Fortinet black logo

New Features

Home FortiGate / FortiOS 6.2.0 New Features

Support for wildcard SDN connectors in filter configurations  6.2.3

6.2.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0
Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:33576
Download PDF

Support for wildcard SDN connectors in filter configurations 6.2.3

Wildcards are now supported in FortiOS 6.2 for SDN connectors when configuring dynamic address filters.

The following SDN connector types are currently supported:

  • AWS
  • Azure
  • Google Cloud Platform
  • Kubernetes
  • OpenStack
  • Oracle Cloud Infrastructure
  • VMware ESXi
To configure a dynamic address filter for AWS in the GUI:
  1. Configure the SDN connector:
    1. Go to Security Fabric > Fabric Connectors. Click Create New.
    2. In the Public SDN section, click Amazon Web Services (AWS).
    3. Configure the settings as needed.
    4. Click OK.
  2. Create the dynamic firewall address:
    1. Go to Policy & Objects > Addresses.
    2. Click Create New > Address and enter a name.
    3. Configure the following settings:
      1. For Type, select Dynamic.
      2. For Sub Type, select Fabric Connector Address.
      3. For SDN Connector, select aws1.
      4. For SDN address type, select Private.
      5. For Filter, click Create.

        The New Filter window opens.

      6. Enter Tag.Name=aws*.
      7. Click OK.
    4. Click OK.
  3. In the address table, hover over the address to view what IPs it resolves to.

  4. In AWS, verify to confirm the IP addresses match.

To configure a dynamic address filter for AWS in the CLI:
  1. Configure the SDN connector:
    config firewall address
    edit "aws-address-1"
        set type dynamic
        set sdn "aws1"
        set filter "Tag.Name=aws*"
        set sdn-addr-type public
    next
end
  2. Create the dynamic firewall address and verify where the IPs resolve to:
    config firewall address
    edit "aws-address-1"
        set type dynamic
        set sdn "aws1"
        set filter "Tag.Name=aws*"
        set sdn-addr-type public
        config list
            edit "18.234.167.123"
            next
            edit "3.81.41.167"
            next
            edit "52.87.157.127"
            next
        end
    next
end
  3. In AWS, verify to confirm the IP addresses match.
Previous
Next

Support for wildcard SDN connectors in filter configurations 6.2.3

Wildcards are now supported in FortiOS 6.2 for SDN connectors when configuring dynamic address filters.

The following SDN connector types are currently supported:

  • AWS
  • Azure
  • Google Cloud Platform
  • Kubernetes
  • OpenStack
  • Oracle Cloud Infrastructure
  • VMware ESXi
To configure a dynamic address filter for AWS in the GUI:
  1. Configure the SDN connector:
    1. Go to Security Fabric > Fabric Connectors. Click Create New.
    2. In the Public SDN section, click Amazon Web Services (AWS).
    3. Configure the settings as needed.
    4. Click OK.
  2. Create the dynamic firewall address:
    1. Go to Policy & Objects > Addresses.
    2. Click Create New > Address and enter a name.
    3. Configure the following settings:
      1. For Type, select Dynamic.
      2. For Sub Type, select Fabric Connector Address.
      3. For SDN Connector, select aws1.
      4. For SDN address type, select Private.
      5. For Filter, click Create.

        The New Filter window opens.

      6. Enter Tag.Name=aws*.
      7. Click OK.
    4. Click OK.
  3. In the address table, hover over the address to view what IPs it resolves to.

  4. In AWS, verify to confirm the IP addresses match.

To configure a dynamic address filter for AWS in the CLI:
  1. Configure the SDN connector:
    config firewall address
    edit "aws-address-1"
        set type dynamic
        set sdn "aws1"
        set filter "Tag.Name=aws*"
        set sdn-addr-type public
    next
end
  2. Create the dynamic firewall address and verify where the IPs resolve to:
    config firewall address
    edit "aws-address-1"
        set type dynamic
        set sdn "aws1"
        set filter "Tag.Name=aws*"
        set sdn-addr-type public
        config list
            edit "18.234.167.123"
            next
            edit "3.81.41.167"
            next
            edit "52.87.157.127"
            next
        end
    next
end
  3. In AWS, verify to confirm the IP addresses match.
Previous
Next