Fortinet Document Library

Version:


Table of Contents

Related Videos

SDN Connectors - Multiple Instances Support

  • 1,092 views
  • 7 months ago

New Features

6.2.0
Download PDF
Copy Link

Multiple Concurrent SDN/Cloud Connectors

This feature introduces support for multiple connectors of all SDN connector types to be defined. Previously, only a single connector could be configured for most types, and the SDN connector had to be specified when creating a dynamic firewall address. Now, multiple instances can be configured for every SDN connector, and the specific connector instance must be specified when creating a dynamic firewall address.

This example shows two Microsoft Azure SDN connectors being created, and then being used in new dynamic firewall addresses.

Note

Multiple concurrent SDN/Cloud connectors are not supported yet for Cisco ACI or Nuage.

To create and use two new SDN connectors with the CLI:
  1. Create two new SDN connectors:
    config system sdn-connector
        edit "azure1"
            set type azure
            set tenant-id "942b80cd-bbbb-42a1-8888-4b21dece61ba"
            set subscription-id "2f96c44c-cccc-4621-bbbb-65ba45185e0c"
            set client-id "14dbd5cc-3333-4ea4-8888-68738141feb1"
            set client-secret xxxxx
            set update-interval 30
        next
        edit "azure2"
            set type azure
            set tenant-id "942b80cd-bbbb-42a1-8888-4b21dece61ba"
            set client-id "3baa0acc-ffff-4444-b292-0777a2c36be6"
            set client-secret xxxxx
            set update-interval 30
        next
    end
  2. Create new dynamic firewall addresses that use the new connectors:
    config firewall address
        edit "azure-address-location1"
            set type dynamic
            set color 2
            set sdn azure1
            set filter "location=WestUs"
        next
        edit "azure-address-location2"
            set type dynamic
            set color 2
            set sdn azure2
            set filter "location=NorthEurope"
        next
    end
To create and use two new SDN connectors with the GUI:
  1. Create two new SDN connectors:
    1. Go to Security Fabric > Fabric Connectors, and click Create New in the toolbar.
    2. Click on Microsoft Azure.
    3. Fill in the required information, then click OK.

    4. Repeat the above steps for the second connector.

    Two Microsoft Azure connectors will now be created.

  2. Create new dynamic firewall addresses that use the new connectors:
    1. Go to Policy and Objects > Addresses and click Create New > Address in the toolbar.
    2. Enter a name for the address, and select Fabric Connector Address for the Type.
    3. Select one of the previously created SDN connectors from the SDN Connector drop down list.

    4. Configure the rest of the required information, then click OK to create the address.
    5. Repeat the above steps to create the second address, selecting the other Microsoft Azure SDN connector.

Related Videos

SDN Connectors - Multiple Instances Support

  • 1,092 views
  • 7 months ago

Multiple Concurrent SDN/Cloud Connectors

This feature introduces support for multiple connectors of all SDN connector types to be defined. Previously, only a single connector could be configured for most types, and the SDN connector had to be specified when creating a dynamic firewall address. Now, multiple instances can be configured for every SDN connector, and the specific connector instance must be specified when creating a dynamic firewall address.

This example shows two Microsoft Azure SDN connectors being created, and then being used in new dynamic firewall addresses.

Note

Multiple concurrent SDN/Cloud connectors are not supported yet for Cisco ACI or Nuage.

To create and use two new SDN connectors with the CLI:
  1. Create two new SDN connectors:
    config system sdn-connector
        edit "azure1"
            set type azure
            set tenant-id "942b80cd-bbbb-42a1-8888-4b21dece61ba"
            set subscription-id "2f96c44c-cccc-4621-bbbb-65ba45185e0c"
            set client-id "14dbd5cc-3333-4ea4-8888-68738141feb1"
            set client-secret xxxxx
            set update-interval 30
        next
        edit "azure2"
            set type azure
            set tenant-id "942b80cd-bbbb-42a1-8888-4b21dece61ba"
            set client-id "3baa0acc-ffff-4444-b292-0777a2c36be6"
            set client-secret xxxxx
            set update-interval 30
        next
    end
  2. Create new dynamic firewall addresses that use the new connectors:
    config firewall address
        edit "azure-address-location1"
            set type dynamic
            set color 2
            set sdn azure1
            set filter "location=WestUs"
        next
        edit "azure-address-location2"
            set type dynamic
            set color 2
            set sdn azure2
            set filter "location=NorthEurope"
        next
    end
To create and use two new SDN connectors with the GUI:
  1. Create two new SDN connectors:
    1. Go to Security Fabric > Fabric Connectors, and click Create New in the toolbar.
    2. Click on Microsoft Azure.
    3. Fill in the required information, then click OK.

    4. Repeat the above steps for the second connector.

    Two Microsoft Azure connectors will now be created.

  2. Create new dynamic firewall addresses that use the new connectors:
    1. Go to Policy and Objects > Addresses and click Create New > Address in the toolbar.
    2. Enter a name for the address, and select Fabric Connector Address for the Type.
    3. Select one of the previously created SDN connectors from the SDN Connector drop down list.

    4. Configure the rest of the required information, then click OK to create the address.
    5. Repeat the above steps to create the second address, selecting the other Microsoft Azure SDN connector.