Fortinet black logo

Cookbook

OCI SDN connector

Copy Link
Copy Doc ID 5be0d1a4-3f0d-11eb-96b9-00505692583a:480499
Download PDF

OCI SDN connector

You can configure Security Fabric connector integration with Oracle Cloud Infrastructure (OCI).

To configure an OCI SDN connector in the CLI:
  1. Configure an SDN connector:
    config system sdn-connector
        edit "oci1"
            set status enable
            set type oci
            set tenant-id "ocid1.tenancy.oc1..aaaaaaaaaaa3aaaaaaaaaaaaaaaaa77xxxxxx54bbbbbb4xxxx35xx55xxxx"
            set user-id "ocid1.user.oc1..aaaaaaaaa2laaaaa3aaaaaaaaaabbbbbbbbbbcccc3ccccccccccxxxxxxxx"
            set compartment-id "ocid1.compartment.oc1..aaaaaaaaaaaaaaaaaa7bbbbbbbbbbcccccccccc6xxx53xxxx7xxxxxxxxxx"
            set oci-region "us-ashburn-1"
            set oci-region-type commercial
            set oci-cert "cert-sha2"
            set update-interval 30
        next
    end
  2. Create a dynamic firewall address for the SDN connector with a supported filter:
    config firewall address
        edit "oci-address-1"
            set uuid 0b4a496e-8974-51e9-e223-fee75c935fb7
            set type dynamic
            set sdn "oci1"
            set filter "CompartmentName=DevelopmentEngineering"
        next
    end
To configure an OCI SDN connector in the GUI:
  1. Go to Security Fabric > Fabric Connectors and click Create New.
  2. In the Public SDN section, select Oracle Cloud Infrastructure (OCI).
  3. Configuration the connector as needed.

  4. Click OK.
  5. Go to Policy & Objects > Addresses and click Create New > Address.
  6. Configure the address as needed, selecting the OCI connector in the SDN Connector field.

  7. Click OK.
To confirm that dynamic firewall addresses are resolved by the SDN connector:
  1. In the CLI, check that the addresses are listed:
    config firewall address
        edit "oci-address-1"
            set uuid 0b4a496e-8974-51e9-e223-fee75c935fb7
            set type dynamic
            set sdn "oci1"
            set filter "CompartmentName=DevelopmentEngineering"
            config list
                edit "10.0.0.11"
                next
                edit "10.0.0.118"
                next
                ...
                next
            end
        next
    end
  2. In the GUI, go to Policy & Objects > Addresses and hover the cursor over the address name.

OCI SDN connector

You can configure Security Fabric connector integration with Oracle Cloud Infrastructure (OCI).

To configure an OCI SDN connector in the CLI:
  1. Configure an SDN connector:
    config system sdn-connector
        edit "oci1"
            set status enable
            set type oci
            set tenant-id "ocid1.tenancy.oc1..aaaaaaaaaaa3aaaaaaaaaaaaaaaaa77xxxxxx54bbbbbb4xxxx35xx55xxxx"
            set user-id "ocid1.user.oc1..aaaaaaaaa2laaaaa3aaaaaaaaaabbbbbbbbbbcccc3ccccccccccxxxxxxxx"
            set compartment-id "ocid1.compartment.oc1..aaaaaaaaaaaaaaaaaa7bbbbbbbbbbcccccccccc6xxx53xxxx7xxxxxxxxxx"
            set oci-region "us-ashburn-1"
            set oci-region-type commercial
            set oci-cert "cert-sha2"
            set update-interval 30
        next
    end
  2. Create a dynamic firewall address for the SDN connector with a supported filter:
    config firewall address
        edit "oci-address-1"
            set uuid 0b4a496e-8974-51e9-e223-fee75c935fb7
            set type dynamic
            set sdn "oci1"
            set filter "CompartmentName=DevelopmentEngineering"
        next
    end
To configure an OCI SDN connector in the GUI:
  1. Go to Security Fabric > Fabric Connectors and click Create New.
  2. In the Public SDN section, select Oracle Cloud Infrastructure (OCI).
  3. Configuration the connector as needed.

  4. Click OK.
  5. Go to Policy & Objects > Addresses and click Create New > Address.
  6. Configure the address as needed, selecting the OCI connector in the SDN Connector field.

  7. Click OK.
To confirm that dynamic firewall addresses are resolved by the SDN connector:
  1. In the CLI, check that the addresses are listed:
    config firewall address
        edit "oci-address-1"
            set uuid 0b4a496e-8974-51e9-e223-fee75c935fb7
            set type dynamic
            set sdn "oci1"
            set filter "CompartmentName=DevelopmentEngineering"
            config list
                edit "10.0.0.11"
                next
                edit "10.0.0.118"
                next
                ...
                next
            end
        next
    end
  2. In the GUI, go to Policy & Objects > Addresses and hover the cursor over the address name.