How to onboard Fortinet uCPE on Versa FlexVNF : Versa Support

This article describes how to onboard Fortinet uCPE on Versa FlexVNF.

The first step of uCPE creation in the director is to upload the vendor catalogue. Director should have Vendor Image for uCPE.

Enter Name of the Image & Select Vendor from list of vendors. The vendor drop-down will have the predefined list of vendors as Fortinet, PaloAlto, Riverbed, Secui, Adtran, Microsoft, Linux, Juniper, Replify, etc. Versa will keep on updating this predefined vendor list as new Vendors are added.

Note: If the Vendor not listed in dropdown list then click on manage to create new Vendor.

This will open another sub-screen for adding a new product type for this vendor. Give the product name, details and select the service-function from the drop-down. Also, values need to be given for the Memory (MB), CPU, Disk Size (GB). Secondary disk can be selected if needed. Click OK to add this new product for the predefined vendor.

Once you select Vendor & Product, all the predined fields like CPU count, Memory & Disk Size, description and the version number of the VNF are populated. In this example, we have selected Service Function as NextGen Firewall.

Note: - Once the product type and the vendor are selected it will show the minimum required values for the VNF to run in the CPE node. This is to let the user know about the hardware requirement allocations to the third party VNF. If user wants to change the CPU and Memory, they can change in the service chain workflow.
Select VNF Image Type as qcow2, raw, vmdk and vdi & choose file to upload.
Click on Submit.

Drag and Drop the desired VNF from the right side into the service-chain.
By default, the VNF will be in L3 mode. User can change the mode to L2.
Select the Organization and Routing Instance to define the Service Chain to be applied to uCPE.
Click create once the configurations are done.

Click on Template, Click on Add (+) to ) Create post-staging template in the Templates workflow tab.
Fill all required Mandatory
Click on Services
Add Service Chain which is service chain template from Dropdown (in this example we select the Service Chain FORTINET that we defined in previous)

Go to the Workflows=>Devices=>Add device.
Select the appropriate device group with the post-staging template referenced.
In the Bind data screen, you should see both the post-staging template and service-chain workflow template variables.
There will be DHCP server config running in the Control-VR which we need to give the DHCP start and end pool address values (uCPE-MgmtIntf_Pool_Range_Begin_IP__range & uCPE-MgmtIntf_Pool_Range_End_IP__apRang). This is assigned to the mgmt. interface of the VNF provided the VNF mgmt. interface in dhcp client mode.
There will be Egress (FORTINET-WAN-Side-Intf__ucpeWanIntAddress) and Ingress(FORTINET-LAN-Side-Intf__ucpeLanIntAddress) interface address in the FlexVNF which is connected to the 3rd party VNF. If the VNF configured in L3 mode, then the next-hop (FORTINET-WAN-Side-Nexthop__ucpeWanNextHop) address also needs to be configured.