Fabric authorization templates
Fabric authorization templates can be used to allow FortiManager to automatically authorize FortiAP, FortiSwitch, and FortiExtender devices.
Fabric authorization templates can be created by going to Device Manager > Provisioning Templates > Fabric Authorization Template.
The following options are available:
Create New |
Create a new template. |
Edit |
Edit a template. Right-click a template, and select Edit. |
Delete |
Delete a template. Right-click a template, and select Delete. |
Generate |
Generate the Fabric devices using the template. |
Fabric authorization template workflow
Fabric authorization template workflow for online devices
- Create the Fabric authorization template.
- Generate the template and select the required target FortiGate device(s). See Generating Fabric authorization templates.
- FortiManager will create or update the list of Fabric devices (FortiAP, FortiSwitch, and FortiExtender) on the device database according to the template configuration.
- The device's Config Status will be set to Modified. The newly created entries can be modified/deleted at this stage as required.
- Perform an install on the target FortiGate devices so the Fabric devices are pushed to the targets.
- When the real Fabric devices come online matching the specified prefix, it will replace the device in the Device Manager. The list is followed from top to bottom until all devices have been replaced by real devices, at which point additional devices will not be automatically authorized.
- Fabric devices configured by FortiManager are displayed in the Device Manager. You can go to FortiAP Manager , FortiSwitch Manager, and FortiExtender Manager to view and assign profiles to the devices.
Fabric authorization template workflow for model devices
- Create the Fabric authorization template.
- Add the template to a device blueprint. See Using device blueprints for model devices.
- Add model devices individually or by importing them from a CSV file, and select the device blueprint which includes the Fabric authorization template.
- After the device is added to FortiManager, the FortiAP, FortiExtender and FortiSwitch devices will be automatically configured for the FortiGate(s) as defined in the Fabric authorization template.
- When the real Fabric devices come online matching the specified prefix, it will replace the device in the Device Manager. The list is followed from top to bottom until all devices have been replaced by real devices, at which point additional devices will not be automatically authorized.
Creating and applying the Fabric authorization template
To create a new Fabric authorization template:
- Go to Device Manager > Provisioning Templates > Fabric Authorization Template.
- Click Create New. The Create New Fabric Authorization Template pane opens.
- Enter the following information, then click OK to create the certificate template:
Name
Enter a name for the Fabric authorization template.
Description
Optionally, provide a description for the template.
FortiAP
Enable Wireless Controller
Toggle to enable wireless controllers. Additional settings are available once this option is selected.
Platform 1
By default, only one wireless controller platform is listed. You can click the add button at the bottom of the page to add another platform to the template. Click the trash icon to delete the platform.
Prefix
Select the serial number prefix for the selected devices from the dropdown menu.
Number of Devices
Select the number of devices to pre-authorize.
FortiSwitch
Enable Switch Controller
Toggle to enable switch controllers. Additional settings are available once this option is selected.
Platform
By default, only one switch platform is listed. You can click the add button at the bottom of the page to add another platform to the template. Click the trash icon to delete the platform.
Prefix
Select the serial number prefix for the selected devices from the dropdown menu.
Number of Devices
Select the number of devices to pre-authorize.
FortiLink Interface
Type the interface for FortiLink.
FortiExtender
Enable Extender Controller
Toggle to enable extender controllers. Additional settings are available once this option is selected.
Platform 1
By default, only one extender platform is listed. You can click the add button at the bottom of the page to add another platform to the template. Click the trash icon to delete the platform.
Prefix
Select the serial number prefix for the selected devices from the dropdown menu.
Number of Devices
Select the number of devices to pre-authorize.
Extension Type
Select the extension type as either WAN Extension or LAN Extension.
Generating Fabric authorization templates
To generate a Fabric authorization template:
- Go to Device Manager > Provisioning Templates > Fabric Authorization Template.
- Select a previously created Fabric authorization template, and click Generate in the toolbar or right-click menu.
- Select the target FortiGate devices on which to generate the configuration.
The Generate authorization template wizard runs and applies the authorization template to the selected device. - Click Finish.