Fortinet black logo

New Features

Azure SDN connector support for non-VM resources  6.2.3

Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:743107
Download PDF

Azure SDN connector support for non-VM resources 6.2.3

In FortiOS 6.2, support has been added for non-VM resources (load balancers and application gateways) to Azure SDN connectors, which can be configured in the GUI or CLI.

Prior to FortiOS 6.2, only IP addresses of VMs were supported.

The tag filter now supports the VM, VMSS, application gateway (applicationgateway=<name>), and load balancer types (loadbalancer=<name>).

Note

VPN gateways are currently not supported.

To configure an internet-facing load balancer address in the GUI:
  1. Go to Policy & Objects > Addresses.
  2. Click Create New > Address and enter a name.
  3. Configure the following settings:
    1. For Type, select Dynamic.
    2. For Sub Type, select Fabric Connector Address.
    3. For SDN Connector, select azure-dev.
    4. For SDN address type, select All.
    5. For Filter, enter Tag.devlb=lbkeyvalue.
  4. Click OK.

    The corresponding IP addresses are dynamically updated and resolved after applying the tag filter.

  5. In the address table, hover over the address to view what IP it resolves to:

  6. In Azure, verify to confirm the IP address matches:

To configure an internet-facing load balancer in the CLI:
config firewall address
    edit "taginternetfacinglb"
        set type dynamic
        set sdn "azure-dev"
        set filter "Tag.devlb=lbkeyvalue"
        set sdn-addr-type all	
    next
end

Azure SDN connector support for non-VM resources 6.2.3

In FortiOS 6.2, support has been added for non-VM resources (load balancers and application gateways) to Azure SDN connectors, which can be configured in the GUI or CLI.

Prior to FortiOS 6.2, only IP addresses of VMs were supported.

The tag filter now supports the VM, VMSS, application gateway (applicationgateway=<name>), and load balancer types (loadbalancer=<name>).

Note

VPN gateways are currently not supported.

To configure an internet-facing load balancer address in the GUI:
  1. Go to Policy & Objects > Addresses.
  2. Click Create New > Address and enter a name.
  3. Configure the following settings:
    1. For Type, select Dynamic.
    2. For Sub Type, select Fabric Connector Address.
    3. For SDN Connector, select azure-dev.
    4. For SDN address type, select All.
    5. For Filter, enter Tag.devlb=lbkeyvalue.
  4. Click OK.

    The corresponding IP addresses are dynamically updated and resolved after applying the tag filter.

  5. In the address table, hover over the address to view what IP it resolves to:

  6. In Azure, verify to confirm the IP address matches:

To configure an internet-facing load balancer in the CLI:
config firewall address
    edit "taginternetfacinglb"
        set type dynamic
        set sdn "azure-dev"
        set filter "Tag.devlb=lbkeyvalue"
        set sdn-addr-type all	
    next
end