Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Configuring fabric connectors

You can use FortiManager to create fabric connectors for the following products:

  • Cisco Application Centric Infrastructure (ACI)
  • Amazon Web Services (AWS)
  • Microsoft Azure
  • VMware NSX
  • Nuage Virtualized Services Platform.

When you create a fabric connector for ACI or Nuage Virtualized Services Plan, you are specifying how FortiGate can communicate with the products through Fortinet SDN Connector. As a result, you are configuring communication and authentication information for Fortinet SDN Connector.

When you create a fabric connector for Microsoft Azure, VMware NSX, or Nuage Virtualized Services Platform, you are specifying how FortiGate can communicate directly with the products.

If ADOMs are enabled, you can create one fabric connector per ADOM for AWS, Microsoft Azure, and VMware NSX. For ACI and Nuage Virtualized Services Platform, you can create multiple fabric connectors per ADOM; however, each fabric connector requires a unique IP address.

note icon

You must display the option before you can set it. On the Policy & Objects > Object Configurations pane, from the Tools menu, select Display Options. In the Security Fabric section, select the Fabric Connectors checkbox to display this option.

To create a fabric connector for Fortinet SDN Connector:
  1. Go to Policy & Objects > Object Configurations.
  2. Expand Security Fabric, and select Fabric Connectors.
  3. In the content pane, click Create New.
  4. Configure the following options, and then click OK:
    Name Type a name for the fabric connector object.
    Type

    Specify the type of fabric connector object. Select one of the following options:

    • Application Centric Infrastructure (ACI)
    • Nuage Virtualized Services Platform
    IP

    Type the IP address for Fortinet SDN Connector.

    Port

    Identify the port used for Fortinet SDN Connector.

    Perform one of the following options:

    • Click Use Default to use the default port.
    • Click Specify and type the port number.
    User Name

    Type the user name for Fortinet SDN Connector.

    This option is available when Type is Application Centric Infrastructure (ACI) or Nuage Virtualized Services Platform.

    Password

    Type the password for Fortinet SDN Connector.

    This option is available when Type is Application Centric Infrastructure (ACI) or Nuage Virtualized Services Platform.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

To create a fabric connector for AWS:
  1. Go to Policy & Objects > Object Configurations.
  2. Expand Security Fabric, and select Fabric Connectors.
  3. In the content pane, click Create New.
  4. Configure the following options, and then click OK:
    Name Type a name for the fabric connector object.
    Type

    Specify the type of fabric connector object. Select Amazon Web Services (AWS).

    AWS access key ID

    Type the access key ID from AWS.

    This option is available when Type is Amazon Web Services (AWS).

    AWS secret access key

    Type the secret access key from AWS.

    This option is available when Type is Amazon Web Services (AWS).

    AWS region name

    Type the region name from AWS.

    This option is available when Type is Amazon Web Services (AWS).

    AWS VPC ID

    Type the AWS VPC ID

    This option is available when Type is Amazon Web Services (AWS).

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    This option is available when Type is VMware NSX or Amazon Web Services (AWS).

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

To create a fabric connector for Microsoft Azure:
  1. Go to Policy & Objects > Object Configurations.
  2. Expand Security Fabric, and select Fabric Connectors.
  3. In the content pane, click Create New.
  4. Configure the following options, and then click OK:
    Name Type a name for the fabric connector object.
    Type

    Specify the type of fabric connector object. Select Microsoft Azure.

    Azure tenant ID

    Type the tenant ID from Azure.

    Azure client ID

    Type the client ID from Azure.

    Azure client secret

    Type the client secret from Azure.

    Azure subscription ID

    Type the subscription ID for Azure.

    Azure resource group

    Type the resource group for Azure.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    Advanced Options

    Expand to specify advanced options for Azure.

    azure-region

    Select an Azure region.

To create a fabric connector for Vmware NSX:
  1. Go to Policy & Objects > Object Configurations.
  2. Expand Security Fabric, and select Fabric Connectors.
  3. In the content pane, click Create New.
  4. Configure the following options, and then click OK:
    Name Type a name for the fabric connector object.
    Type

    Specify the type of fabric connector object. Select VMware NSX.

    IP

    Type the IP address for VMware NSX.

    User Name

    Type the user name for VMware NSX.

    Password

    Type the password for VMware NSX.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    VMX

    The VMX options identify settings used by the FortiGate VMX Service Manager to communicate with the REST API for NSX Manager.

    Service Name

    Type the name of the FortiGate VMX service defined on NSX Manager.

    Image Location

    Type the location of the FortiGate VMX deployment template used by NSX Manager to deploy the FortiGate VMX service.

    REST API

    The REST API options specify how the FortiGate VMX Service Manager communicates with the REST API for NSX Manager.

    Port

    Type the port used by the FortiGate VMX Service Manager to communicate with NSX Manager.

    Interface

    Select the interface used by the FortiGate VMX Service Manager to communicate with NSX Manager. Choose between Mgmt and Sync.

    Password

    Type the password that FortiGate VMX Service Manager uses with the REST API to communicate with NSX Manager.

    Note: This is not the admin password for FortiGate VMX Service Manager.

