Quickstart

The quickstart section provides a comprehensive guide outlining the steps necessary to integrate FortiGate with Securosys on-premises Primus HSM or CloudHSM.

Make sure to adhere to the Prerequisites section before continuing with the procedure.

Installing & Configuring Primus PKCS#11 Provider on a Client Machine

note

The Securosys PKCS#11 provider v2.2.2 or later is already integrated into FortiGate (no installation needed). However a valid configuration file and secrets have to be prepared and tested in advance on a separate client machine, to be loaded then to the FortiGate via CLI or GUI.

Install and configure on a client PC the version of Primus PKCS#11 provider corresponding to the FortiGate integrated version. Check for connectivity with your HSM. Use the configuration file, PKCS#11 password and secret to be configured on the FortiGate.

Follow the instructions in Securosys PKCS#11 Provider Preparations for more details.

Configuring FortiGate with Securosys HSM

Configure the already FortiGate firewall to use the on-premises Primus HSM or CloudHSM cluster.

Follow the instruction provided in FortiGate Configuration.

Configuring other Fortigate components to use the HSM key

(CA Certificate Generation, Certificate usage, WAD Deep Inspection in Explicit Proxy Policy, HTTPs Administrative Access)

Consult the FortiGate documentation for details.

Installing & Configuring Primus PKCS#11 Provider on a Client Machine​

Configuring FortiGate with Securosys HSM​

Configuring other Fortigate components to use the HSM key​

Installing & Configuring Primus PKCS#11 Provider on a Client Machine

Configuring FortiGate with Securosys HSM

Configuring other Fortigate components to use the HSM key