Fortinet white logo
Fortinet white logo

AWS Administration Guide

Creating an address using the GUI

Creating an address using the GUI

  1. In FortiOS, navigate to Policy & Objects > Addresses. Click Create New, then select Address.
  2. Enter the address name. From the Type dropdown list, select Fabric Connector Address.
  3. From the Fabric Connector Type dropdown list, select Amazon Web Services (AWS). Enter the filter. This means the SDN connector automatically populates and updates only instances belonging to the specified VPC that match this filtering condition. The following keys can be used:

    1. instanceId (e.g. instanceId=i-12345678)

    2. instanceType (e.g. instanceType=t2.micro)

    3. imageId (e.g. imageId=ami-123456)

    4. keyName (e.g. keyName=aws-key-name)

    5. architecture (e.g. architecture=x86)

    6. subnetId (e.g. subnetId=sub-123456)

    7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-1a)

    8. placement.groupname (e.g. placement.groupname=group-name)

    9. placement.tenancy (e.g. placement.tenancy=tenancy-name)

    10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)

    11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)

    12. tag.Name AWS instance tag called “Name” (e.g. tag.Name=Value, maximum of 8 tags are supported.)

  4. For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above 6. subnetID. First, check the subnet ID in the AWS management portal.

  5. Enter subnetId=subnet-fb2506a0 in the Filter field.
  6. In the Interface dropdown list, select an interface where the SDN Connector covers where relevant.

    The filtering condition can be set using multiple entries with AND (“&”) or OR (“|”). When both AND and OR are used, AND is interpreted before OR. For example, you can enter subnetId=subnet-fb2506a0 & tag.Name=abc123. In this case, an IP address of the instance that matches both the subnet ID and the tag “Name” shows up. Note wildcards are not allowed in values.

  7. Click OK. Once saved, the Address is listed under Policy & Objects > Addresses.

  8. Proceed to Creating a firewall policy.

Creating an address using the GUI

Creating an address using the GUI

  1. In FortiOS, navigate to Policy & Objects > Addresses. Click Create New, then select Address.
  2. Enter the address name. From the Type dropdown list, select Fabric Connector Address.
  3. From the Fabric Connector Type dropdown list, select Amazon Web Services (AWS). Enter the filter. This means the SDN connector automatically populates and updates only instances belonging to the specified VPC that match this filtering condition. The following keys can be used:

    1. instanceId (e.g. instanceId=i-12345678)

    2. instanceType (e.g. instanceType=t2.micro)

    3. imageId (e.g. imageId=ami-123456)

    4. keyName (e.g. keyName=aws-key-name)

    5. architecture (e.g. architecture=x86)

    6. subnetId (e.g. subnetId=sub-123456)

    7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-1a)

    8. placement.groupname (e.g. placement.groupname=group-name)

    9. placement.tenancy (e.g. placement.tenancy=tenancy-name)

    10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)

    11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)

    12. tag.Name AWS instance tag called “Name” (e.g. tag.Name=Value, maximum of 8 tags are supported.)

  4. For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above 6. subnetID. First, check the subnet ID in the AWS management portal.

  5. Enter subnetId=subnet-fb2506a0 in the Filter field.
  6. In the Interface dropdown list, select an interface where the SDN Connector covers where relevant.

    The filtering condition can be set using multiple entries with AND (“&”) or OR (“|”). When both AND and OR are used, AND is interpreted before OR. For example, you can enter subnetId=subnet-fb2506a0 & tag.Name=abc123. In this case, an IP address of the instance that matches both the subnet ID and the tag “Name” shows up. Note wildcards are not allowed in values.

  7. Click OK. Once saved, the Address is listed under Policy & Objects > Addresses.

  8. Proceed to Creating a firewall policy.