This is a work in progress, I will be... Full Story
By Manny Fernandez
November 20, 2018
Configuring Multiple Fortigate Firewalls using USB
Use Case: You have multiple Fortigate Firewalls firewalls and you want to configure them pretty much the same execpt for the obvious IP addresses, defualt gateways and the hostname. Additionally, you do not have FortiManager (which you should consider if you are going to manage numerous Fortigates). You want to create a ‘template’ config and then change the unique things for each location, upgrade the OS to the required build and drop the config. You can do this with a USB thumb drive.
Here is what you need to do:
Step one – Get a Fortigate and configure it the way you want it. In my case, I had small 30Es that come pre-configured with “softswitches” and “guestwifi” etc. I cleaned all those up and saved the config file. DO NOT ENCRYPT IT.
Step two – Modify the config file with the changes you want to make. NOTE: You need to make sure you keep the top 4 lines with the ‘#’ before them. Else you will get an ‘invalid config file’. AND NO The Alias command that contains the template Fortigate’s SN will not overwrite the real SN of the target Fortigate.
Step three – Copy the config file onto a USB thumb drive (pressumbily any will work, but I would stay away from 256GB USB and the like. 1GB one are perfect since they are useless for everything else).
You need to rename the config file ‘fgt_system.comf’ and for the FortiOS image you want to load ‘image.out’. I went from 5.3.x to 6.0.2 by just putting the 6.02 file and renaming it.
NOTE: You CAN change this file name but by default, this is the filename the Fortigate will look for. If you want to change it, it will be an additional step before you can load the config. You can find these changes in the following area of the GUI:
Or you can also find it on the CLI
Step four – Connect the USB thumb drive into the USB port on the Fortigate and reboot it (or turn it on).
The firewall will reboot and will load the FortiOS. After that, it will reboot again and then load the config file.
Look for the FortiManager version of this post coming soon.
Hope this helps
Recent posts
-
-
I have been playing with the free version of... Full Story
-
In my day job, I am on a lot... Full Story