Workshops

Pre-Provisioning

When you prepare a workshop and FortiPoCs are running on a dedicated Virtual Machine Server, you can prefetch poc and resources through the CLI:

  1. register the FortiPoC: register trial <KEY>

  2. create the PoC from the repository version. You can get the <PATH> to use using poc repository list command. Run poc repository define <PATH> refresh. The refresh ensures that the PoC is created with the <NAME> as set in the PoC, overwriting any PoC with same name; all modifications and snapshots are lost.

  3. prefetch necessary resources: poc prefetch <NAME>

If you need to import some licenses, you can copy licenses using scp <LICENSE_FILES> ... admin@FORTIPOC_IP:license

Batch

SSH Key access

You can install a public ssh key to the admin account with:

scp MY_KEY.pub admin@FORTIPOC_IP:authorized_keys

or by CLI:

set ssh authorized keys "CONTENT of MY_KEY.pub"

So you don’t have to manage password with sshpass and you can change the password once the key is installed.

Update admin password

Through the CLI, if in a SSH session, you can directly update the admin account password. Password can be given as plaintext or as ciphertext as returned by a POSIX crypt library.

You can use python 3 to generate it, ex for “MYPASSWORD”:

$ python3 -c 'import crypt; print(crypt.crypt("MYPASSWORD"))'
$6$kfOS1kPG8LN8O5Ah$KNCb2qZH2X/doflfRzbD1xBjx1R2L2WgPVq0h.Y.DdIwO3cMktmVeSMQcvbzARJp8lkHzqqXZV8lYWhvgaTKF/

Then:

fortipoc # set passwd "$6$kfOS1kPG8LN8O5Ah$KNCb2qZH2X/doflfRzbD1xBjx1R2L2WgPVq0h.Y.DdIwO3cMktmVeSMQcvbzARJp8lkHzqqXZV8lYWhvgaTKF/"

You can remove password with unset passwd.

Warning

From the CLI embeded in the GUI, you must provide the current password before being able to change it.

GUI Top bar customization

You can now customize the FortiPoC top text, color and logo.

  • use set gui title "<YOUR_TITLE>" (ex: set gui title "FAD Workshop") to change the title, set to empty string or use unset gui title to reset to default title

  • use set gui background #RRGGBB (ex: set gui background #FF0077) to change the background color, use unset gui background to reset to default background color

  • use set gui foreground #RRGGBB (ex: set gui foreground #FFFFFF) to change the text color, use unset gui foreground to reset to default foreground color

  • use set gui image file <IMAGE_FILE> with <IMAGE_FILE> file copied under local repository gui directory (don’t need to enable local repository) with scp <IMAGE_FILE> admin@FORTIPO_IP/gui/, use unset gui image file to reset to default image

  • use set gui image height <HEIGHT>, <HEIGHT> is a CSS height (ex: set gui image 100px), use unset gui image height to reset to default height

Limited GUI

Guest login

During training and workshops, you can let the user log in with the guest account (you can change password with CLI command set guest passwd <PLAINTEXT>).

In this mode the user has limited access (can NOT edit) and a simplified GUI.

Simple mode

You can achieve similar result of guest login with admin account when you switch to the simple mode from the CLI:

set gui simple enable

In this mode, the left pane is hidden and the user only sees the dashboard.

By default only the PoCs defined locally are visible. But you can choose to expose PoCs from repositories with the CLI, ex

set gui filter repo=[fortinet] name~^ADVPN

For the complete syntax see set gui filter doc.

Each time you launch a repository’s PoC a local version is created, erasing any previous local version: you loose all configuration backups and snapshots you have done locally.

Notes:

  • local PoCs prevails over the repository’s PoC with same name

  • Web CLI is still available through the top right user menu