Fortinet Document Library

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

SDN connector to VMware vCenter

You can create SDN connectors for VMware vCentre to allow FortiGate to retrieve dynamic addresses from VMware vCenter via FortiManager.

Following is an overview of how to configure an SDN connector for VMware vCenter: 

  1. Create an SDN connector for VMware vCenter. See Creating SDN connectors for VMware vCenter.
  2. Create a dynamic address object that references the SDN connector for VMware vCenter. See Creating dynamic addresses.
  3. Create a firewall policy. See Creating firewall policies.
  4. Install the changes to FortiGate. See Installing changes to FortiGate.

    FortiGate can retrieve dynamic addresses from VMware vCenter via FortiManager.

    This example assumes that VMware vCenter is already set up.

Creating SDN connectors for VMware vCenter

To create SDN connectors for VMware vCenter:
  1. Go to Policy & Objects > Object Configurations > Fabric Connectors > SSO/Identity.
  2. Click Create New > vCenter Connector.

    The pane opens.

  3. Complete the following options, and click Apply & Refresh:

    The Rule section is displayed.

  4. Under Rule, click Create New.
  5. Complete the following options, and click OK.

    FortiManager retrieves IP addresses from the VMware vCenter server.

Creating dynamic addresses

To create dynamic addresses:
  1. Go to Policy & Objects > Object Configurations > Firewall Objects > Addresses.
  2. Click Create New > Address, or double-click an existing address object to open it for editing.
  3. Complete the following options, and click OK.
    1. In the Address Name box, type a name.
    2. In the Type box, select Dynamic.
    3. Beside Sub Type, select FSSO.
    4. In the FSSO Group box, select the SDN connector that you created.
    5. Set the remaining objects as desired.

    The dynamic address is created.

Creating firewall policies

To create firewall policies:
  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, click IPv4 Policy under the target FortiGate.
  3. Click Create New , or double-click an existing policy to open it for editing.

  4. Complete the options, and click OK.

    The policy package is created.

Installing changes to FortiGate

To install changes to FortiGate:
  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, right-click Installation Targets under the target FortiGate, and select Install Wizard.

    The Install Wizard dialog box opens.

  3. Select Install Policy Package & Device Settings.
  4. In the Policy Package list, select the policy package, and click Next.

  5. Complete the options, and click Next.

    The policy package is installed.

    FortiGate can retrieve dynamic addresses from VMware vCenter via FortiManager.

SDN connector to VMware vCenter

You can create SDN connectors for VMware vCentre to allow FortiGate to retrieve dynamic addresses from VMware vCenter via FortiManager.

Following is an overview of how to configure an SDN connector for VMware vCenter: 

  1. Create an SDN connector for VMware vCenter. See Creating SDN connectors for VMware vCenter.
  2. Create a dynamic address object that references the SDN connector for VMware vCenter. See Creating dynamic addresses.
  3. Create a firewall policy. See Creating firewall policies.
  4. Install the changes to FortiGate. See Installing changes to FortiGate.

    FortiGate can retrieve dynamic addresses from VMware vCenter via FortiManager.

    This example assumes that VMware vCenter is already set up.

Creating SDN connectors for VMware vCenter

To create SDN connectors for VMware vCenter:
  1. Go to Policy & Objects > Object Configurations > Fabric Connectors > SSO/Identity.
  2. Click Create New > vCenter Connector.

    The pane opens.

  3. Complete the following options, and click Apply & Refresh:

    The Rule section is displayed.

  4. Under Rule, click Create New.
  5. Complete the following options, and click OK.

    FortiManager retrieves IP addresses from the VMware vCenter server.

Creating dynamic addresses

To create dynamic addresses:
  1. Go to Policy & Objects > Object Configurations > Firewall Objects > Addresses.
  2. Click Create New > Address, or double-click an existing address object to open it for editing.
  3. Complete the following options, and click OK.
    1. In the Address Name box, type a name.
    2. In the Type box, select Dynamic.
    3. Beside Sub Type, select FSSO.
    4. In the FSSO Group box, select the SDN connector that you created.
    5. Set the remaining objects as desired.

    The dynamic address is created.

Creating firewall policies

To create firewall policies:
  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, click IPv4 Policy under the target FortiGate.
  3. Click Create New , or double-click an existing policy to open it for editing.

  4. Complete the options, and click OK.

    The policy package is created.

Installing changes to FortiGate

To install changes to FortiGate:
  1. Go to Policy & Objects > Policy Packages.
  2. In the tree menu, right-click Installation Targets under the target FortiGate, and select Install Wizard.

    The Install Wizard dialog box opens.

  3. Select Install Policy Package & Device Settings.
  4. In the Policy Package list, select the policy package, and click Next.

  5. Complete the options, and click Next.

    The policy package is installed.

    FortiGate can retrieve dynamic addresses from VMware vCenter via FortiManager.