With FortiManager, you can create a fabric connector for VMware NSX, and then import address names from VMware NSX to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with VMware NSX and dynamically populate the objects with IP addresses. Fortinet SDN Connector is not required for this configuration.
- FortiManager 5.6 or later ADOM
- FortiGate unit or FortiGate VMX Service Manager is managed by FortiManager
- The managed FortiGate or FortiGate VMX Service Manager is configured to work with VMware NSX
- IPv4 virtual wire pair policy
FortiGate or FortiGate VMX Service Manager requires the use of an IPv4 virtual wire pair policy.
Following is a high-level overview of the configuration procedure:
- In FortiManager, ensure that you are using a 5.6 or later ADOM.
- Create a fabric connector object for VMware NSX. See Configuring fabric connectors.
- Import address names from VMware NSX to the fabric connector object.
See Importing address names to fabric connectors.
The address names are imported and converted to firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.
- Create a virtual wire pair. See Configuring virtual wire pairs.
- In the policy package in which you will be creating the new policy, create an IPv4 virtual wire pair policy, select the virtual wire pair, and add the firewall address objects for the VMware NSX. See Virtual wire pair policy.
- Install the policy package to FortiGate or FortiGate VMX Service Manager.
See Install a policy package.
The ForitGate unit or FortiGate VMX Service Manager communicates with VMware NSX to dynamically populate the firewall address objects with IP addresses.
If the address names change in VMware NSX after you import them to FortiManager, you must import the address names again.