Fortinet black logo

Administration Guide

Azure SDN connector using service principal

Azure SDN connector using service principal

FortiOS automatically updates dynamic addresses for Azure using Azure SDN connector, including mapping attributes from Azure instances to dynamic address groups in FortiOS.

Note

This topic describes one of multiple configuration methods available with this SDN connector type. See the More Links section on the right sidebar for other methods.

To configure the Azure SDN connector using service principal:
  1. Create an Azure SDN connector:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. Select Microsoft Azure.
    3. Configure the connector. See Azure SDN connector service principal configuration requirements:

    4. Click OK.
  2. Create a dynamic firewall address for the Azure connector.
    1. Go to Policy & Objects > Addresses and click Create New > Address.
    2. From the Type dropdown list, select Dynamic.
    3. From the Sub Type dropdown list, select Fabric Connector Address.
    4. From the SDN Connector dropdown list, select the Azure SDN connector.
    5. In the Filter field, add filters as desired. The Azure SDN connector supports the following filters:
      • vm=<VM name>
      • securitygroup=<nsg id>
      • vnet=<VNet id>
      • subnet=<subnet id>
      • vmss=<VM scale set>
      • tag.<key>=<value>
      • servicetag=<value>
      • tag.<key>=<value>
    6. Click OK.
    7. Hover the cursor over the address name to see the dynamic IP addresses that the connector resolves.

Azure SDN connector using service principal

FortiOS automatically updates dynamic addresses for Azure using Azure SDN connector, including mapping attributes from Azure instances to dynamic address groups in FortiOS.

Note

This topic describes one of multiple configuration methods available with this SDN connector type. See the More Links section on the right sidebar for other methods.

To configure the Azure SDN connector using service principal:
  1. Create an Azure SDN connector:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. Select Microsoft Azure.
    3. Configure the connector. See Azure SDN connector service principal configuration requirements:

    4. Click OK.
  2. Create a dynamic firewall address for the Azure connector.
    1. Go to Policy & Objects > Addresses and click Create New > Address.
    2. From the Type dropdown list, select Dynamic.
    3. From the Sub Type dropdown list, select Fabric Connector Address.
    4. From the SDN Connector dropdown list, select the Azure SDN connector.
    5. In the Filter field, add filters as desired. The Azure SDN connector supports the following filters:
      • vm=<VM name>
      • securitygroup=<nsg id>
      • vnet=<VNet id>
      • subnet=<subnet id>
      • vmss=<VM scale set>
      • tag.<key>=<value>
      • servicetag=<value>
      • tag.<key>=<value>
    6. Click OK.
    7. Hover the cursor over the address name to see the dynamic IP addresses that the connector resolves.