- Create an address to use to configure a firewall policy. Open the CLI with administrator credentials. Right-click the address and select Edit in CLI.
- Configure the filtering rule. This means the Fabric connector automatically populates and updates only instances belonging to the specified VPN that match this filtering condition. You can use the following keys:
1. instanceId (e.g. instanceId=i-12345678)
2. instanceType (e.g. instanceType=t2.micro)
3. imageId (e.g. imageId=ami-123456)
4. keyName (e.g. keyName=aws-key-name)
5. architecture (e.g. architecture=x86)
6. subnetId (e.g. subnetId=sub-123456)
7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-la)
8. placement.groupname (e.g. placement.groupname=group-name)
9. placement.tenancy (e.g. placement.tenancy=tenancy-name)
10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)
11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)
12. tag.Name AWSinstance tag called "Name" (e.g. tagName=Value, maximum of 8 tags are supported.)
- For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above
6. subnetID. First, check the subnet ID in the AWS management portal.
set filter "subnetId=subnet-fb2506a0". In this example, the subnet is 10.0.2.0/24. At this point,
showshows the following:
Three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, Fabric connector found them through APIs FortiGate called to AWS.