SDN dynamic connector addresses in SD-WAN rules

SDN dynamic connector addresses can be used in SD-WAN rules. FortiGate supports both public (AWS, Azure, GCP, OCI, AliCloud) and private (Kubernetes, VMware ESXi and NSX, OpenStack, ACI, Nuage) SDN connectors.

The configuration procedure for all of the supported SDN connector types is the same. This example uses an Azure public SDN connector.

There are four steps to create and use an SDN connector address in an SD-WAN rule:

  1. Configure the FortiGate IP address and network gateway so that it can reach the Internet.
  2. Create an Azure SDN connector.
  3. Create a firewall address to associate with the configured SDN connector.
  4. Use the firewall address in an SD-WAN service rule.
To create an Azure SDN connector:
  1. Go to Security Fabric > External Connectors.
  2. Click Create New.
  3. In the Public SDN section, click Microsoft Azure.
  4. Enter the following:





    Update Interval

    Use Default

    Server region


    Directory ID


    Application ID


    Client secret


    Resource path


  5. Click OK.
To create a firewall address to associate with the configured SDN connector: