Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 6.2.1 Administration Guide
    6.2.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Creating Microsoft Azure fabric connectors

    Creating Microsoft Azure fabric connectors

    With FortiManager, you can create a fabric connector for Microsoft Azure. You cannot import address names from Microsoft Azure to the fabric connector. Instead you must manually create dynamic firewall objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with Microsoft Azure and dynamically populate the objects with IP addresses. Fortinet SDN Connector is not required for this configuration.

    When you create a fabric connector for Microsoft Azure, you are specifying how FortiGate can communicate directly with Microsoft Azure.

    If ADOMs are enabled, you can create one fabric connector per ADOM.

    Requirements:

    • FortiManager version 5.6 ADOM or later

      The method described in this topic for creating fabric connectors requires version 6.0 ADOM or later.

    • FortiGate is managed by FortiManager.
    • The managed FortiGate unit is configured to work with Microsoft Azure.
    To create a fabric connector object for Microsoft Azure:
    1. Go to Fabric View > Fabric Connectors.
    2. Click Create New. The Create New Fabric Connector wizard is displayed.
    3. Under SDN, select Azure, and click Next.
    4. Configure the following options, and then click OK:

      Name

      Type a name for the fabric connector object.

      Type

      Displays Microsoft Azure.

      Azure tenant ID

      Type the tenant ID from Azure.

      Azure client ID

      Type the client ID from Azure.

      Azure client secret

      Type the client secret from Azure.

      Azure subscription ID

      Type the subscription ID for Azure.

      Azure resource group

      Type the resource group for Azure.

      Update Interval (s)

      Specify how often in seconds that the dynamic firewall objects should be updated.

      Status

      Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

      Advanced Options

      Expand to specify advanced options for Azure.

      azure-region

      Select an Azure region.
    To complete the fabric connector setup:
    1. Create dynamic firewall address objects. See Configuring dynamic firewall addresses for fabric connectors.

      You cannot import address names from Microsoft Azure to FortiManager.

    2. In the policy package in which you will be creating the new policy, create an IPv4 policy and include the dynamic firewall address objects for Microsoft Azure. See IP policies.
    3. Install the policy package to FortiGate. See Install a policy package.

      FortiGate communicates with Microsoft Azure to dynamically populate the firewall address objects with IP addresses.

    Previous
    Next

    Creating Microsoft Azure fabric connectors

    Creating Microsoft Azure fabric connectors

    With FortiManager, you can create a fabric connector for Microsoft Azure. You cannot import address names from Microsoft Azure to the fabric connector. Instead you must manually create dynamic firewall objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with Microsoft Azure and dynamically populate the objects with IP addresses. Fortinet SDN Connector is not required for this configuration.

    When you create a fabric connector for Microsoft Azure, you are specifying how FortiGate can communicate directly with Microsoft Azure.

    If ADOMs are enabled, you can create one fabric connector per ADOM.

    Requirements:

    • FortiManager version 5.6 ADOM or later

      The method described in this topic for creating fabric connectors requires version 6.0 ADOM or later.

    • FortiGate is managed by FortiManager.
    • The managed FortiGate unit is configured to work with Microsoft Azure.
    To create a fabric connector object for Microsoft Azure:
    1. Go to Fabric View > Fabric Connectors.
    2. Click Create New. The Create New Fabric Connector wizard is displayed.
    3. Under SDN, select Azure, and click Next.
    4. Configure the following options, and then click OK:

      Name

      Type a name for the fabric connector object.

      Type

      Displays Microsoft Azure.

      Azure tenant ID

      Type the tenant ID from Azure.

      Azure client ID

      Type the client ID from Azure.

      Azure client secret

      Type the client secret from Azure.

      Azure subscription ID

      Type the subscription ID for Azure.

      Azure resource group

      Type the resource group for Azure.

      Update Interval (s)

      Specify how often in seconds that the dynamic firewall objects should be updated.

      Status

      Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

      Advanced Options

      Expand to specify advanced options for Azure.

      azure-region

      Select an Azure region.
    To complete the fabric connector setup:
    1. Create dynamic firewall address objects. See Configuring dynamic firewall addresses for fabric connectors.

      You cannot import address names from Microsoft Azure to FortiManager.

    2. In the policy package in which you will be creating the new policy, create an IPv4 policy and include the dynamic firewall address objects for Microsoft Azure. See IP policies.
    3. Install the policy package to FortiGate. See Install a policy package.

      FortiGate communicates with Microsoft Azure to dynamically populate the firewall address objects with IP addresses.

    Previous
    Next