Fortinet Document Library

Version:


Table of Contents

New Features

6.4.0
Download PDF
Copy Link

Support filtering on AWS autoscaling group for dynamic address objects

A FortiGate-VM deployed on AWS can create a dynamic address based on an AWS Fabric connector and use an autoscaling group (ASG) filter to obtain ASG members' primary IP addresses or NICs. You can use this feature for load balancing to optimize network efficiency.

To create an address with an ASG filter using the GUI:
  1. In FortiOS, go to Policy & Objects > Addresses.
  2. Click Create New, then select Address.
  3. Enter the address name. From the Type dropdown list, select Dynamic.
  4. From the Sub Type dropdown list, select Fabric Connector Address.
  5. From the SDN Connector dropdown list, select the AWS Fabric connector.
  6. In the Filter fields, enter the desired filter. In this example, you would enter AutoScaleGroup=<ASG ID> in the Filter field.
  7. From the Interface dropdown list, select an interface where the Fabric connector covers where relevant.
  8. Click OK. Once saved, FortiOS lists the address under Policy & Objects > Addresses.

To create an address with an ASG filter using the CLI:

config firewall address

edit "aws-asg-addr1"

set uuid 82e26cea-756e-51ea-d322-4259d3db301b

set type dynamic

set sdn "aws-sdn"

set filter "AutoScaleGroup=10703c-4f731e90-fortigate-payg-auto-scaling-group"

config list

edit "192.168.0.137"

next

edit "192.168.1.218"

next

end

next

end

Support filtering on AWS autoscaling group for dynamic address objects

A FortiGate-VM deployed on AWS can create a dynamic address based on an AWS Fabric connector and use an autoscaling group (ASG) filter to obtain ASG members' primary IP addresses or NICs. You can use this feature for load balancing to optimize network efficiency.

To create an address with an ASG filter using the GUI:
  1. In FortiOS, go to Policy & Objects > Addresses.
  2. Click Create New, then select Address.
  3. Enter the address name. From the Type dropdown list, select Dynamic.
  4. From the Sub Type dropdown list, select Fabric Connector Address.
  5. From the SDN Connector dropdown list, select the AWS Fabric connector.
  6. In the Filter fields, enter the desired filter. In this example, you would enter AutoScaleGroup=<ASG ID> in the Filter field.
  7. From the Interface dropdown list, select an interface where the Fabric connector covers where relevant.
  8. Click OK. Once saved, FortiOS lists the address under Policy & Objects > Addresses.

To create an address with an ASG filter using the CLI:

config firewall address

edit "aws-asg-addr1"

set uuid 82e26cea-756e-51ea-d322-4259d3db301b

set type dynamic

set sdn "aws-sdn"

set filter "AutoScaleGroup=10703c-4f731e90-fortigate-payg-auto-scaling-group"

config list

edit "192.168.0.137"

next

edit "192.168.1.218"

next

end

next

end