Fortinet black logo

OCI Administration Guide

Home FortiGate Public Cloud 6.2.0 OCI Administration Guide
6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Creating an address

Creating an address

The next step is to create an address. You can do this via the GUI or the CLI. Either way, take note of the following:

  • You will create an address which is used as an address group or single address to be used for source/destination of firewall policies. The address is based on IP addresses. The address contains IP addresses of OCI instances that are currently running.
  • No matter what changes occur to the instances, the Fabric connector populates and updates the changes automatically based on the specified filtering condition so that administrators do not need to reconfigure the address content manually.
  • Appropriate firewall policies using the address are applied to the instances that are members of it.
To create an address using the GUI:
  1. Go to Policy & Objects > Addresses. Click Create New > Address.
  2. Configure the address as described:
    1. Name: Enter the desired name.
    2. Type: Select Fabric Connector Address.
    3. Fabric Connector Type: Select Oracle Cloud Infrastructure (OCI).
    4. Filter: The Fabric connector automatically populates and updates only IP addresses belonging to the specified filter that matches the condition. Currently, OCI connectors support the following filters:
      1. 'vm_name=<vm name>': This matches a VM instance name.
      2. 'instance_id=<instance id>': This matches an instance OCID.
      3. 'tag.<key>=<value>': This matches a freeform tag key and its value.
      4. 'definedtag.<namespace>.<key>=<value>': This matches a tag namespace, tag key, and its value.

      In this example, let's use 'tag.<key>=<value>'. You can configure tags on OCI:

      In this example, let's populate IP addresses of instances that have the "jkatoinstance" tag name with the "demomachine" value.

      You can set filtering conditions using multiple entries with AND ("&") or OR ("|"). When both AND and OR are specified, AND is interpreted first, then OR.

      For example, you can enter "tag.<key>=<value> & vm_name=<vm name>". In this case, the Fabric connector populates and updates IP addresses of instances that match both the tag and VM name. Wildcards, such as asterisks, are not allowed in filter values.

  3. Click OK after completing all required fields.
  4. Ensure that you created the address by going to Policy & Objects > Addresses.
  5. After a few minutes, the new address takes effect. Hover your cursor on the address to see a list of IP addresses and instances that have the tag key value "demomachine" as configured.
To create an address using the CLI:
  1. Open the FortiOS CLI with admin credentials.
  2. Enter config firewall address.
  3. The prompt becomes the FortiGate-VM hostname and (address)$. Enter edit <address_name> to create an address. For example, if the address name is jkatoociaddress002, enter edit jkatoociaddress002.
  4. Configure the address as a Fabric connector supporting element.
    1. Enter set type dynamic.
    2. Enter set sdn oci.
  5. Configure the filter. The Fabric connector automatically populates and updates only IP addresses belonging to the specified filter that matches the condition. Currently, OCI connectors support the following filters:
    1. 'vm_name=<vm name>': This matches a VM instance name.
    2. 'tag.<key>=<value>': This matches a freeform tag key and its value.
    3. 'instance_id=<instance id>': This matches an instance OCID.
    4. 'definedtag.<namespace>.<key>=<value>': This matches a tag namespace, tag key, and its value.

    In this example, let's use 'tag.<key>=<value>', populating IP addresses of instances that have the "jkatoinstance" tag name with the "demomachine" value. Enter set filter tag.jkatoinstance=demomachine. Entering next end saves the configuration and returns to the original indentation you started with.

    You can set filtering conditions using multiple entries with AND ("&") or OR ("|"). When both AND and OR are specified, AND is interpreted first, then OR.

    You can check the syntax by entering set filter ?

    For example, you can enter "tag.<key>=<value> & vm_name=<vm name>". In this case, the Fabric connector populates and updates IP addresses of instances that match both the tag and VM name. Wildcards, such as asterisks, are not allowed in filter values.

  6. After a few minutes, the new address takes effect. Repeat steps 1-3, then enter show. You can see the list of IP addresses that have been populated.

