Fortinet black logo

Version:

7.4.0
7.2.4
7.2.3

Version:

7.2.2
7.2.1
7.2.0

Version:

7.0.11
7.0.10
7.0.9

Version:

7.0.8
7.0.7
7.0.6

Version:

7.0.5
7.0.4
7.0.3

Version:

7.0.2
7.0.1
7.0.0

Version:

6.4.12
6.4.11
6.4.10

Version:

6.4.9
6.4.8
6.4.7

Version:

6.4.6
6.4.5
6.4.4

Version:

6.4.3
6.4.2
6.4.1

Version:

6.4.0

Table of Contents

More Links

Azure SDN connector service principal configuration requirements
Configuring an SDN connector using a managed identity
Configuring an Azure SDN connector for Azure resources
Azure SDN connector using ServiceTag and Region filter keys
Troubleshooting Azure SDN connector

Administration Guide

6.4.7
7.4.0
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
Download PDF
Copy Link

Azure SDN connector using service principal

FortiOS automatically updates dynamic addresses for Azure using Azure SDN connector, including mapping attributes from Azure instances to dynamic address groups in FortiOS.

Note

This topic describes one of multiple configuration methods available with this SDN connector type. See the More Links section on the right sidebar for other methods.
To configure the Azure SDN connector using service principal:
  1. Create an Azure SDN connector:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. Select Microsoft Azure.
    3. Configure the connector. See Azure SDN connector service principal configuration requirements:

    4. Click OK.
  2. Create a dynamic firewall address for the Azure connector.
    1. Go to Policy & Objects > Addresses and click Create New > Address.
    2. From the Type dropdown list, select Dynamic.
    3. From the Sub Type dropdown list, select Fabric Connector Address.
    4. From the SDN Connector dropdown list, select the Azure SDN connector.
    5. In the Filter field, add filters as desired. The Azure SDN connector supports the following filters:
      • vm=<VM name>
      • securitygroup=<nsg id>
      • vnet=<VNet id>
      • subnet=<subnet id>
      • vmss=<VM scale set>
      • tag.<key>=<value>
      • servicetag=<value>
      • tag.<key>=<value>
    6. Click OK.
    7. Hover the cursor over the address name to see the dynamic IP addresses that the connector resolves.
Previous
Next

More Links

Azure SDN connector service principal configuration requirements
Configuring an SDN connector using a managed identity
Configuring an Azure SDN connector for Azure resources
Azure SDN connector using ServiceTag and Region filter keys
Troubleshooting Azure SDN connector

Azure SDN connector using service principal

FortiOS automatically updates dynamic addresses for Azure using Azure SDN connector, including mapping attributes from Azure instances to dynamic address groups in FortiOS.

Note

This topic describes one of multiple configuration methods available with this SDN connector type. See the More Links section on the right sidebar for other methods.
To configure the Azure SDN connector using service principal:
  1. Create an Azure SDN connector:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. Select Microsoft Azure.
    3. Configure the connector. See Azure SDN connector service principal configuration requirements:

    4. Click OK.
  2. Create a dynamic firewall address for the Azure connector.
    1. Go to Policy & Objects > Addresses and click Create New > Address.
    2. From the Type dropdown list, select Dynamic.
    3. From the Sub Type dropdown list, select Fabric Connector Address.
    4. From the SDN Connector dropdown list, select the Azure SDN connector.
    5. In the Filter field, add filters as desired. The Azure SDN connector supports the following filters:
      • vm=<VM name>
      • securitygroup=<nsg id>
      • vnet=<VNet id>
      • subnet=<subnet id>
      • vmss=<VM scale set>
      • tag.<key>=<value>
      • servicetag=<value>
      • tag.<key>=<value>
    6. Click OK.
    7. Hover the cursor over the address name to see the dynamic IP addresses that the connector resolves.
Previous
Next