By Manny Fernandez

November 20, 2018

Configuring Multiple Fortigate Firewalls using USB

Use Case: You have multiple Fortigate Firewalls firewalls and you want to configure them pretty much the same execpt for the obvious IP addresses, defualt gateways and the hostname. Additionally, you do not have FortiManager (which you should consider if you are going to manage numerous Fortigates). You want to create a ‘template’ config and then change the unique things for each location, upgrade the OS to the required build and drop the config. You can do this with a USB thumb drive.

Here is what you need to do:

Step one – Get a Fortigate and configure it the way you want it. In my case, I had small 30Es that come pre-configured with “softswitches” and “guestwifi” etc. I cleaned all those up and saved the config file. DO NOT ENCRYPT IT.

Step two – Modify the config file with the changes you want to make. NOTE: You need to make sure you keep the top 4 lines with the ‘#’ before them. Else you will get an ‘invalid config file’. AND NO The Alias command that contains the template Fortigate’s SN will not overwrite the real SN of the target Fortigate.

Step three – Copy the config file onto a USB thumb drive (pressumbily any will work, but I would stay away from 256GB USB and the like. 1GB one are perfect since they are useless for everything else).

You need to rename the config file ‘fgt_system.comf’ and for the FortiOS image you want to load ‘image.out’. I went from 5.3.x to 6.0.2 by just putting the 6.02 file and renaming it.

NOTE: You CAN change this file name but by default, this is the filename the Fortigate will look for. If you want to change it, it will be an additional step before you can load the config. You can find these changes in the following area of the GUI:

Or you can also find it on the CLI

Step four – Connect the USB thumb drive into the USB port on the Fortigate and reboot it (or turn it on).

The firewall will reboot and will load the FortiOS. After that, it will reboot again and then load the config file.

Look for the FortiManager version of this post coming soon.

 

Hope this helps

Leave a comment

Your email address will not be published. Required fields are marked *

Recent posts

  • In FortiOS 7.4, Fortinet enhanced the ability to do... Full Story

  • Apple shortcuts have been an amazing addition to IOS. ... Full Story

  • Years ago, when I started using FortiGates, I had... Full Story