Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

IBM Cloud SDN connector

FortiOS can automatically update dynamic addresses for IBM Cloud using an SDN connector.

The dynamic addresses can be filtered with the following filters:

  • <InstanceId>
  • <InstanceName>
  • <ImageId>
  • <ImageName>
  • <Architecture>
  • <Profile>
  • <Vpc>
  • <Zone>
  • <Subnet>
  • <ResourceGroup>
To configure IBM Cloud SDN connectors using the GUI:
  1. Create SDN connectors for compute generation 1 and 2:
    1. Go to Security Fabric > External Connectors.
    2. Click Create New, then select IBM Cloud.
    3. Configure the connector for computer generation 1:

    4. Click OK.
    5. Click Create New, then select IBM Cloud.
    6. Configure the connector for computer generation 2:

    7. Click OK.
  2. Create dynamic firewall addresses for the configured connectors:
    1. Go to Policy & Objects > Addresses.
    2. Click Create New > Address.
    3. Configure an address for computer generation 1:

    4. Click OK.
    5. Click Create New > Address.
    6. Configure an address for computer generation 2:

    7. Click OK.
  3. Ensure that the connectors resolve dynamic firewall IP addresses:
    1. Go to Policy & Objects > Addresses.
    2. Hover over the addresses created in step 2 to see a list of IP addresses resolved by the connector:

To configure IBM Cloud SDN connectors using the CLI:
  1. Create SDN connectors for compute generation 1 and 2:
    config system sdn-connector
        edit "ibm_gen1"
            set status enable
            set type ibm
            set api-key xxxxxx
            set compute-generation 1
            set ibm-region-gen1 us-south
            set update-interval 60
        next
        edit "ibm_gen2"
            set status enable
            set type ibm
            set api-key xxxxxx
            set compute-generation 2
            set ibm-region-gen2 us-east
            set update-interval 60
        next
    end
  2. Create dynamic firewall addresses for the configured connectors:
    config firewall address
        edit "ibm_gen1_add1"
            set type dynamic
            set sdn "ibm_gen1"
            set color 19
            set filter "Vpc=alex-vpc1"
        next
        edit "ibm_gen2_add1"
            set type dynamic
            set sdn "ibm_gen2"
            set color 19
            set filter "ResourceGroup=alex-grp2"
        next
    end
  3. Ensure that the connectors resolve dynamic firewall IP addresses:
    # show firewall address ibm_gen1_add1
    config firewall address
        edit "ibm_gen1_add1"
            set uuid 586841c4-7f46-51ea-dc66-dbf840af03d3
            set type dynamic
            set sdn "ibm_gen1"
            set color 19
            set filter "Vpc=alex-vpc1"
            config list
                edit "10.240.0.49"
                next
                edit "10.240.0.75"
                next
                edit "169.61.227.88"
                next
                edit "52.117.170.31"
                next
            end
        next
    end
    # show firewall address ibm_gen2_add1
    config firewall address
        edit "ibm_gen2_add1"
            set uuid 5868c4f0-7f46-51ea-2b79-b5170fbfd4a8
            set type dynamic
            set sdn "ibm_gen2"
            set color 19
            set filter "ResourceGroup=alex-grp2"
            config list
                edit "10.241.128.4"
                next
                edit "10.241.128.5"
                next
                edit "10.241.129.4"
                next
                edit "52.117.126.69"
                next
            end
        next
    end

IBM Cloud SDN connector

FortiOS can automatically update dynamic addresses for IBM Cloud using an SDN connector.

The dynamic addresses can be filtered with the following filters:

  • <InstanceId>
  • <InstanceName>
  • <ImageId>
  • <ImageName>
  • <Architecture>
  • <Profile>
  • <Vpc>
  • <Zone>
  • <Subnet>
  • <ResourceGroup>
To configure IBM Cloud SDN connectors using the GUI:
  1. Create SDN connectors for compute generation 1 and 2:
    1. Go to Security Fabric > External Connectors.
    2. Click Create New, then select IBM Cloud.
    3. Configure the connector for computer generation 1:

    4. Click OK.
    5. Click Create New, then select IBM Cloud.
    6. Configure the connector for computer generation 2:

    7. Click OK.
  2. Create dynamic firewall addresses for the configured connectors:
    1. Go to Policy & Objects > Addresses.
    2. Click Create New > Address.
    3. Configure an address for computer generation 1:

    4. Click OK.
    5. Click Create New > Address.
    6. Configure an address for computer generation 2:

    7. Click OK.
  3. Ensure that the connectors resolve dynamic firewall IP addresses:
    1. Go to Policy & Objects > Addresses.
    2. Hover over the addresses created in step 2 to see a list of IP addresses resolved by the connector:

To configure IBM Cloud SDN connectors using the CLI:
  1. Create SDN connectors for compute generation 1 and 2:
    config system sdn-connector
        edit "ibm_gen1"
            set status enable
            set type ibm
            set api-key xxxxxx
            set compute-generation 1
            set ibm-region-gen1 us-south
            set update-interval 60
        next
        edit "ibm_gen2"
            set status enable
            set type ibm
            set api-key xxxxxx
            set compute-generation 2
            set ibm-region-gen2 us-east
            set update-interval 60
        next
    end
  2. Create dynamic firewall addresses for the configured connectors:
    config firewall address
        edit "ibm_gen1_add1"
            set type dynamic
            set sdn "ibm_gen1"
            set color 19
            set filter "Vpc=alex-vpc1"
        next
        edit "ibm_gen2_add1"
            set type dynamic
            set sdn "ibm_gen2"
            set color 19
            set filter "ResourceGroup=alex-grp2"
        next
    end
  3. Ensure that the connectors resolve dynamic firewall IP addresses:
    # show firewall address ibm_gen1_add1
    config firewall address
        edit "ibm_gen1_add1"
            set uuid 586841c4-7f46-51ea-dc66-dbf840af03d3
            set type dynamic
            set sdn "ibm_gen1"
            set color 19
            set filter "Vpc=alex-vpc1"
            config list
                edit "10.240.0.49"
                next
                edit "10.240.0.75"
                next
                edit "169.61.227.88"
                next
                edit "52.117.170.31"
                next
            end
        next
    end
    # show firewall address ibm_gen2_add1
    config firewall address
        edit "ibm_gen2_add1"
            set uuid 5868c4f0-7f46-51ea-2b79-b5170fbfd4a8
            set type dynamic
            set sdn "ibm_gen2"
            set color 19
            set filter "ResourceGroup=alex-grp2"
            config list
                edit "10.241.128.4"
                next
                edit "10.241.128.5"
                next
                edit "10.241.129.4"
                next
                edit "52.117.126.69"
                next
            end
        next
    end