- Create an address to use to configure a firewall policy. Open the CLI with administrator credentials. Right-click the address and select Edit in CLI.
- Configure the filtering rule. This means the SDN connector automatically populates and updates only instances belonging to the specified VPC that match this filtering condition. The following keys can be used:
1. instanceId (e.g. instanceId=i-12345678)
2. instanceType (e.g. instanceType=t2.micro)
3. imageId (e.g. imageId=ami-123456)
4. keyName (e.g. keyName=aws-key-name)
5. architecture (e.g. architecture=x86)
6. subnetId (e.g. subnetId=sub-123456)
7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-la)
8. placement.groupname (e.g. placement.groupname=group-name)
9. placement.tenancy (e.g. placement.tenancy=tenancy-name)
10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)
11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)
12. tag.Name AWSinstance tag called "Name" (e.g. tagName=Value, maximum of 8 tags are supported.)
- For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above
6. subnetID. First, check the subnet ID in the AWS management portal.
set filter "subnetId=subnet-fb2506a0". In this example, the subnet is 10.0.2.0/24. At this point,
showshows the following:
Note three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, SDN Connector found them through APIs FortiGate called to AWS.