Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config system sdn-connector

Configure connection to SDN Connector.

config system sdn-connector

Description: Configure connection to SDN Connector.

edit <name>

set status [disable|enable]

set type [aci|alicloud|...]

set use-metadata-iam [disable|enable]

set ha-status [disable|enable]

set verify-certificate [disable|enable]

set server {string}

set server-list <ip1>, <ip2>, ...

set server-port {integer}

set username {string}

set password {password_aes256}

set vcenter-server {string}

set vcenter-username {string}

set vcenter-password {password_aes256}

set access-key {string}

set secret-key {password}

set region {string}

set vpc-id {string}

set tenant-id {string}

set client-id {string}

set client-secret {password}

set subscription-id {string}

set resource-group {string}

set login-endpoint {string}

set resource-url {string}

set azure-region [global|china|...]

config nic

Description: Configure Azure network interface.

edit <name>

config ip

Description: Configure IP configuration.

edit <name>

set public-ip {string}

set resource-group {string}

next

end

next

end

config route-table

Description: Configure Azure route table.

edit <name>

set subscription-id {string}

set resource-group {string}

config route

Description: Configure Azure route.

edit <name>

set next-hop {string}

next

end

next

end

set user-id {string}

set compartment-id {string}

set oci-region {string}

set oci-region-type [commercial|government]

set oci-cert {string}

set oci-fingerprint {string}

config external-ip

Description: Configure GCP external IP.

edit <name>

next

end

config route

Description: Configure GCP route.

edit <name>

next

end

set gcp-project {string}

set service-account {string}

set private-key {user}

set secret-token {user}

set domain {string}

set group-name {string}

set api-key {password}

set compute-generation {integer}

set ibm-region [us-south|us-east|...]

set update-interval {integer}

next

end

config system sdn-connector

Parameter

Description

Type

Size

Default

status

Enable/disable connection to the remote SDN connector.

option

-

enable

 

Option

Description

disable

Disable connection to this SDN Connector.

enable

Enable connection to this SDN Connector.

type

Type of SDN connector.

option

-

aws

 

Option

Description

aci

Application Centric Infrastructure (ACI).

alicloud

AliCloud Service (ACS).

aws

Amazon Web Services (AWS).

azure

Microsoft Azure.

gcp

Google Cloud Platform (GCP).

nsx

VMware NSX.

nuage

Nuage VSP.

oci

Oracle Cloud Infrastructure.

openstack

OpenStack.

kubernetes

Kubernetes.

vmware

VMware vSphere (vCenter & ESXi).

sepm

Symantec Endpoint Protection Manager.

aci-direct

Application Centric Infrastructure (ACI Direct Connection).

ibm

IBM Cloud Infrastructure.

nutanix

Nutanix Prism Central.

use-metadata-iam

Enable/disable use of IAM role from metadata to call API.

option

-

disable

 

Option

Description

disable

Disable using IAM role to call API.

enable

Enable using IAM role to call API.

ha-status

Enable/disable use for FortiGate HA service.

option

-

disable

 

Option

Description

disable

Disable use for FortiGate HA service.

enable

Enable use for FortiGate HA service.

verify-certificate

Enable/disable server certificate verification.

option

-

enable

 

Option

Description

disable

Disable server certificate verification.

enable

Enable server certificate verification.

server

Server address of the remote SDN connector.

string

Maximum length: 127

server-list <ip>

Server address list of the remote SDN connector.

IPv4 address.

string

Maximum length: 15

server-port

Port number of the remote SDN connector.

integer

Minimum value: 0 Maximum value: 65535

0

username

Username of the remote SDN connector as login credentials.

string

Maximum length: 64

password

Password of the remote SDN connector as login credentials.

password_aes256

Not Specified

vcenter-server

vCenter server address for NSX quarantine.

string

Maximum length: 127

vcenter-username

vCenter server username for NSX quarantine.

string

Maximum length: 64

vcenter-password

vCenter server password for NSX quarantine.

password_aes256

Not Specified

access-key

AWS / ACS access key ID.

string

Maximum length: 31

secret-key

AWS / ACS secret access key.

password

Not Specified

region

AWS / ACS region name.

string

Maximum length: 31

vpc-id

AWS VPC ID.

string

Maximum length: 31

tenant-id

Tenant ID (directory ID).

string

Maximum length: 127

client-id

Azure client ID (application ID).

string

Maximum length: 63

client-secret

Azure client secret (application key).

password

Not Specified

subscription-id

Azure subscription ID.

string

Maximum length: 63

resource-group

Azure resource group.

string

Maximum length: 63

login-endpoint

Azure Stack login endpoint.

string

Maximum length: 127

resource-url

Azure Stack resource URL.

