Fortinet white logo
Fortinet white logo

CLI Reference

config system sdn-connector

config system sdn-connector

Configure connection to SDN Connector.

config system sdn-connector
    Description: Configure connection to SDN Connector.
    edit <name>
        set status [disable|enable]
        set type [aci|alicloud|...]
        set proxy {string}
        set use-metadata-iam [disable|enable]
        set ha-status [disable|enable]
        set verify-certificate [disable|enable]
        set server {string}
        set server-list <ip1>, <ip2>, ...
        set server-port {integer}
        set username {string}
        set password {password_aes256}
        set vcenter-server {string}
        set vcenter-username {string}
        set vcenter-password {password_aes256}
        set access-key {string}
        set secret-key {password}
        set region {string}
        set vpc-id {string}
        set alt-resource-ip [disable|enable]
        config external-account-list
            Description: Configure AWS external account list.
            edit <role-arn>
                set external-id {string}
                set region-list <region1>, <region2>, ...
            next
        end
        set tenant-id {string}
        set client-id {string}
        set client-secret {password}
        set subscription-id {string}
        set resource-group {string}
        set login-endpoint {string}
        set resource-url {string}
        set azure-region [global|china|...]
        config nic
            Description: Configure Azure network interface.
            edit <name>
                set peer-nic {string}
                config ip
                    Description: Configure IP configuration.
                    edit <name>
                        set private-ip {string}
                        set public-ip {string}
                        set resource-group {string}
                    next
                end
            next
        end
        config route-table
            Description: Configure Azure route table.
            edit <name>
                set subscription-id {string}
                set resource-group {string}
                config route
                    Description: Configure Azure route.
                    edit <name>
                        set next-hop {string}
                    next
                end
            next
        end
        set user-id {string}
        config compartment-list
            Description: Configure OCI compartment list.
            edit <compartment-id>
            next
        end
        config oci-region-list
            Description: Configure OCI region list.
            edit <region>
            next
        end
        set oci-region-type [commercial|government]
        set oci-cert {string}
        set oci-fingerprint {string}
        config external-ip
            Description: Configure GCP external IP.
            edit <name>
            next
        end
        config route
            Description: Configure GCP route.
            edit <name>
            next
        end
        config gcp-project-list
            Description: Configure GCP project list.
            edit <id>
                set gcp-zone-list <name1>, <name2>, ...
            next
        end
        config forwarding-rule
            Description: Configure GCP forwarding rule.
            edit <rule-name>
                set target {string}
            next
        end
        set service-account {string}
        set private-key {user}
        set secret-token {user}
        set domain {string}
        set group-name {string}
        set server-cert {string}
        set server-ca-cert {string}
        set api-key {password}
        set compute-generation {integer}
        set ibm-region [dallas|washington-dc|...]
        set update-interval {integer}
    next
end

config system sdn-connector

Parameter

Description

Type

Size

Default

name

SDN connector name.

string

Maximum length: 35

status

Enable/disable connection to the remote SDN connector.

option

-

enable

Option

Description

disable

Disable connection to this SDN Connector.

enable

Enable connection to this SDN Connector.

type

Type of SDN connector.

option

-

aws

Option

Description

aci

Application Centric Infrastructure (ACI).

alicloud

AliCloud Service (ACS).

aws

Amazon Web Services (AWS).

azure

Microsoft Azure.

gcp

Google Cloud Platform (GCP).

nsx

VMware NSX.

nuage

Nuage VSP.

oci

Oracle Cloud Infrastructure.

openstack

OpenStack.

kubernetes

Kubernetes.

vmware

VMware vSphere (vCenter & ESXi).

sepm

Symantec Endpoint Protection Manager.

aci-direct

Application Centric Infrastructure (ACI Direct Connection).

ibm

IBM Cloud Infrastructure.

nutanix

Nutanix Prism Central.

sap

SAP Control.

proxy

SDN proxy.

string

Maximum length: 35

use-metadata-iam

Enable/disable use of IAM role from metadata to call API.

option

-

disable

Option

Description

disable

Disable using IAM role to call API.

enable

Enable using IAM role to call API.

ha-status

Enable/disable use for FortiProxy HA service.

option

-

disable

Option

Description

disable

Disable use for FortiProxy HA service.

enable

Enable use for FortiProxy HA service.

verify-certificate

Enable/disable server certificate verification.

option

-

enable

Option

Description

disable

Disable server certificate verification.

enable

Enable server certificate verification.

server

Server address of the remote SDN connector.

string

Maximum length: 127

server-list <ip>

Server address list of the remote SDN connector.

