Fortinet black logo

Administration Guide

Creating Microsoft Azure fabric connectors

Creating Microsoft Azure fabric connectors

With FortiManager, you can create a fabric connector for Microsoft Azure, and then import address names from Microsoft Azure to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with Microsoft Azure and dynamically populate the objects with IP addresses.

When you create a fabric connector for Microsoft Azure, you are specifying how FortiGate can communicate directly with Microsoft Azure.

Requirements:

  • FortiGate is managed by FortiManager.
  • The managed FortiGate unit is configured to work with Microsoft Azure.
To create a fabric connector object for Microsoft Azure:
  1. Go to Fabric View > Fabric > External Connectors, and click Create New. The Create New Fabric Connector wizard is displayed.
  2. Under Public SDN, select Microsoft Azure. The Microsoft Azure screen is displayed.

  3. Configure the following options, and then click OK:

    Type

    Displays Microsoft Azure.

    Name

    Type a name for the fabric connector object.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Server Region

    Select an Azure region.

    Directory ID

    Enter the directory ID for your Azure AD tenant with Azure AD.

    Application ID

    Enter the application ID for your Azure application with Azure AD.

    Client Secret

    Enter the application secret created for your Azure application with Azure AD.

    Resource Path

    Optionally, enable the resource path to configure the Subscribiption ID and Resource Group.

  4. Click OK to save the connector.
To complete the fabric connector setup:
  1. Import address names or manually create the dynamic firewall address for the SDN connector. See Importing address names to fabric connectors and Configuring dynamic firewall addresses for fabric connectors.
  2. In the policy package in which you will be creating the new policy, create a firewall policy and include the dynamic firewall address objects for the SDN connector. See Create a new firewall policy.
  3. Install the policy package to FortiGate. See Install a policy package.

    FortiGate communicates with the SDN to dynamically populate the firewall address objects with IP addresses.

Creating Microsoft Azure fabric connectors

With FortiManager, you can create a fabric connector for Microsoft Azure, and then import address names from Microsoft Azure to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with Microsoft Azure and dynamically populate the objects with IP addresses.

When you create a fabric connector for Microsoft Azure, you are specifying how FortiGate can communicate directly with Microsoft Azure.

Requirements:

  • FortiGate is managed by FortiManager.
  • The managed FortiGate unit is configured to work with Microsoft Azure.
To create a fabric connector object for Microsoft Azure:
  1. Go to Fabric View > Fabric > External Connectors, and click Create New. The Create New Fabric Connector wizard is displayed.
  2. Under Public SDN, select Microsoft Azure. The Microsoft Azure screen is displayed.

  3. Configure the following options, and then click OK:

    Type

    Displays Microsoft Azure.

    Name

    Type a name for the fabric connector object.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Server Region

    Select an Azure region.

    Directory ID

    Enter the directory ID for your Azure AD tenant with Azure AD.

    Application ID

    Enter the application ID for your Azure application with Azure AD.

    Client Secret

    Enter the application secret created for your Azure application with Azure AD.

    Resource Path

    Optionally, enable the resource path to configure the Subscribiption ID and Resource Group.

  4. Click OK to save the connector.
To complete the fabric connector setup:
  1. Import address names or manually create the dynamic firewall address for the SDN connector. See Importing address names to fabric connectors and Configuring dynamic firewall addresses for fabric connectors.
  2. In the policy package in which you will be creating the new policy, create a firewall policy and include the dynamic firewall address objects for the SDN connector. See Create a new firewall policy.
  3. Install the policy package to FortiGate. See Install a policy package.

    FortiGate communicates with the SDN to dynamically populate the firewall address objects with IP addresses.