string

Maximum length: 127

azure-region

Azure server region.

option

-

global

 

Option

Description

global

Global Azure Server.

china

China Azure Server.

germany

Germany Azure Server.

usgov

US Government Azure Server.

local

Azure Stack Local Server.

user-id

User ID.

string

Maximum length: 127

compartment-id

Compartment ID.

string

Maximum length: 127

oci-region

OCI server region.

string

Maximum length: 31

oci-region-type

OCI region type.

option

-

commercial

 

Option

Description

commercial

Commercial region.

government

Government region.

oci-cert

OCI certificate.

string

Maximum length: 63

oci-fingerprint

OCI pubkey fingerprint.

string

Maximum length: 63

gcp-project

GCP project name.

string

Maximum length: 127

service-account

GCP service account email.

string

Maximum length: 127

private-key

Private key of GCP service account.

user

Not Specified

secret-token

Secret token of Kubernetes service account.

user

Not Specified

domain

Domain name.

string

Maximum length: 127

group-name

Group name of computers.

string

Maximum length: 127

api-key

IBM cloud API key or service ID API key.

password

Not Specified

compute-generation

Compute generation for IBM cloud infrastructure.

integer

Minimum value: 1 Maximum value: 2

2

ibm-region

IBM cloud region name.

option

-

us-south

 

Option

Description

us-south

US South (Dallas) Server.

us-east

US East (Washington DC) Server.

germany

Germany (Frankfurt) Server.

great-britain

Great Britain (London) Server.

japan

Japan (Tokyo) Server. (GEN1 support only)

australia

Australia (Sydney) Server. (GEN1 support only)

update-interval

Dynamic object update interval .

integer

Minimum value: 0 Maximum value: 3600

60

config ip

Parameter

Description

Type

Size

Default

public-ip

Public IP name.

string

Maximum length: 63

resource-group

Resource group of Azure public IP.

string

Maximum length: 63

config route-table

Parameter

Description

Type

Size

Default

subscription-id

Subscription ID of Azure route table.

string

Maximum length: 63

resource-group

Resource group of Azure route table.

string

Maximum length: 63

config route

Parameter

Description

Type

Size

Default

next-hop

Next hop address.

string

Maximum length: 127

config route

Parameter

Description

Type

Size

Default

next-hop

Next hop address.

string

Maximum length: 127

config system sdn-connector

Configure connection to SDN Connector.

config system sdn-connector

Description: Configure connection to SDN Connector.

edit <name>

set status [disable|enable]

set type [aci|alicloud|...]

set use-metadata-iam [disable|enable]

set ha-status [disable|enable]

set verify-certificate [disable|enable]

set server {string}

set server-list <ip1>, <ip2>, ...

set server-port {integer}

set username {string}

set password {password_aes256}

set vcenter-server {string}

set vcenter-username {string}

set vcenter-password {password_aes256}

set access-key {string}

set secret-key {password}

set region {string}

set vpc-id {string}

set tenant-id {string}

set client-id {string}

set client-secret {password}

set subscription-id {string}

set resource-group {string}

set login-endpoint {string}

set resource-url {string}

set azure-region [global|china|...]

config nic

Description: Configure Azure network interface.

edit <name>

config ip

Description: Configure IP configuration.

edit <name>

set public-ip {string}

set resource-group {string}

next

end

next

end

config route-table

Description: Configure Azure route table.

edit <name>

set subscription-id {string}

set resource-group {string}

config route

Description: Configure Azure route.

edit <name>

set next-hop {string}

next

end

next

end

set user-id {string}

set compartment-id {string}

set oci-region {string}

set oci-region-type [commercial|government]

set oci-cert {string}

set oci-fingerprint {string}

config external-ip

Description: Configure GCP external IP.

edit <name>

next

end

config route

Description: Configure GCP route.

edit <name>

next

end

set gcp-project {string}

set service-account {string}

set private-key {user}

set secret-token {user}

set domain {string}

set group-name {string}

set api-key {password}

set compute-generation {integer}

set ibm-region [us-south|us-east|...]

set update-interval {integer}

next

end

config system sdn-connector

Parameter

Description

Type

Size

Default

status

Enable/disable connection to the remote SDN connector.

option

-

enable

 

Option

Description

disable

Disable connection to this SDN Connector.

enable

Enable connection to this SDN Connector.

type

Type of SDN connector.

option

-

aws

 

Option

Description

aci

Application Centric Infrastructure (ACI).

alicloud

AliCloud Service (ACS).

aws

Amazon Web Services (AWS).

azure

Microsoft Azure.

gcp

Google Cloud Platform (GCP).

nsx

VMware NSX.

