Configuring OpenStack SDN connector with domain filter
You can select a domain attribute when configuring an OpenStack SDN connector in FortiOS. When a domain is configured for the OpenStack SDN connector, FortiOS resolves OpenStack dynamic firewall addresses from the specified OpenStack domain. If a domain is not specified, FortiOS resolves the dynamic firewall addresses using the default OpenStack domain.
To configure OpenStack SDN connector with a domain filter using the GUI:
- Configure the OpenStack SDN connector:
- Go to Security Fabric > External Connectors.
- Click Create New, and select OpenStack (Horizon).
- In the Domain field, enter the desired domain name from OpenStack. The SDN connector will only resolve IP addresses for instances that belong to the specified domain.
- Configure as shown, substituting the server IP address, username, and password for your deployment. The update interval is in seconds.
- Create a dynamic firewall address for the configured OpenStack SDN connector:
- Go to Policy & Objects > Addresses.
- Click Create New, then select Address.
- Configure the address as shown, selecting the desired filter in the Filter dropdown list. The OpenStack SDN connector will automatically populate and update IP addresses only for instances that belong to the specified domain and network:
- Ensure that the OpenStack SDN connector resolves dynamic firewall IP addresses:
- Go to Policy & Objects > Addresses.
- Hover over the address created in step 2 to see a list of IP addresses for instances that belong to the specified domain and specified network as configured in steps 1 and 2:
To configure OpenStack SDN connector with a domain filter using CLI commands:
- Configure the OpenStack SDN connector. The SDN connector only resolves IP addresses for instances that belong to the specified domain:
config system sdn-connector
edit "openstack-domain"
set type openstack
set server "http://172.16.165.86:5000"
set username "example_username"
set password xxxxx
set domain "example_domain"
set update-interval 30
next
end
- Create a dynamic firewall address for the configured OpenStack SDN connector with the supported OpenStack filter. The OpenStack SDN connector automatically populates and updates IP addresses only for instances that belong to the specified domain and the specified network:
config firewall address
edit "openstack-domain-network"
set type dynamic
set sdn "openstack-domain"
set filter "Network=example-net1"
next
end
- Confirm that the OpenStack SDN connector resolves dynamic firewall IP addresses using the configured domain and filter:
config firewall address
edit "openstack-domain-network"
set type dynamic
set sdn "openstack-domain"
set filter "Network=example-net1"
config list
edit "10.0.0.13"
next
edit "10.0.0.16"
next
edit "10.0.0.3"
next
edit "172.24.4.18"
next
edit "172.24.4.24"
next
edit "172.24.4.3"
next
end
next
end