Previous
Next

Creating an address

The next step is to create an address. You can do this via the GUI or the CLI. Either way, take note of the following:

  • You will create an address which is used as an address group or single address to be used for source/destination of firewall policies. The address is based on IP addresses. The address contains IP addresses of OCI instances that are currently running.
  • No matter what changes occur to the instances, the Fabric connector populates and updates the changes automatically based on the specified filtering condition so that administrators do not need to reconfigure the address content manually.
  • Appropriate firewall policies using the address are applied to the instances that are members of it.
To create an address using the GUI:
  1. Go to Policy & Objects > Addresses. Click Create New > Address.
  2. Configure the address as described:
    1. Name: Enter the desired name.
    2. Type: Select Fabric Connector Address.
    3. Fabric Connector Type: Select Oracle Cloud Infrastructure (OCI).
    4. Filter: The Fabric connector automatically populates and updates only IP addresses belonging to the specified filter that matches the condition. Currently, OCI connectors support the following filters:
      1. 'vm_name=<vm name>': This matches a VM instance name.
      2. 'instance_id=<instance id>': This matches an instance OCID.
      3. 'tag.<key>=<value>': This matches a freeform tag key and its value.
      4. 'definedtag.<namespace>.<key>=<value>': This matches a tag namespace, tag key, and its value.

      In this example, let's use 'tag.<key>=<value>'. You can configure tags on OCI:

      In this example, let's populate IP addresses of instances that have the "jkatoinstance" tag name with the "demomachine" value.

      You can set filtering conditions using multiple entries with AND ("&") or OR ("|"). When both AND and OR are specified, AND is interpreted first, then OR.

      For example, you can enter "tag.<key>=<value> & vm_name=<vm name>". In this case, the Fabric connector populates and updates IP addresses of instances that match both the tag and VM name. Wildcards, such as asterisks, are not allowed in filter values.

  3. Click OK after completing all required fields.
  4. Ensure that you created the address by going to Policy & Objects > Addresses.
  5. After a few minutes, the new address takes effect. Hover your cursor on the address to see a list of IP addresses and instances that have the tag key value "demomachine" as configured.
To create an address using the CLI:
  1. Open the FortiOS CLI with admin credentials.
  2. Enter config firewall address.
  3. The prompt becomes the FortiGate-VM hostname and (address)$. Enter edit <address_name> to create an address. For example, if the address name is jkatoociaddress002, enter edit jkatoociaddress002.
  4. Configure the address as a Fabric connector supporting element.
    1. Enter set type dynamic.
    2. Enter set sdn oci.
  5. Configure the filter. The Fabric connector automatically populates and updates only IP addresses belonging to the specified filter that matches the condition. Currently, OCI connectors support the following filters:
    1. 'vm_name=<vm name>': This matches a VM instance name.
    2. 'tag.<key>=<value>': This matches a freeform tag key and its value.
    3. 'instance_id=<instance id>': This matches an instance OCID.
    4. 'definedtag.<namespace>.<key>=<value>': This matches a tag namespace, tag key, and its value.

    In this example, let's use 'tag.<key>=<value>', populating IP addresses of instances that have the "jkatoinstance" tag name with the "demomachine" value. Enter set filter tag.jkatoinstance=demomachine. Entering next end saves the configuration and returns to the original indentation you started with.

    You can set filtering conditions using multiple entries with AND ("&") or OR ("|"). When both AND and OR are specified, AND is interpreted first, then OR.

    You can check the syntax by entering set filter ?

    For example, you can enter "tag.<key>=<value> & vm_name=<vm name>". In this case, the Fabric connector populates and updates IP addresses of instances that match both the tag and VM name. Wildcards, such as asterisks, are not allowed in filter values.

  6. After a few minutes, the new address takes effect. Repeat steps 1-3, then enter show. You can see the list of IP addresses that have been populated.

Previous
Next