Business & Technology

FortiOS Now Supports the HashiCorp Terraform Datacenter Provisioning Tool

By Fortinet | May 03, 2019

As customers embark on the journey to automate the entire IT and application lifecycle in their private datacenters in the public cloud, and across physical and virtual form factors—there is an increasing need to automate all related security operations. To support these efforts, Fortinet offers official HashiCorp Terraform Provider modules for FortiOS, which enables multiple new infrastructure automation opportunities for customers.

HashiCorp’s Terraform is one of the most popular platforms for supporting IT lifecycle automation across an organization’s entire hybrid cloud infrastructure. It is an open-source, infrastructure-as-code software tool that enables users to define and provision a datacenter infrastructure using a high-level configuration language known as HashiCorp Configuration Language and JSON.

At a high level, Terraform functions as an abstraction layer by providing a uniform language for invoking CRUD (create, read, update, delete) operations on various systems. To perform those functions in different environments, however, it requires a layer responsible for translating between the Terraform configuration language and the specific product operations invoked via API. This layer is called the Terraform Provider.

Gartner has noted that 95% of firewall breaches are due to misconfiguration. When hosted on an automation master, Terraform can be used to automate various IT infrastructure needs, thereby eliminating threats introduced by IT staff misconfiguring devices by hand. With its new integration into FortiOS, Terraform’s automation can now include any FortiOS-related operations on both physical and virtual FortiGate devices. This enables a number of interesting scenarios:

Bootstrapping firewall configurations – In larger organizations, where FortiGate firewalls are frequently deployed to support different applications, Terraform enables the ability to create a baseline configuration that can be provisioned as soon as an organizational unit requests firewall functionality. This not only helps accelerate the time to securely deploy an application, but also eliminates configuration errors.

Large scale change management – Any FortiGate Assets automatically provisioned using Terraform templates can be automatically added to an inventory management system. This ensures that when a configuration update needs to take place across multiple assets, those updates are automatically rolled out across all assets, thereby eliminating the chance of creating a security gap caused by a failure to update all devices.

Atomizing firewall lifecycle management elements and integrating them into customer applications – In more specific cases, where changes are being made to applications that are already protected by FortiGate firewalls, organizations can integrate FortiGate change management routines, such as including security policy updates as part of application change routines. For example, when a new web organizational unit dev environment is spun up dynamically, this can automatically trigger a change management routing in the FortiGate i to permit access from dev networks to that new environment.

Controlling multi-cloud application security – Due to wide variations in cloud functionality, a solution deployed in different clouds will often be managed differently in each cloud environment. However, an effective multi-cloud environment requires consistency in operations. In order to accommodate for these variations, tools deployed across multiple private and public clouds require different configurations in order for them to operate similarly. FortiGate solutions on various platforms can now benefit from the Terraform abstraction layer by configuring similar functionality on FortiGate solutions regardless of the cloud platforms they are deployed on. Allowing customers to focus on functionality rather than configuration provides organizations with the confidence to deploy any application on any cloud, knowing they can achieve consistent security and implement streamlined change management practices to ensure security is always up-to-date across their multi-cloud environment.

Including FortiGate as part of a portable application stack – For service providers and organizations operating a shared services model, the ability to prepackage common applications used by customers offers great value, both from a time to market perspective as well as in eliminating human error when deploying new systems. FortiGate Terraform configurations can be integrated alongside other application elements to quickly spin up application stacks that include security.

Building FortiGate test environments – In situations where new versions of FortiOS are being released, many organizations require the testing of any new functionality to determine how it may impact their environment before deploying it globally. In these cases, the ability to rapidly stand up environments and test these functions prior to integrating them into production environments offers an extremely resource efficient and fault tolerant approach.


Fortinet’s Terraform support with new Provider modules, provides customers with more ways to efficiently deploy, manage, and automate security across even the most complex multicloud environments. It enables the ability to accelerate experimentation, eliminate errors caused by misconfiguration, simplify the rollout and change management of policies, and ultimately, provide organizations with more confidence to implement new applications, regardless of the complexities of the infrastructure or infrastructures on which they are being deployed.

Learn more about how Fortinet’s multi-cloud solutions provide visibility and control across cloud infrastructures to secure applications and connectivity. 

For more information about Fortinet’s technology alliance partners program, visit here.