How do I set option to connect to FortiManager in Terraform

Question

I am new to Azure. I am using Terraform to deploy Azure virtual machines from marketplace images. The Azure Virtual Machine I'm deploying is a FortiGate firewall.

I want it to connect to FortiManager later on. How do I define this in terraform? I want to be able to use FortiManager IP Address and Serial Number.

Manually creating the firewall from Azure Marketplace looks like this:

Code:

resource "azurerm_linux_virtual_machine" "fgtvm" {
  name                 = var.fgt.name
  resource_group_name  = var.rg_name
  location             = var.location

  vm_size              = var.fgt.size
  zones                = var.fgt.zones

  admin_username       = "adminuser"
  admin_password       = "123password"

  network_interface_id = azurerm_network_interface.fgt_nic.id
  
  storage_image_reference {
    publisher = var.fgt.image.publisher
    offer     = var.fgt.image.offer
    sku       = var.fgt.image.sku
    version   = var.fgt.image.version
  }

  plan {
    name      = var.fgt.image.sku
    publisher = var.fgt.image.publisher
    product   = var.fgt.image.offer
  }


  os_disk {
    caching               = var.fgt.os_disk.caching
    storage_account_type  = var.fgt.os_disk.storage_account_type
  }

}

Answer 1

I want to connect to FortiManager later. I want to be able to use FortiManager IP Address and Serial Number.

You can make use of below sample cmdlet for Ip address

provider "fortimanager" 
  hostname     = "10.50.0.132/24"
  username     = "admin"
  password     = "SecurePassw0rd"
  insecure     = "true"
 
  scopetype    = "vdomtest"
  adom         = "root"
}
 
terraform {
  required_providers {
    fortimanager = {
      source  = "fortinetdev/fortimanager"
    }
  }
}

Reference: Docs overview | fortinetdev/fortios | Terraform Registry

While creating manually in Fortinet FortiGate next generation firewall you need to set connect fortimanager as NO. once you deployed Fortinet FortiGate use your fortinet Virtual Machine public Ip address to login firewall like below.

Use this Ip address and open in new tab URL -> click advance -> proceed -> login username and password. if you want to use FortiManager to manage this FortiGate, If you need to use FortiManager IP Address and Serial Number. once the FortiGate portal has open you can see serial number in status and main option.

If you do not see the serial in the console, you need to reboot the Fortigate VM from the Cloud Control Panel. After the reboot, you should see the serial number displayed in the console.

To see FortiGate Ip address click interface under Network

Reference: FortiGate deployment guide - Microsoft Entra | Microsoft Docs

---

Alternatively, you can make use of Azure CLI command as below

config system interface #To visbile ip address
edit ?
get system status       # to see staus of DHCP including serical number

Answer 2

the form you can see when deploying from the Marketplace is turned into bootstrap configuration passed to the newly created FGT via instance metadata (user-data). Unfortunately, the source code is a bit hard to read due to ARM templates formatting, so often the easiest way to read compiled bootstrap configuration is to actually deploy and check the metadata.

In this case, you need a configuration block like this:

config system central-management
  set type fortimanager
  set fmg ${var.fortiManagerIP}
  set serial-number ${var.fortiManagerSerial}
end