
  1. Go to Device Manager > Device & Groups.

  2. From the Add Device dropdown, select Device Blueprint.

  3. Select an existing device blueprint from the table. The following actions are available:
    1. Edit: You can edit an existing device blueprint. Changes made to existing blueprints only affect new devices added to FortiManager after the changes have been made; devices previously configured with the blueprint are not affected.
    2. Delete: Delete an existing device blueprint.
To generate a CSV file for a device blueprint:
  1. Go to Device Manager > Device & Groups.

  2. From the Add Device dropdown, select Device Blueprint.

  3. Select a blueprint and click Generate CSV.