Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiManager 8.0.0 Administration Guide
    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.9
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    NSX-T service templates

    NSX-T service templates

    NSX-T Service templates allow you to manage multiple FortiGate VMs running on NSX-T by automatically applying VDOM, policy, and configuration settings to each VM that belongs on the same registered service.

    There are two main use cases for this feature:

    1. You need to deploy an additional VM in NSX-T.

      When a new VM is authorized in FortiManager, it has no configuration or policy. Using the NSX-T template, FortiManager automatically creates the VDOMs, links them to a policy package, and configures the service profile/VDOM association, log settings, etc.

    2. You need to change the existing configuration, for example adding a VDOM.

      FortiManager applies the same change to all VMs from the same service where the template is applied.

    NSX-T templates can be created, cloned, deleted, and assigned in Device Manager > Provisioning Templates > NSX-T Service Template.

    To create a new NSX-T service template:

    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.

    2. Click Create New in the toolbar.

    3. In the Create New Template pane, type a name for the template.

    4. Adjust the settings as required.

      NSXT Connector

      Select an NSX-T connector. See Creating VMware NSX-T connectors.

      After saving the template, this setting cannot be modified.

      NSX-T Register Service

      Select NSX-t registered services.
      Firmware Select the template firmware device type.
      Description Enter a description for the NSX-T service template.

      VDOMs

      Click Create New to create a new VDOM in the template. See Create VDOMs in the NSX-T template.

      Service Chain

      Click Create New to create a new Service Chain in the template. See Create service chains in the NSX-T template.

    5. Click OK to save the template.

    Create VDOMs in the NSX-T template

    To create a new VDOM:

    1. When editing an NSX-T service template, click Create New under the VDOMs section.

      The Create New VDOM pane opens.

    2. Enter a name for the VDOM, and select a Policy Package from the dropdown which will be applied to the template.

      The Virtual Wire Pair will be automatically filled based on the VDOM name.

    3. Dynamic interface mapping is mandatory to create a VDOM. Select the interface name and click Edit to configure the dynamic interface mapping for internal and external interfaces.

      The dynamic interface dropdown will only show normalized interfaces that have a default mapping. The default mapping name must be the same as the name of the interface on the Edit Interface page.

      You can create new interfaces using the + icon in the dropdown.

    Create service chains in the NSX-T template

    To assign an NSX-T service template to a device:
    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
    2. Select a template to assign to managed devices.
    3. Right-click anywhere in the template list window, and select Assign to Device from the menu, or click Assign to Device from the toolbar above.
    4. Select the managed devices to which you want to assign the selected template from the Available Entries field, and move those entries to the Selected Entries field.

      In order for a device to show up in the list it must meet the following conditions.

      1. The VDOM feature must be enabled on the FortiGate.
      2. The FortiGate platform type must match the one selected in the template.
      3. The NSX-T Service name should match with devices.
    5. Once the template has been assigned to the device, you can install the changes using the Install Wizard at the top of the page.
    Previous
    Next

    NSX-T service templates

    NSX-T service templates

    NSX-T Service templates allow you to manage multiple FortiGate VMs running on NSX-T by automatically applying VDOM, policy, and configuration settings to each VM that belongs on the same registered service.

    There are two main use cases for this feature:

    1. You need to deploy an additional VM in NSX-T.

      When a new VM is authorized in FortiManager, it has no configuration or policy. Using the NSX-T template, FortiManager automatically creates the VDOMs, links them to a policy package, and configures the service profile/VDOM association, log settings, etc.

    2. You need to change the existing configuration, for example adding a VDOM.

      FortiManager applies the same change to all VMs from the same service where the template is applied.

    NSX-T templates can be created, cloned, deleted, and assigned in Device Manager > Provisioning Templates > NSX-T Service Template.

    To create a new NSX-T service template:

    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.

    2. Click Create New in the toolbar.

    3. In the Create New Template pane, type a name for the template.

    4. Adjust the settings as required.

      NSXT Connector

      Select an NSX-T connector. See Creating VMware NSX-T connectors.

      After saving the template, this setting cannot be modified.

      NSX-T Register Service

      Select NSX-t registered services.
      Firmware Select the template firmware device type.
      Description Enter a description for the NSX-T service template.

      VDOMs

      Click Create New to create a new VDOM in the template. See Create VDOMs in the NSX-T template.

      Service Chain

      Click Create New to create a new Service Chain in the template. See Create service chains in the NSX-T template.

    5. Click OK to save the template.

    Create VDOMs in the NSX-T template

    To create a new VDOM:

    1. When editing an NSX-T service template, click Create New under the VDOMs section.

      The Create New VDOM pane opens.

    2. Enter a name for the VDOM, and select a Policy Package from the dropdown which will be applied to the template.

      The Virtual Wire Pair will be automatically filled based on the VDOM name.

    3. Dynamic interface mapping is mandatory to create a VDOM. Select the interface name and click Edit to configure the dynamic interface mapping for internal and external interfaces.

      The dynamic interface dropdown will only show normalized interfaces that have a default mapping. The default mapping name must be the same as the name of the interface on the Edit Interface page.

      You can create new interfaces using the + icon in the dropdown.

    Create service chains in the NSX-T template

    To assign an NSX-T service template to a device:
    1. Go to Device Manager > Provisioning Templates > NSX-T Service Template.
    2. Select a template to assign to managed devices.
    3. Right-click anywhere in the template list window, and select Assign to Device from the menu, or click Assign to Device from the toolbar above.
    4. Select the managed devices to which you want to assign the selected template from the Available Entries field, and move those entries to the Selected Entries field.

      In order for a device to show up in the list it must meet the following conditions.

      1. The VDOM feature must be enabled on the FortiGate.
      2. The FortiGate platform type must match the one selected in the template.
      3. The NSX-T Service name should match with devices.
    5. Once the template has been assigned to the device, you can install the changes using the Install Wizard at the top of the page.
    Previous
    Next