Configuring fabric connectors
You can use FortiManager to create fabric connectors for the following products:
- Cisco Application Centric Infrastructure (ACI)
- Amazon Web Services (AWS)
- Microsoft Azure
- VMware NSX
- Nuage Virtualized Services Platform.
When you create a fabric connector for ACI or Nuage Virtualized Services Plan, you are specifying how FortiGate can communicate with the products through Fortinet SDN Connector. As a result, you are configuring communication and authentication information for Fortinet SDN Connector.
When you create a fabric connector for Microsoft Azure, VMware NSX, or Nuage Virtualized Services Platform, you are specifying how FortiGate can communicate directly with the products.
If ADOMs are enabled, you can create one fabric connector per ADOM for AWS, Microsoft Azure, and VMware NSX. For ACI and Nuage Virtualized Services Platform, you can create multiple fabric connectors per ADOM; however, each fabric connector requires a unique IP address.
You must display the option before you can set it. On the Policy & Objects > Object Configurations pane, from the Tools menu, select Display Options. In the Security Fabric section, select the Fabric Connectors checkbox to display this option. |
To create a fabric connector for Fortinet SDN Connector:
- Go to Policy & Objects > Object Configurations.
- Expand Security Fabric, and select Fabric Connectors.
- In the content pane, click Create New.
- Configure the following options, and then click OK:
Name Type a name for the fabric connector object. Type Specify the type of fabric connector object. Select one of the following options:
- Application Centric Infrastructure (ACI)
- Nuage Virtualized Services Platform
IP Type the IP address for Fortinet SDN Connector.
Port
Identify the port used for Fortinet SDN Connector.
Perform one of the following options:
- Click Use Default to use the default port.
- Click Specify and type the port number.
User Name Type the user name for Fortinet SDN Connector.
This option is available when Type is Application Centric Infrastructure (ACI) or Nuage Virtualized Services Platform.
Password Type the password for Fortinet SDN Connector.
This option is available when Type is Application Centric Infrastructure (ACI) or Nuage Virtualized Services Platform.
Status
Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.
To create a fabric connector for AWS:
- Go to Policy & Objects > Object Configurations.
- Expand Security Fabric, and select Fabric Connectors.
- In the content pane, click Create New.
- Configure the following options, and then click OK:
Name Type a name for the fabric connector object. Type Specify the type of fabric connector object. Select Amazon Web Services (AWS).
AWS access key ID Type the access key ID from AWS.
This option is available when Type is Amazon Web Services (AWS).
AWS secret access key Type the secret access key from AWS.
This option is available when Type is Amazon Web Services (AWS).
AWS region name Type the region name from AWS.
This option is available when Type is Amazon Web Services (AWS).
AWS VPC ID Type the AWS VPC ID
This option is available when Type is Amazon Web Services (AWS).
Update Interval (s) Specify how often in seconds that the dynamic firewall objects should be updated.
This option is available when Type is VMware NSX or Amazon Web Services (AWS).
Status
Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.
To create a fabric connector for Microsoft Azure:
- Go to Policy & Objects > Object Configurations.
- Expand Security Fabric, and select Fabric Connectors.
- In the content pane, click Create New.
- Configure the following options, and then click OK:
Name Type a name for the fabric connector object. Type Specify the type of fabric connector object. Select Microsoft Azure.
Azure tenant ID Type the tenant ID from Azure.
Azure client ID Type the client ID from Azure.
Azure client secret Type the client secret from Azure.
Azure subscription ID Type the subscription ID for Azure.
Azure resource group Type the resource group for Azure.
Update Interval (s) Specify how often in seconds that the dynamic firewall objects should be updated.
Status
Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.
Advanced Options
Expand to specify advanced options for Azure.
azure-region
Select an Azure region.
To create a fabric connector for Vmware NSX:
- Go to Policy & Objects > Object Configurations.
- Expand Security Fabric, and select Fabric Connectors.
- In the content pane, click Create New.
- Configure the following options, and then click OK:
Name Type a name for the fabric connector object. Type Specify the type of fabric connector object. Select VMware NSX.
IP Type the IP address for VMware NSX.
User Name Type the user name for VMware NSX.
Password Type the password for VMware NSX.
Update Interval (s) Specify how often in seconds that the dynamic firewall objects should be updated.
Status
Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.
VMX
The VMX options identify settings used by the FortiGate VMX Service Manager to communicate with the REST API for NSX Manager.
Service Name
Type the name of the FortiGate VMX service defined on NSX Manager.
Image Location
Type the location of the FortiGate VMX deployment template used by NSX Manager to deploy the FortiGate VMX service.
REST API
The REST API options specify how the FortiGate VMX Service Manager communicates with the REST API for NSX Manager.
Port
Type the port used by the FortiGate VMX Service Manager to communicate with NSX Manager.
Interface
Select the interface used by the FortiGate VMX Service Manager to communicate with NSX Manager. Choose between Mgmt and Sync.
Password
Type the password that FortiGate VMX Service Manager uses with the REST API to communicate with NSX Manager.
Note: This is not the admin password for FortiGate VMX Service Manager.