This is a repo of Ansible playbooks to deploy Fortinet SecGWs in FortiPoC.
It can be used to demo automated provisioning of the Fortinet SecGW Solution in a realistic environment, Hands-On-Labs learning or even just as inspirations for Ansible playbooks to configure FortiGates through FortiManager.
For details refer to the Hands-On-Lab Guide.
The playbooks are designed to be used in a FortiPoC named "MNO-SecGW-HoL.fpoc". To get access to the FortiPoC or the Hands-On-Lab Guide contact your local Fortinet SE or Telco SME.
The demo mode will preconfigure FMG / FAZ / FGT-SEG-1 and FGT-SEG-2 so you quickly can spin up the whole lab. It can be useful as customer demos, self-paced learning, verification of a feature or troubleshooting.
-
Start the poc "MNO SecGW HoL"
-
When the PoC is started. Log into the LXC device named Runner.
-
Initialize the Ansible playbooks with
cd /fortipoc/init ./init.py -
Start the demo playbook with
cd /fortipoc/ansible ansible-playbook -i hosts demo.ymlThis will configure all Fortinet equipment.
-
When playbooks have finished check there are no failed plays.
-
If it is all super green, then log into gNodeB1 and bring up the tunnel
cd /fortipoc ./genrsa ./ir ./config_ss.sh ping 10.30.2.2 -i0.2Notice: You don't need to manually bring up the tunnel. Linux routing policies will detect a match to the child-SA and bring up the tunnel.
-
Repeat the same procedure for gNodeB2.
-
You now have a fully functioning SecGW solution with traffic running.
The file vars/global.yml contains all variables required to provision the FortiPoC.
The init.py script mentioned above sets the following variables in vars/global.yml
- password
- fmg_access_token
- fmg_sn
- faz_access_token
- faz_sn
- secgws[seg1][sn]
- secgws[seg2][sn]
- FortiPoC v.1.9.6
- FortiManager v.7.2.4 or higher on the 7.2 release train
- FortiAnalyzer v.7.2.4 or higher on the 7.2 release train
- FortiGate v.7.2.6 or higher on the 7.2 release train
- FortiAuthenticator v.6.6.0 or higher on the 6.6 release train
Enjoy:)