nuage

Nuage VSP.

oci

Oracle Cloud Infrastructure.

openstack

OpenStack.

kubernetes

Kubernetes.

vmware

VMware vSphere (vCenter & ESXi).

sepm

Symantec Endpoint Protection Manager.

aci-direct

Application Centric Infrastructure (ACI Direct Connection).

ibm

IBM Cloud Infrastructure.

nutanix

Nutanix Prism Central.

use-metadata-iam

Enable/disable use of IAM role from metadata to call API.

option

-

disable

 

Option

Description

disable

Disable using IAM role to call API.

enable

Enable using IAM role to call API.

ha-status

Enable/disable use for FortiGate HA service.

option

-

disable

 

Option

Description

disable

Disable use for FortiGate HA service.

enable

Enable use for FortiGate HA service.

verify-certificate

Enable/disable server certificate verification.

option

-

enable

 

Option

Description

disable

Disable server certificate verification.

enable

Enable server certificate verification.

server

Server address of the remote SDN connector.

string

Maximum length: 127

server-list <ip>

Server address list of the remote SDN connector.

IPv4 address.

string

Maximum length: 15

server-port

Port number of the remote SDN connector.

integer

Minimum value: 0 Maximum value: 65535

0

username

Username of the remote SDN connector as login credentials.

string

Maximum length: 64

password

Password of the remote SDN connector as login credentials.

password_aes256

Not Specified

vcenter-server

vCenter server address for NSX quarantine.

string

Maximum length: 127

vcenter-username

vCenter server username for NSX quarantine.

string

Maximum length: 64

vcenter-password

vCenter server password for NSX quarantine.

password_aes256

Not Specified

access-key

AWS / ACS access key ID.

string

Maximum length: 31

secret-key

AWS / ACS secret access key.

password

Not Specified

region

AWS / ACS region name.

string

Maximum length: 31

vpc-id

AWS VPC ID.

string

Maximum length: 31

tenant-id

Tenant ID (directory ID).

string

Maximum length: 127

client-id

Azure client ID (application ID).

string

Maximum length: 63

client-secret

Azure client secret (application key).

password

Not Specified

subscription-id

Azure subscription ID.

string

Maximum length: 63

resource-group

Azure resource group.

string

Maximum length: 63

login-endpoint

Azure Stack login endpoint.

string

Maximum length: 127

resource-url

Azure Stack resource URL.

string

Maximum length: 127

azure-region

Azure server region.

option

-

global

 

Option

Description

global

Global Azure Server.

china

China Azure Server.

germany

Germany Azure Server.

usgov

US Government Azure Server.

local

Azure Stack Local Server.

user-id

User ID.

string

Maximum length: 127

compartment-id

Compartment ID.

string

Maximum length: 127

oci-region

OCI server region.

string

Maximum length: 31

oci-region-type

OCI region type.

option

-

commercial

 

Option

Description

commercial

Commercial region.

government

Government region.

oci-cert

OCI certificate.

string

Maximum length: 63

oci-fingerprint

OCI pubkey fingerprint.

string

Maximum length: 63

gcp-project

GCP project name.

string

Maximum length: 127

service-account

GCP service account email.

string

Maximum length: 127

private-key

Private key of GCP service account.

user

Not Specified

secret-token

Secret token of Kubernetes service account.

user

Not Specified

domain

Domain name.

string

Maximum length: 127

group-name

Group name of computers.

string

Maximum length: 127

api-key

IBM cloud API key or service ID API key.

password

Not Specified

compute-generation

Compute generation for IBM cloud infrastructure.

integer

Minimum value: 1 Maximum value: 2

2

ibm-region

IBM cloud region name.

option

-

us-south

 

Option

Description

us-south

US South (Dallas) Server.

us-east

US East (Washington DC) Server.

germany

Germany (Frankfurt) Server.

great-britain

Great Britain (London) Server.

japan

Japan (Tokyo) Server. (GEN1 support only)

australia

Australia (Sydney) Server. (GEN1 support only)

update-interval

Dynamic object update interval .

integer

Minimum value: 0 Maximum value: 3600

60

config ip

Parameter

Description

Type

Size

Default

public-ip

Public IP name.

string

Maximum length: 63

resource-group

Resource group of Azure public IP.

string

Maximum length: 63

config route-table

Parameter

Description

Type

Size

Default

subscription-id

Subscription ID of Azure route table.

string

Maximum length: 63

resource-group

Resource group of Azure route table.

string

Maximum length: 63

config route

Parameter

Description

Type

Size

Default

next-hop

Next hop address.

string

Maximum length: 127

config route

Parameter

Description

Type

Size

Default

next-hop

Next hop address.

string

Maximum length: 127