Fortinet black logo

New Features

Support ServiceTag and Region for Azure SDN connector address objects 6.4.2

Copy Link
Copy Doc ID de1e129a-0283-11ea-8977-00505692583a:28579
Download PDF

Support ServiceTag and Region for Azure SDN connector address objects 6.4.2

Two new filter keys, ServiceTag and Region, can be used in Azure SDN connectors to filter service tag IP ranges. These can be used in dynamic firewall addresses.

To use the new filters keys in the GUI:
  1. Create an Azure SDN connector:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. Select Microsoft Azure.
    3. Configure the connector:

    4. Click OK.
  2. Create a dynamic firewall address for the Azure connector, filtering based on the servicetag and region:
    1. Go to Policy & Objects > Addresses and click Create New > Address.
    2. Configure the address, adding two filters: ServiceTag=ApiManagement and Region=canadacentral:

    3. Click OK.
    4. Hover the cursor over the address name to see the dynamic IP addresses that are resolved by the connector:

To use the new filters keys in the CLI:
  1. Create an Azure SDN connector:
    config system sdn-connector
        edit "azure1"
            set type azure
            set tenant-id "942b80cd-1b14-42a1-8dcf-4b21dece61ba"
            set client-id "44e79db7-621d-46f3-8625-58e209654e58"
            set client-secret xxxxxx
        next
    end
  2. Create a dynamic firewall address for the Azure connector, filtering based on the servicetag and region:
    config firewall address
        edit "azure-address-sertag1-o-region1"
            set type dynamic
            set sdn "azure1"
            set color 2
            set filter "ServiceTag=ApiManagement | Region=canadacentral"
        next
    end
  3. View the dynamic IP addresses that are resolved by the connector:
    # show firewall address azure-address-sertag1
    config firewall address
        edit "azure-address-sertag1"
            set uuid 50a0afd4-b1bf-51ea-651b-f9ba7f6db455
            set type dynamic
            set sdn "azure1"
            set color 2
            set filter "ServiceTag=ApiManagement | Region=canadacentral"
            config list
                edit "102.133.0.79/32"
                next
                edit "102.133.130.197/32"
                next
                ...
                edit "13.78.108.176/28"
                next
                edit "13.86.102.66/32"
                next
                ...
            end
        next
    end

Support ServiceTag and Region for Azure SDN connector address objects 6.4.2

Two new filter keys, ServiceTag and Region, can be used in Azure SDN connectors to filter service tag IP ranges. These can be used in dynamic firewall addresses.

To use the new filters keys in the GUI:
  1. Create an Azure SDN connector:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. Select Microsoft Azure.
    3. Configure the connector:

    4. Click OK.
  2. Create a dynamic firewall address for the Azure connector, filtering based on the servicetag and region:
    1. Go to Policy & Objects > Addresses and click Create New > Address.
    2. Configure the address, adding two filters: ServiceTag=ApiManagement and Region=canadacentral:

    3. Click OK.
    4. Hover the cursor over the address name to see the dynamic IP addresses that are resolved by the connector:

To use the new filters keys in the CLI:
  1. Create an Azure SDN connector:
    config system sdn-connector
        edit "azure1"
            set type azure
            set tenant-id "942b80cd-1b14-42a1-8dcf-4b21dece61ba"
            set client-id "44e79db7-621d-46f3-8625-58e209654e58"
            set client-secret xxxxxx
        next
    end
  2. Create a dynamic firewall address for the Azure connector, filtering based on the servicetag and region:
    config firewall address
        edit "azure-address-sertag1-o-region1"
            set type dynamic
            set sdn "azure1"
            set color 2
            set filter "ServiceTag=ApiManagement | Region=canadacentral"
        next
    end
  3. View the dynamic IP addresses that are resolved by the connector:
    # show firewall address azure-address-sertag1
    config firewall address
        edit "azure-address-sertag1"
            set uuid 50a0afd4-b1bf-51ea-651b-f9ba7f6db455
            set type dynamic
            set sdn "azure1"
            set color 2
            set filter "ServiceTag=ApiManagement | Region=canadacentral"
            config list
                edit "102.133.0.79/32"
                next
                edit "102.133.130.197/32"
                next
                ...
                edit "13.78.108.176/28"
                next
                edit "13.86.102.66/32"
                next
                ...
            end
        next
    end