Fortinet black logo

Administration Guide

OpenStack (Horizon) SDN connector with domain filter

OpenStack (Horizon) SDN connector with domain filter

You can select a domain attribute when configuring an OpenStack SDN connector in FortiOS. When a domain is configured for the OpenStack SDN connector, FortiOS resolves OpenStack dynamic firewall addresses from the specified OpenStack domain. If a domain is not specified, FortiOS resolves the dynamic firewall addresses using the default OpenStack domain.

To configure OpenStack SDN connector with a domain filter using the GUI:
  1. Configure the OpenStack SDN connector:
    1. Go to Security Fabric > External Connectors.
    2. Click Create New, and select Openstack (Horizon).
    3. In the Domain field, enter the desired domain name from OpenStack. The fabric connector will only resolve IP addresses for instances that belong to the specified domain.
    4. Configure as shown, substituting the server IP address, username, and password for your deployment. The update interval is in seconds.

  2. Create a dynamic firewall address for the configured OpenStack SDN connector:
    1. Go to Policy & Objects > Addresses.
    2. Click Create New, then select Address.
    3. Configure the address as shown, selecting the desired filter in the Filter dropdown list. The OpenStack SDN connector will automatically populate and update IP addresses only for instances that belong to the specified domain and network:

  3. Ensure that the OpenStack SDN connector resolves dynamic firewall IP addresses:
    1. Go to Policy & Objects > Addresses.
    2. Hover over the address created in step 2 to see a list of IP addresses for instances that belong to the specified domain and specified network as configured in steps 1 and 2:

To configure OpenStack SDN connector with a domain filter using CLI commands:
  1. Configure the OpenStack SDN connector. The SDN connector will only resolve IP addresses for instances that belong to the specified domain:

    config system sdn-connector

    edit "openstack-domain"

    set type openstack

    set server "http://172.16.165.86:5000"

    set username "example_username"

    set password xxxxx

    set domain "example_domain"

    set update-interval 30

    next

    end

  2. Create a dynamic firewall address for the configured OpenStack SDN connector with the supported OpenStack filter. The OpenStack SDN connector will automatically populate and update IP addresses only for instances that belong to the specified domain and the specified network:

    config firewall address

    edit "openstack-domain-network"

    set type dynamic

    set sdn "openstack-domain"

    set filter "Network=example-net1"

    next

    end

  3. Confirm that the OpenStack SDN connector resolves dynamic firewall IP addresses using the configured domain and filter:

    config firewall address

    edit "openstack-domain-network"

    set type dynamic

    set sdn "openstack-domain"

    set filter "Network=example-net1"

    config list

    edit "10.0.0.13"

    next

    edit "10.0.0.16"

    next

    edit "10.0.0.3"

    next

    edit "172.24.4.18"

    next

    edit "172.24.4.24"

    next

    edit "172.24.4.3"

    next

    end

    next

    end

OpenStack (Horizon) SDN connector with domain filter

You can select a domain attribute when configuring an OpenStack SDN connector in FortiOS. When a domain is configured for the OpenStack SDN connector, FortiOS resolves OpenStack dynamic firewall addresses from the specified OpenStack domain. If a domain is not specified, FortiOS resolves the dynamic firewall addresses using the default OpenStack domain.

To configure OpenStack SDN connector with a domain filter using the GUI:
  1. Configure the OpenStack SDN connector:
    1. Go to Security Fabric > External Connectors.
    2. Click Create New, and select Openstack (Horizon).
    3. In the Domain field, enter the desired domain name from OpenStack. The fabric connector will only resolve IP addresses for instances that belong to the specified domain.
    4. Configure as shown, substituting the server IP address, username, and password for your deployment. The update interval is in seconds.

  2. Create a dynamic firewall address for the configured OpenStack SDN connector:
    1. Go to Policy & Objects > Addresses.
    2. Click Create New, then select Address.
    3. Configure the address as shown, selecting the desired filter in the Filter dropdown list. The OpenStack SDN connector will automatically populate and update IP addresses only for instances that belong to the specified domain and network:

  3. Ensure that the OpenStack SDN connector resolves dynamic firewall IP addresses:
    1. Go to Policy & Objects > Addresses.
    2. Hover over the address created in step 2 to see a list of IP addresses for instances that belong to the specified domain and specified network as configured in steps 1 and 2:

To configure OpenStack SDN connector with a domain filter using CLI commands:
  1. Configure the OpenStack SDN connector. The SDN connector will only resolve IP addresses for instances that belong to the specified domain:

    config system sdn-connector

    edit "openstack-domain"

    set type openstack

    set server "http://172.16.165.86:5000"

    set username "example_username"

    set password xxxxx

    set domain "example_domain"

    set update-interval 30

    next

    end

  2. Create a dynamic firewall address for the configured OpenStack SDN connector with the supported OpenStack filter. The OpenStack SDN connector will automatically populate and update IP addresses only for instances that belong to the specified domain and the specified network:

    config firewall address

    edit "openstack-domain-network"

    set type dynamic

    set sdn "openstack-domain"

    set filter "Network=example-net1"

    next

    end

  3. Confirm that the OpenStack SDN connector resolves dynamic firewall IP addresses using the configured domain and filter:

    config firewall address

    edit "openstack-domain-network"

    set type dynamic

    set sdn "openstack-domain"

    set filter "Network=example-net1"

    config list

    edit "10.0.0.13"

    next

    edit "10.0.0.16"

    next

    edit "10.0.0.3"

    next

    edit "172.24.4.18"

    next

    edit "172.24.4.24"

    next

    edit "172.24.4.3"

    next

    end

    next

    end