Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data

You can run FortiGate CLI commands and a BYOL license at initial bootup by using custom cloud-init. Use the following sample ARM templates:

For details on using a custom ARM template, see Deploying FortiGate with custom ARM templates.

First, you must create two text files: one for FortiGate CLI configuration and another for a license file.

  1. Create a CLI configuration file:
    1. In a text editor, create a text file that contains CLI commands like the following:

      config system global

      set timezone 03

      end

    2. Save the file as config.txt or another desired name. This example sets the timezone as GMT-9 Alaska.
  2. Create a license text file:
    1. Download a FortiGate license from Customer Service & Support and save the file as license.txt or any other desired name. The file contains content that resembles the following:

  3. Place both text files on your Azure blob.
  4. In this example, you are required to have the following:
    • Storage account
    • Private container in the blob

    Upload the two text files in a folder with authentication type SAS.

  5. Copy and paste the SAS URLs into the parameters file:
    1. After uploading, click the menu icon beside config.text. Click Generate SAS to create an SAS URL link. Repeat this step with the license.txt file.

    2. Copy the SAS URLs.

    3. Paste the SAS URLs into the configURI and licenseURI sections of the parameters-BYOL-CLI-and-license-json file as shown below:

  6. Review all template fields. Ensure the following:
    1. Your chosen subscription is entitled to purchase the marketplace product.
    2. The same location is entered under Settings and under Basics. Ensure that the location has sufficient quota to accommodate the FortiGate-VM with the desired number of CPU cores. For details, see Region support.
    3. A new resource group is created and the same name is entered under Public IP Resource Group and Vnet Resource Group.
    4. The Fortinet Tags field is automatically populated. There is no need to manually input information into this field. If this field is empty or shows an error, reload the browser, then load the template and parameter files again.
    5. The license and config files' SAS URLs are not expired.

    Once all fields are entered, the template should resemble the following:

  7. Select the checkbox to agree to the terms, then click Purchase.
  8. After deployment is complete, log into the FortiGate by accessing https://<IP_address> in your browser.
  9. If the license was successfully loaded, you should see the dashboard. If you are prompted to upload a license, this means that bootstrapping the license failed. In this case, you can manually upload the license file, and once the system completes rebooting, log in and invoke the CLI from the dashboard. To check why bootstrapping failed, run the diag debug cloudinit show command. See Bootstrapping the FortiGate CLI at initial bootup using user data.

Resources

Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data

You can run FortiGate CLI commands and a BYOL license at initial bootup by using custom cloud-init. Use the following sample ARM templates:

For details on using a custom ARM template, see Deploying FortiGate with custom ARM templates.

First, you must create two text files: one for FortiGate CLI configuration and another for a license file.

  1. Create a CLI configuration file:
    1. In a text editor, create a text file that contains CLI commands like the following:

      config system global

      set timezone 03

      end

    2. Save the file as config.txt or another desired name. This example sets the timezone as GMT-9 Alaska.
  2. Create a license text file:
    1. Download a FortiGate license from Customer Service & Support and save the file as license.txt or any other desired name. The file contains content that resembles the following:

  3. Place both text files on your Azure blob.
  4. In this example, you are required to have the following:
    • Storage account
    • Private container in the blob

    Upload the two text files in a folder with authentication type SAS.

  5. Copy and paste the SAS URLs into the parameters file:
    1. After uploading, click the menu icon beside config.text. Click Generate SAS to create an SAS URL link. Repeat this step with the license.txt file.

    2. Copy the SAS URLs.

    3. Paste the SAS URLs into the configURI and licenseURI sections of the parameters-BYOL-CLI-and-license-json file as shown below:

  6. Review all template fields. Ensure the following:
    1. Your chosen subscription is entitled to purchase the marketplace product.
    2. The same location is entered under Settings and under Basics. Ensure that the location has sufficient quota to accommodate the FortiGate-VM with the desired number of CPU cores. For details, see Region support.
    3. A new resource group is created and the same name is entered under Public IP Resource Group and Vnet Resource Group.
    4. The Fortinet Tags field is automatically populated. There is no need to manually input information into this field. If this field is empty or shows an error, reload the browser, then load the template and parameter files again.
    5. The license and config files' SAS URLs are not expired.

    Once all fields are entered, the template should resemble the following:

  7. Select the checkbox to agree to the terms, then click Purchase.
  8. After deployment is complete, log into the FortiGate by accessing https://<IP_address> in your browser.
  9. If the license was successfully loaded, you should see the dashboard. If you are prompted to upload a license, this means that bootstrapping the license failed. In this case, you can manually upload the license file, and once the system completes rebooting, log in and invoke the CLI from the dashboard. To check why bootstrapping failed, run the diag debug cloudinit show command. See Bootstrapping the FortiGate CLI at initial bootup using user data.