system sdn-connector
Use this command to configure connections to an SDN Connector, including Google Cloud Platform (GCP), Cisco ACI, Amazon Web Services (AWS), and VMware NSX.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.2.
| Command | Description |
|---|---|
|
set azure-region {germany | usgov} |
Support added for Azure Germany and US Government server regions. |
|
set use-metadata-iam {enable | disable} set gcp-project <name> set service-account <name> set private-key <key> |
Enable or disable (by default) using IAM role to call the API. In addition, specify the GCP project name, account email, and service account private key. |
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.1.
| Command | Description |
|---|---|
|
set type {oci | ...} set oci-region {phoenix | ashburn | frankfurt | london} set oci-cert <certificate> |
New Oracle Cloud Infrastructure (OCI) type, region-server, and certificate options. This feature calls OCI API to get the information of VMs running in OCI cloud. |
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
| Command | Description |
|---|---|
|
set server <address> |
The entry server-ip has been removed and replaced with server, to now allow either an FQDN or IP address to be set. |
|
set type {gcp | ...}
config external-ip
config route |
New Google Cloud Platform (GCP) type, in order to provide Active-Passive HA. Once |
|
set type {nsx | ...} set nsx-cert-fingerprint <fingerprint> |
When the FortiGate SVM connect to NSX manager to add "Service Manager", save NSX manager's certificate thumbprint. When the FortiGate connects to NSX manager in future (or NSX manager connects to the FortiGate), the FortiGate compares the thumbprint with the saved one to verify the certifcate. Note: This command is only available for VM platforms. Furthermore, |
|
set type {azure | ...} set tenant-id <directory-id> set subscription-id <sub-id> set client-id <app-id> set client-secret <app-key> set resource-group <group-name> set azure-region {global | china}
config nic
config route-table |
Support for Active/Passive HA in an Azure environment. Once Use the |
config system sdn-connector
edit {name}
# Configure connection to SDN Connector.
set name {string} SDN connector name. size[35]
set status {disable | enable} Enable/disable connection to the remote SDN connector.
set type {option} Type of SDN connector.
aci Application Centric Infrastructure (ACI).
aws Amazon Web Services (AWS).
azure Microsoft Azure.
gcp Google Cloud Platform (GCP).
nsx VMware NSX
nuage Nuage VSP.
oci Oracle Cloud Infrastructure.
openstack OpenStack.
set server {string} Server address of the remote SDN connector. size[127]
set server-port {integer} Port number of the remote SDN connector. range[1-65535]
set username {string} Username of the remote SDN connector as login credentials. size[64]
set password {string} Password of the remote SDN connector as login credentials.
set access-key {string} AWS access key ID. size[31]
set secret-key {password_string} AWS secret access key. size[59]
set region {string} AWS region name. size[15]
set vpc-id {string} AWS VPC ID. size[31]
set tenant-id {string} Tenant ID (directory ID). size[127]
set subscription-id {string} Azure subscription ID. size[63]
set login-endpoint {string} Azure Stack login enpoint. size[127]
set resource-url {string} Azure Stack resource URL. size[127]
set client-id {string} Azure client ID (application ID). size[63]
set client-secret {password_string} Azure client secret (application key). size[59]
set resource-group {string} Azure resource group. size[63]
set azure-region {option} Azure server region.
global Global Azure Server.
china China Azure Server.
germany Germany Azure Server.
usgov US Government Azure Server.
local Azure Stack Local Server.
config nic
edit {name}
# Configure Azure network interface.
set name {string} Network interface name. size[63]
config ip
edit {name}
# Configure IP configuration.
set name {string} IP configuration name. size[63]
set public-ip {string} Public IP name. size[63]
next
next
config route-table
edit {name}
# Configure Azure route table.
set name {string} Route table name. size[63]
config route
edit {name}
# Configure Azure route.
set name {string} Route name. size[63]
set next-hop {string} Next hop address. size[127]
next
next
set user-id {string} User ID. size[127]
set compartment-id {string} Compartment ID. size[127]
set oci-region {phoenix | ashburn | frankfurt | london} OCI server region.
phoenix US Phoenix Server.
ashburn US Ashburn Server.
frankfurt EU Frankfurt Server.
london UK London Server.
set oci-cert {string} OCI certificate. size[63] - datasource(s): certificate.local.name
set oci-fingerprint {string} OCI pubkey fingerprint. size[63]
config external-ip
edit {name}
# Configure GCP external IP.
set name {string} External IP name. size[63]
next
config route
edit {name}
# Configure GCP route.
set name {string} Route name. size[63]
next
set use-metadata-iam {disable | enable} Enable/disable using IAM role from metadata to call API.
set gcp-project {string} GCP project name. size[127]
set service-account {string} GCP service account email. size[127]
set key-passwd {password_string} Private key password. size[128]
set private-key {string} Private key of GCP service account.
set update-interval {integer} Dynamic object update interval (0 - 3600 sec, 0 means disabled, default = 60). range[0-3600]
next
end