Fortinet Document Library

Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

SDN connector for Cisco ACI northbound API integration 6.4.2

A new SDN connector type, ACI-direct has been added for Cisco ACI northbound API integration. It allows you to directly define dynamic firewall addresses for Cisco ACI.

The following filters are supported:

  • Tenant
  • Application
  • Endpoint group
  • Tag

Fortinet SDN Connector is optional for this configuration.

To configure a Cisco ACI Direct connector:
  1. Go to Policy & Objects > Object Configurations.
  2. In the tree menu, go to Fabric Connectors > SDN, and select the ACI SDN connector.
  3. From the toolbar, select Edit to edit an existing SDN Connector.

    The Edit SDN Connector pane opens.

  4. In the Edit SDN Connector pane, select Direct Connection as the ACI Type, and click OK.

Alternatively, create a new SDN Connector by selecting Create New from the toolbar.

To import ACI objects from the Cisco ACI server:
  1. Go to Policy & Objects > Object Configurations.
  2. In the tree menu, go to Fabric Connectors > SDN.

    The ACI-direct connector is displayed in the content pane.

  3. Right-click the ACI-direct SDN connector, here aci_direct1, and select Import.

    Once the processing bar in Import SDN Connector pane is filled, Filter Generator pane opens.

  4. In the Filter Generator pane, select +, and add a filter from the list.

    Click OK.

    The Import SDN Connector pane opens.

  5. Select the filter, and click Import.

    The fabric connector address is imported.

  6. Click Close.

    An ACI type dynamic address with the selected filter is automatically created.

To edit an ACI type dynamic address:
  1. Go to Policy & Objects > Object Configuration, and in the tree menu under Firewall Objects, select Addresses.

  2. In the content pane, right-click the created address, and select Edit.

    The Edit Address pane opens.

  3. Configure the settings as needed, and click OK.
Using dynamic address in the policy:
  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, select the package or the folder, here Firewall Policy under Level1_downstream_174_HA.

  3. In the Install menu, select Install Wizard.

    The Install Wizard is displayed.

  4. Select Install Policy Package & Device Settings, and click Next.

    The ACI direct type SDN address is successfully installed to the FortiGate.

  5. Click Finish.

    You can verify if the installation was successful by going to Policy & Objects > Addresses in the FortiGate.

SDN connector for Cisco ACI northbound API integration 6.4.2

A new SDN connector type, ACI-direct has been added for Cisco ACI northbound API integration. It allows you to directly define dynamic firewall addresses for Cisco ACI.

The following filters are supported:

  • Tenant
  • Application
  • Endpoint group
  • Tag

Fortinet SDN Connector is optional for this configuration.

To configure a Cisco ACI Direct connector:
  1. Go to Policy & Objects > Object Configurations.
  2. In the tree menu, go to Fabric Connectors > SDN, and select the ACI SDN connector.
  3. From the toolbar, select Edit to edit an existing SDN Connector.

    The Edit SDN Connector pane opens.

  4. In the Edit SDN Connector pane, select Direct Connection as the ACI Type, and click OK.

Alternatively, create a new SDN Connector by selecting Create New from the toolbar.

To import ACI objects from the Cisco ACI server:
  1. Go to Policy & Objects > Object Configurations.
  2. In the tree menu, go to Fabric Connectors > SDN.

    The ACI-direct connector is displayed in the content pane.

  3. Right-click the ACI-direct SDN connector, here aci_direct1, and select Import.

    Once the processing bar in Import SDN Connector pane is filled, Filter Generator pane opens.

  4. In the Filter Generator pane, select +, and add a filter from the list.

    Click OK.

    The Import SDN Connector pane opens.

  5. Select the filter, and click Import.

    The fabric connector address is imported.

  6. Click Close.

    An ACI type dynamic address with the selected filter is automatically created.

To edit an ACI type dynamic address:
  1. Go to Policy & Objects > Object Configuration, and in the tree menu under Firewall Objects, select Addresses.

  2. In the content pane, right-click the created address, and select Edit.

    The Edit Address pane opens.

  3. Configure the settings as needed, and click OK.
Using dynamic address in the policy:
  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, select the package or the folder, here Firewall Policy under Level1_downstream_174_HA.

  3. In the Install menu, select Install Wizard.

    The Install Wizard is displayed.

  4. Select Install Policy Package & Device Settings, and click Next.

    The ACI direct type SDN address is successfully installed to the FortiGate.

  5. Click Finish.

    You can verify if the installation was successful by going to Policy & Objects > Addresses in the FortiGate.