Configuring fabric connectors

You can use FortiManager to create fabric connectors for the following products:

  • Cisco Application Centric Infrastructure (ACI)
  • Amazon Web Services (AWS)
  • Microsoft Azure
  • VMware NSX
  • Nuage Virtualized Services Platform.

When you create a fabric connector for ACI or Nuage Virtualized Services Plan, you are specifying how FortiGate can communicate with the products through Fortinet SDN Connector. As a result, you are configuring communication and authentication information for Fortinet SDN Connector.

When you create a fabric connector for Microsoft Azure, VMware NSX, or Nuage Virtualized Services Platform, you are specifying how FortiGate can communicate directly with the products.

If ADOMs are enabled, you can create one fabric connector per ADOM for AWS, Microsoft Azure, and VMware NSX. For ACI and Nuage Virtualized Services Platform, you can create multiple fabric connectors per ADOM; however, each fabric connector requires a unique IP address.

note icon

You must display the option before you can set it. On the Policy & Objects > Object Configurations pane, from the Tools menu, select Display Options. In the Security Fabric section, select the Fabric Connectors checkbox to display this option.

To create a fabric connector for Fortinet SDN Connector:
  1. Go to Policy & Objects > Object Configurations.
  2. Expand Security Fabric, and select Fabric Connectors.
  3. In the content pane, click Create New.
  4. Configure the following options, and then click OK:
    Name Type a name for the fabric connector object.
    Type

    Specify the type of fabric connector object. Select one of the following options:

    • Application Centric Infrastructure (ACI)
    • Nuage Virtualized Services Platform
    IP

    Type the IP address for Fortinet SDN Connector.

    Port

    Identify the port used for Fortinet SDN Connector.

    Perform one of the following options:

    • Click Use Default to use the default port.
    • Click Specify and type the port number.
    User Name

    Type the user name for Fortinet SDN Connector.

    This option is available when Type is Application Centric Infrastructure (ACI) or Nuage Virtualized Services Platform.

    Password

    Type the password for Fortinet SDN Connector.

    This option is available when Type is Application Centric Infrastructure (ACI) or Nuage Virtualized Services Platform.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

To create a fabric connector for AWS:
  1. Go to Policy & Objects > Object Configurations.
  2. Expand Security Fabric, and select Fabric Connectors.
  3. In the content pane, click Create New.
  4. Configure the following options, and then click OK:
    Name Type a name for the fabric connector object.
    Type

    Specify the type of fabric connector object. Select Amazon Web Services (AWS).

    AWS access key ID

    Type the access key ID from AWS.

    This option is available when Type is Amazon Web Services (AWS).

    AWS secret access key

    Type the secret access key from AWS.

    This option is available when Type is Amazon Web Services (AWS).

    AWS region name

    Type the region name from AWS.

    This option is available when Type is Amazon Web Services (AWS).

    AWS VPC ID

    Type the AWS VPC ID

    This option is available when Type is Amazon Web Services (AWS).

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    This option is available when Type is VMware NSX or Amazon Web Services (AWS).

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

To create a fabric connector for Microsoft Azure:
  1. Go to Policy & Objects > Object Configurations.
  2. Expand Security Fabric, and select Fabric Connectors.
  3. In the content pane, click Create New.
  4. Configure the following options, and then click OK:
    Name Type a name for the fabric connector object.
    Type

    Specify the type of fabric connector object. Select Microsoft Azure.

    Azure tenant ID

    Type the tenant ID from Azure.

    Azure client ID

    Type the client ID from Azure.

    Azure client secret

    Type the client secret from Azure.

    Azure subscription ID

    Type the subscription ID for Azure.

    Azure resource group

    Type the resource group for Azure.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    Advanced Options

    Expand to specify advanced options for Azure.

    azure-region

    Select an Azure region.

To create a fabric connector for Vmware NSX:
  1. Go to Policy & Objects > Object Configurations.
  2. Expand Security Fabric, and select Fabric Connectors.
  3. In the content pane, click Create New.
  4. Configure the following options, and then click OK:
    Name Type a name for the fabric connector object.
    Type

    Specify the type of fabric connector object. Select VMware NSX.

    IP

    Type the IP address for VMware NSX.

    User Name

    Type the user name for VMware NSX.

    Password

    Type the password for VMware NSX.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    VMX

    The VMX options identify settings used by the FortiGate VMX Service Manager to communicate with the REST API for NSX Manager.

    Service Name

    Type the name of the FortiGate VMX service defined on NSX Manager.

    Image Location

    Type the location of the FortiGate VMX deployment template used by NSX Manager to deploy the FortiGate VMX service.

    REST API

    The REST API options specify how the FortiGate VMX Service Manager communicates with the REST API for NSX Manager.

    Port

    Type the port used by the FortiGate VMX Service Manager to communicate with NSX Manager.

    Interface

    Select the interface used by the FortiGate VMX Service Manager to communicate with NSX Manager. Choose between Mgmt and Sync.

    Password

    Type the password that FortiGate VMX Service Manager uses with the REST API to communicate with NSX Manager.

    Note: This is not the admin password for FortiGate VMX Service Manager.