Bootstrapping the FortiGate CLI and BYOL license at initial bootup using user data
This section explains how to add bootstrapping of FortiGate CLI commands and BYOL license at the time of initial bootup as part of PowerShell deployment.
It is expected that you have thorough knowledge of PowerShell and various Azure services and features to adopt this deployment method. You should be able to author a ps1 file on your own as required by your organization.
You can find a sample PowerShell script that works with bootstrapping on GitHub.
To bootstrap the FortiOS CLI and BYOL license at initial bootup using user data:
- Create a directory on your PC with the path C:\Azure\misc.
- Create a MIME text file named azureinit.conf in the C:\Azure\misc directory. You can change the directory path and file name using the
$customdataFile = C:\Azure\misc\azureinit.confparameter in the ps1 file. azureinit.conf is the text file in MIME format that includes both FortiGate CLI commands and license file content. You can download a sample azureinit.conf from GitHub.
- You can download a license file from Customer Service & Support after registering your product code. Copy and paste the content of your license file to replace the license portion of azureinit.conf. FortiGate-VM license content resembles the following:
- In the example ps1 file, the FortiGate CLI command is shown as the following:
config system global
set timezone 03
This example sets the timezone as GMT-9 Alaska. You can replace these lines with your own set of CLI commands.
- After editing the sample ps1 file to reflect your own Azure environments and azureinit.conf file as required, run the ps1 file. It reads the conf file and passes FortiGate CLI commands and the license to the FortiGate-VM deployment using cloud-init user data.
- After the ps1 file execution ends, log into the FortiGate by accessing https://<IP_address> in your browser.
- The system displays the dashboard instead of a license upload window, since the license is already activated.
To see how bootstrapping went, check if the command was successfully run. Open the CLI console and enter
diag debug cloudinit show.
If the cloud-init was run successfully, the CLI shows
Azure customdata processed successfully.
If you see an error with this
diagnosecommand, resolve it and try again by editing azureinit.conf. There may be a syntax error.
- Check the timezone by running
config system globaland
The timezone was changed to Alaska as expected, meaning that the bootstrapping CLI command was successful. This assumes that you used the default FortiGate CLI command in step 4. If you modified the command, test it accordingly.