Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.6.1 Administration Guide
    7.6.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Creating VMware NSX fabric connectors

    Creating VMware NSX fabric connectors

    With FortiManager, you can create a fabric connector for VMware NSX, and then import address names from VMware NSX to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with VMware NSX and dynamically populate the objects with IP addresses.

    When you create a fabric connector for VMware NSX, you are specifying how FortiGate can communicate directly with VMware NSX.

    If ADOMs are enabled, you can create one fabric connector per ADOM.

    Requirements:

    • FortiGate unit or FortiGate VMX Service Manager is managed by FortiManager.
    • The managed FortiGate or FortiGate VMX Service Manager is configured to work with VMware NSX .
    • IPv4 virtual wire pair policy

      FortiGate or FortiGate VMX Service Manager requires the use of an IPv4 virtual wire pair policy.

    To create a fabric connector object for NSX:
    1. Go to Fabric View > External Connectors, and click Create New. The Create New Fabric Connector wizard is displayed.
    2. Under Private SDN, select VMware NSX-V. The VMware NSX-V screen is displayed.

    3. Configure the following options, and then click OK:

      Type

      Displays VMware NSX.

      Name

      Type a name for the fabric connector object.

      Status

      Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

      Update Interval (s)

      Specify how often in seconds that the dynamic firewall objects should be updated.

      Server

      Type the IP address for VMware NSX.

      Username

      Type the username for VMware NSX.

      Password

      Type the password for VMware NSX.

      VMX

      The VMX options identify settings used by the FortiGate VMX Service Manager to communicate with the REST API for NSX Manager.

      Service Name

      Type the name of the FortiGate VMX service defined on NSX Manager.

      Image Location

      Type the location of the FortiGate VMX deployment template used by NSX Manager to deploy the FortiGate VMX service.

      REST API

      The REST API options specify how the FortiGate VMX Service Manager communicates with the REST API for NSX Manager.

      Port

      Type the port used by the FortiGate VMX Service Manager to communicate with NSX Manager.

      Interface

      Select the interface used by the FortiGate VMX Service Manager to communicate with NSX Manager. Choose between MGMT and Sync.

      Password

      Type the password that FortiGate VMX Service Manager uses with the REST API to communicate with NSX Manager.

      Note: This is not the admin password for FortiGate VMX Service Manager.

    4. Click OK to save the connector.
    To complete the fabric connector setup:
    1. Import address names or manually create the dynamic firewall address for the SDN connector. See Importing address names to fabric connectors and Configuring dynamic firewall addresses for fabric connectors.
    2. Create a virtual wire pair. See Creating virtual wire pairs.
    3. In the policy package in which you will be creating the new policy, create a firewall policy and include the dynamic firewall address objects for the SDN connector. See Create a new firewall policy.
    4. Install the policy package to FortiGate. See Install a policy package.

      FortiGate communicates with the SDN to dynamically populate the firewall address objects with IP addresses.

    Previous
    Next

    Creating VMware NSX fabric connectors

    Creating VMware NSX fabric connectors

    With FortiManager, you can create a fabric connector for VMware NSX, and then import address names from VMware NSX to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with VMware NSX and dynamically populate the objects with IP addresses.

    When you create a fabric connector for VMware NSX, you are specifying how FortiGate can communicate directly with VMware NSX.

    If ADOMs are enabled, you can create one fabric connector per ADOM.

    Requirements:

    • FortiGate unit or FortiGate VMX Service Manager is managed by FortiManager.
    • The managed FortiGate or FortiGate VMX Service Manager is configured to work with VMware NSX .
    • IPv4 virtual wire pair policy

      FortiGate or FortiGate VMX Service Manager requires the use of an IPv4 virtual wire pair policy.

    To create a fabric connector object for NSX:
    1. Go to Fabric View > External Connectors, and click Create New. The Create New Fabric Connector wizard is displayed.
    2. Under Private SDN, select VMware NSX-V. The VMware NSX-V screen is displayed.

    3. Configure the following options, and then click OK:

      Type

      Displays VMware NSX.

      Name

      Type a name for the fabric connector object.

      Status

      Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

      Update Interval (s)

      Specify how often in seconds that the dynamic firewall objects should be updated.

      Server

      Type the IP address for VMware NSX.

      Username

      Type the username for VMware NSX.

      Password

      Type the password for VMware NSX.

      VMX

      The VMX options identify settings used by the FortiGate VMX Service Manager to communicate with the REST API for NSX Manager.

      Service Name

      Type the name of the FortiGate VMX service defined on NSX Manager.

      Image Location

      Type the location of the FortiGate VMX deployment template used by NSX Manager to deploy the FortiGate VMX service.

      REST API

      The REST API options specify how the FortiGate VMX Service Manager communicates with the REST API for NSX Manager.

      Port

      Type the port used by the FortiGate VMX Service Manager to communicate with NSX Manager.

      Interface

      Select the interface used by the FortiGate VMX Service Manager to communicate with NSX Manager. Choose between MGMT and Sync.

      Password

      Type the password that FortiGate VMX Service Manager uses with the REST API to communicate with NSX Manager.

      Note: This is not the admin password for FortiGate VMX Service Manager.

    4. Click OK to save the connector.
    To complete the fabric connector setup:
    1. Import address names or manually create the dynamic firewall address for the SDN connector. See Importing address names to fabric connectors and Configuring dynamic firewall addresses for fabric connectors.
    2. Create a virtual wire pair. See Creating virtual wire pairs.
    3. In the policy package in which you will be creating the new policy, create a firewall policy and include the dynamic firewall address objects for the SDN connector. See Create a new firewall policy.
    4. Install the policy package to FortiGate. See Install a policy package.

      FortiGate communicates with the SDN to dynamically populate the firewall address objects with IP addresses.

    Previous
    Next