Creating ACI fabric connectors
With FortiManager, you can create a fabric connector for Application Centric Infrastructure (ACI), and then import address names from ACI to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information and Fortinet SDN Connector to communicate with ACI and dynamically populate the objects with IP addresses.
When you create a fabric connector for ACI, you are specifying how FortiGate can communicate with ACI through Fortinet SDN Connector. As a result, you are configuring communication and authentication information for Fortinet SDN Connector.
If ADOMs are enabled, you can create multiple fabric connectors per ADOM; however, each fabric connector requires a unique IP address.
FortiManager version 5.6 ADOM or later
The method described in this topic for creating fabric connectors requires version 6.0 ADOM or later.
- FortiGate is managed by FortiManager.
- The managed FortiGate unit is configured to work with Application Centric Infrastructure (ACI).
To create a fabric connector object for ACI:
- Go to Fabric View > Fabric Connectors.
- Click Create New. The Create New Fabric Connector wizard is displayed.
- Under SDN, select ACI, and click Next.
- Configure the following options, and then click OK:
Type a name for the fabric connector object.
Displays Application Centric Infrastructure (ACI).
Type the IP address for Fortinet SDN Connector.
Identify the port used for Fortinet SDN Connector.
Perform one of the following options:
- Click Use Default to use the default port.
- Click Specify and type the port number.
Type the user name for Fortinet SDN Connector.
Type the password for Fortinet SDN Connector.
Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.
To complete the fabric connector setup:
- Import address names from ACI to the fabric connector object.
See Importing address names to fabric connectors.
The address names are imported and converted to dynamic firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.
- In the policy package in which you will be creating the new policy, create an IPv4 policy and include the firewall address objects for ACI. See IP policies.
- Install the policy package to FortiGate.
See Install a policy package.
FortiGate uses the information and Fortinet SDN Connector to communicate with ACI and dynamically populate the firewall address objects with IP addresses.
If the address names change in ACI after you import them to FortiManager, you must import the address names again.