Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Creating VMware NSX fabric connectors

With FortiManager, you can create a fabric connector for VMware NSX, and then import address names from VMware NSX to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with VMware NSX and dynamically populate the objects with IP addresses. Fortinet SDN Connector is not required for this configuration.

When you create a fabric connector for VMware NSX, you are specifying how FortiGate can communicate directly with VMware NSX.

If ADOMs are enabled, you can create one fabric connector per ADOM.

Requirements:

  • FortiManager version 5.6 ADOM or later

    The method described in this topic for creating fabric connectors requires version 6.0 ADOM or later.

  • FortiGate unit or FortiGate VMX Service Manager is managed by FortiManager.
  • The managed FortiGate or FortiGate VMX Service Manager is configured to work with VMware NSX .
  • IPv4 virtual wire pair policy

    FortiGate or FortiGate VMX Service Manager requires the use of an IPv4 virtual wire pair policy.

To create a fabric connector object for NSX:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New. The Create New Fabric Connector wizard is displayed.
  3. Under SDN, select NSX, and click Next.
  4. Configure the following options, and then click OK:

    Name

    Type a name for the fabric connector object.

    Type

    Displays VMware NSX.

    IP

    Type the IP address for VMware NSX.

    User Name

    Type the user name for VMware NSX.

    Password

    Type the password for VMware NSX.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    VMX

    The VMX options identify settings used by the FortiGate VMX Service Manager to communicate with the REST API for NSX Manager.

    Service Name

    Type the name of the FortiGate VMX service defined on NSX Manager.

    Image Location

    Type the location of the FortiGate VMX deployment template used by NSX Manager to deploy the FortiGate VMX service.

    REST API

    The REST API options specify how the FortiGate VMX Service Manager communicates with the REST API for NSX Manager.

    Port

    Type the port used by the FortiGate VMX Service Manager to communicate with NSX Manager.

    Interface

    Select the interface used by the FortiGate VMX Service Manager to communicate with NSX Manager. Choose between Mgmt and Sync.

    Password

    Type the password that FortiGate VMX Service Manager uses with the REST API to communicate with NSX Manager.

    Note: This is not the admin password for FortiGate VMX Service Manager.

To complete the fabric connector setup:
  1. Import address names from VMware NSX to the fabric connector object. See Importing address names to fabric connectors.

    The address names are imported and converted to firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.

  2. Create a virtual wire pair. See Configuring virtual wire pairs.
  3. In the policy package in which you will be creating the new policy, create an IPv4 virtual wire pair policy, select the virtual wire pair, and add the firewall address objects for the VMware NSX. See Virtual wire pair policy.
  4. Install the policy package to FortiGate or FortiGate VMX Service Manager. See Install a policy package.

    The ForitGate unit or FortiGate VMX Service Manager communicates with VMware NSX to dynamically populate the firewall address objects with IP addresses.

If the address names change in VMware NSX after you import them to FortiManager, you must import the address names again.

Creating VMware NSX fabric connectors

With FortiManager, you can create a fabric connector for VMware NSX, and then import address names from VMware NSX to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with VMware NSX and dynamically populate the objects with IP addresses. Fortinet SDN Connector is not required for this configuration.

When you create a fabric connector for VMware NSX, you are specifying how FortiGate can communicate directly with VMware NSX.

If ADOMs are enabled, you can create one fabric connector per ADOM.

Requirements:

  • FortiManager version 5.6 ADOM or later

    The method described in this topic for creating fabric connectors requires version 6.0 ADOM or later.

  • FortiGate unit or FortiGate VMX Service Manager is managed by FortiManager.
  • The managed FortiGate or FortiGate VMX Service Manager is configured to work with VMware NSX .
  • IPv4 virtual wire pair policy

    FortiGate or FortiGate VMX Service Manager requires the use of an IPv4 virtual wire pair policy.

To create a fabric connector object for NSX:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New. The Create New Fabric Connector wizard is displayed.
  3. Under SDN, select NSX, and click Next.
  4. Configure the following options, and then click OK:

    Name

    Type a name for the fabric connector object.

    Type

    Displays VMware NSX.

    IP

    Type the IP address for VMware NSX.

    User Name

    Type the user name for VMware NSX.

    Password

    Type the password for VMware NSX.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    VMX

    The VMX options identify settings used by the FortiGate VMX Service Manager to communicate with the REST API for NSX Manager.

    Service Name

    Type the name of the FortiGate VMX service defined on NSX Manager.

    Image Location

    Type the location of the FortiGate VMX deployment template used by NSX Manager to deploy the FortiGate VMX service.

    REST API

    The REST API options specify how the FortiGate VMX Service Manager communicates with the REST API for NSX Manager.

    Port

    Type the port used by the FortiGate VMX Service Manager to communicate with NSX Manager.

    Interface

    Select the interface used by the FortiGate VMX Service Manager to communicate with NSX Manager. Choose between Mgmt and Sync.

    Password

    Type the password that FortiGate VMX Service Manager uses with the REST API to communicate with NSX Manager.

    Note: This is not the admin password for FortiGate VMX Service Manager.

To complete the fabric connector setup:
  1. Import address names from VMware NSX to the fabric connector object. See Importing address names to fabric connectors.

    The address names are imported and converted to firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.

  2. Create a virtual wire pair. See Configuring virtual wire pairs.
  3. In the policy package in which you will be creating the new policy, create an IPv4 virtual wire pair policy, select the virtual wire pair, and add the firewall address objects for the VMware NSX. See Virtual wire pair policy.
  4. Install the policy package to FortiGate or FortiGate VMX Service Manager. See Install a policy package.

    The ForitGate unit or FortiGate VMX Service Manager communicates with VMware NSX to dynamically populate the firewall address objects with IP addresses.

If the address names change in VMware NSX after you import them to FortiManager, you must import the address names again.