1. Discover Device

The first way is to discover the device and my personal favorite.

We are using FortiManager 7.4.4 and FortiGate 7.4.5 in this example but this can work with pretty much any FortiManager / FortiGate.

Prerequisite’s:

  1. FortiManager needs to be able to reach the FortiGate via Port 541 TCP as a baseline. Please see below for additional ports and protocols to allow:
  2. FortiGate needs to have the FMG-Access on the interface we plan on FortiManager talking to it.
  3. FortiManager needs to be able to reach the FortiGate!

First we will ping the FortiGate from the FortiManager to ensure connectivity. Most environments will not have this luxury of testing network connectivity.

Second we will click discover device at the top

Then we’ll select Discover Device

And we’ll add the IP address in the field below and hit next:

This will pop a page out to log into the FortiGate:

Once logged in with an account that can authorize it we will click allow:

After that we will get options to select groups, folders, and adjusting the name FortiManager see’s it as:

and just like that we can import and start working on it!

2. Model Device Discovery using Serial number

Now we will use the Model Device feature. We can use the serial or a pre shared key in this case. We will explore both in the following example.

  1. Serial Number

First, we will click discover device at the top

Then we’ll select Add Model Device

It will ask us for the serial number and we can find it on the dashboard of the FortiGate or using the command below:

Once input we can adjust if we want certain firmware or blueprints to be added to the device. But we will click next for now.

And now we can see the device was successfully added:

The device is added but now what? I don’t see the config status or anything online.

We’ll now hop on the device and configure FortiManager:

We accept and verify the serial:

Interesting that it failed.

If try to retrieve the configuration it says unauthorized as well.

So I had to hover this red icon and retry auto-link and that worked.

Once it was connected to FortiManager I retrieved the device configuration below

That was an experience.

3. Model Device Discovery using Pre Shared key

Now we will use the Model Device feature with a pre shared key.

  1. Serial Number

First, we will click discover device at the top

Then we’ll select Add Model Device

We’ll make the Pre-Shared key something easy for this demo

We then enter the config on the FortiGate:

  1. config system central-managementset type fortimanagerset fmg {<ip address
  2. In FortiOS, use the following command to link the model device to the real device, and to install configurations to the real device:exe central-mgmt register-device <fmg-serial-number> <pre-shared key>

We can now see that the FortiGate is synched!

Leave a Reply

Your email address will not be published. Required fields are marked *