SDN dynamic connector addresses in SD-WAN rules

SDN dynamic connector addresses can be used in SD-WAN rules. FortiGate supports both public (AWS, Azure, GCP, OCI, AliCloud) and private (Kubernetes, VMware ESXi and NSX, OpenStack, ACI, Nuage) SDN connectors.

The configuration procedure for all of the supported SDN connector types is the same. This example uses an Azure public SDN connector.

There are four steps to create and use an SDN connector address in an SD-WAN rule:

  1. Configure the FortiGate IP address and network gateway so that it can reach the Internet.
  2. Create an Azure SDN connector.
  3. Create a firewall address to associate with the configured SDN connector.
  4. Use the firewall address in an SD-WAN service rule.
To create an Azure SDN connector:
  1. Go to Security Fabric > External Connectors.
  2. Click Create New.
  3. In the Public SDN section, click Microsoft Azure.
  4. Enter the following:

    Name

    azure1

    Status

    Enabled

    Update Interval

    Use Default

    Server region

    Global

    Directory ID

    942b80cd-1b14-42a1-8dcf-4b21dece61ba

    Application ID

    14dbd5c5-307e-4ea4-8133-68738141feb1

    Client secret

    xxxxxx

    Resource path

    disabled

  5. Click OK.
To create a firewall address to associate with the configured SDN connector:
<