Fortinet black logo

Cookbook

Support for wildcard SDN connectors in filter configurations

Copy Link
Copy Doc ID 4e2e9371-e0d6-11ea-96b9-00505692583a:834822
Download PDF

Support for wildcard SDN connectors in filter configurations

Wildcards are supported for SDN connectors when configuring dynamic address filters.

The following SDN connector types are currently supported:

  • AWS
  • Azure
  • Google Cloud Platform
  • Kubernetes
  • OpenStack
  • Oracle Cloud Infrastructure
  • VMware ESXi
To configure a dynamic address filter for AWS in the GUI:
  1. Create the SDN connector:
    1. Go to Security Fabric > Fabric Connectors.
    2. Click Create New.
    3. In the Public SDN section, click Amazon Web Services (AWS).
    4. Configure the settings as needed.
    5. Click OK.
  2. Create the dynamic firewall address:
    1. Go to Policy & Objects > Addresses.
    2. Click Create New > Address
    3. Enter a name for the address, then configure the following settings:
      • Set Type to Dynamic.
      • Set Sub Type to Fabric Connector Address.
      • Set SDN Connector to aws1.
      • Set SDN address type to Private.
      • For Filter, click Create, enter Tag.Name=aws*, the click OK.

    4. Click OK.
  3. In the address table, hover over the address to view what IPs it resolves to.

  4. In AWS, verify to confirm the IP addresses match.

To configure a dynamic address filter for AWS in the CLI:
  1. Configure the SDN connector:
    config firewall address
        edit "aws-address-1"
            set type dynamic
            set sdn "aws1"
            set filter "Tag.Name=aws*"
            set sdn-addr-type public
        next
    end
  2. Create the dynamic firewall address and verify where the IP addresses resolve to:
    config firewall address
        edit "aws-address-1"
            set type dynamic
            set sdn "aws1"
            set filter "Tag.Name=aws*"
            set sdn-addr-type public
            config list
                edit "18.234.167.123"
                next
                edit "3.81.41.167"
                next
                edit "52.87.157.127"
                next
            end
        next
    end
  3. In AWS, verify that the IP addresses match.

Support for wildcard SDN connectors in filter configurations

Wildcards are supported for SDN connectors when configuring dynamic address filters.

The following SDN connector types are currently supported:

  • AWS
  • Azure
  • Google Cloud Platform
  • Kubernetes
  • OpenStack
  • Oracle Cloud Infrastructure
  • VMware ESXi
To configure a dynamic address filter for AWS in the GUI:
  1. Create the SDN connector:
    1. Go to Security Fabric > Fabric Connectors.
    2. Click Create New.
    3. In the Public SDN section, click Amazon Web Services (AWS).
    4. Configure the settings as needed.
    5. Click OK.
  2. Create the dynamic firewall address:
    1. Go to Policy & Objects > Addresses.
    2. Click Create New > Address
    3. Enter a name for the address, then configure the following settings:
      • Set Type to Dynamic.
      • Set Sub Type to Fabric Connector Address.
      • Set SDN Connector to aws1.
      • Set SDN address type to Private.
      • For Filter, click Create, enter Tag.Name=aws*, the click OK.

    4. Click OK.
  3. In the address table, hover over the address to view what IPs it resolves to.

  4. In AWS, verify to confirm the IP addresses match.

To configure a dynamic address filter for AWS in the CLI:
  1. Configure the SDN connector:
    config firewall address
        edit "aws-address-1"
            set type dynamic
            set sdn "aws1"
            set filter "Tag.Name=aws*"
            set sdn-addr-type public
        next
    end
  2. Create the dynamic firewall address and verify where the IP addresses resolve to:
    config firewall address
        edit "aws-address-1"
            set type dynamic
            set sdn "aws1"
            set filter "Tag.Name=aws*"
            set sdn-addr-type public
            config list
                edit "18.234.167.123"
                next
                edit "3.81.41.167"
                next
                edit "52.87.157.127"
                next
            end
        next
    end
  3. In AWS, verify that the IP addresses match.