IPv4 address.

string

Maximum length: 15

server-port

Port number of the remote SDN connector.

integer

Minimum value: 0 Maximum value: 65535

0

username

Username of the remote SDN connector as login credentials.

string

Maximum length: 64

password

Password of the remote SDN connector as login credentials.

password_aes256

Not Specified

vcenter-server

vCenter server address for NSX quarantine.

string

Maximum length: 127

vcenter-username

vCenter server username for NSX quarantine.

string

Maximum length: 64

vcenter-password

vCenter server password for NSX quarantine.

password_aes256

Not Specified

access-key

AWS / ACS access key ID.

string

Maximum length: 31

secret-key

AWS / ACS secret access key.

password

Not Specified

region

AWS / ACS region name.

string

Maximum length: 31

vpc-id

AWS VPC ID.

string

Maximum length: 31

alt-resource-ip

Enable/disable AWS alternative resource IP.

option

-

disable

Option

Description

disable

Disable AWS alternative resource IP.

enable

Enable AWS alternative resource IP.

tenant-id

Tenant ID (directory ID).

string

Maximum length: 127

client-id

Azure client ID (application ID).

string

Maximum length: 63

client-secret

Azure client secret (application key).

password

Not Specified

subscription-id

Azure subscription ID.

string

Maximum length: 63

resource-group

Azure resource group.

string

Maximum length: 63

login-endpoint

Azure Stack login endpoint.

string

Maximum length: 127

resource-url

Azure Stack resource URL.

string

Maximum length: 127

azure-region

Azure server region.

option

-

global

Option

Description

global

Global Azure Server.

china

China Azure Server.

germany

Germany Azure Server.

usgov

US Government Azure Server.

local

Azure Stack Local Server.

user-id

User ID.

string

Maximum length: 127

oci-region-type

OCI region type.

option

-

commercial

Option

Description

commercial

Commercial region.

government

Government region.

oci-cert

OCI certificate.

string

Maximum length: 63

oci-fingerprint

OCI pubkey fingerprint.

string

Maximum length: 63

service-account

GCP service account email.

string

Maximum length: 127

private-key

Private key of GCP service account.

user

Not Specified

secret-token

Secret token of Kubernetes service account.

user

Not Specified

domain

Domain name.

string

Maximum length: 127

group-name

Full path group name of computers.

string

Maximum length: 127

server-cert

Trust servers that contain this certificate only.

string

Maximum length: 127

server-ca-cert

Trust only those servers whose certificate is directly/indirectly signed by this certificate.

string

Maximum length: 127

api-key

IBM cloud API key or service ID API key.

password

Not Specified

compute-generation

Compute generation for IBM cloud infrastructure.

integer

Minimum value: 1 Maximum value: 2

2

ibm-region

IBM cloud region name.

option

-

dallas

Option

Description

dallas

US South (Dallas) Public Endpoint.

washington-dc

US East (Washington DC) Public Endpoint.

london

United Kingdom (London) Public Endpoint.

frankfurt

Germany (Frankfurt) Public Endpoint.

sydney

Australia (Sydney) Public Endpoint.

tokyo

Japan (Tokyo) Public Endpoint.

osaka

Japan (Osaka) Public Endpoint.

toronto

Canada (Toronto) Public Endpoint.

sao-paulo

Brazil (Sao Paulo) Public Endpoint.

update-interval

Dynamic object update interval.

integer

Minimum value: 0 Maximum value: 3600

60

config external-account-list

Parameter

Description

Type

Size

Default

role-arn

AWS role ARN to assume.

string

Maximum length: 2047

external-id

AWS external ID.

string

Maximum length: 1399

region-list <region>

AWS region name list.

AWS region name.

string

Maximum length: 31

config nic

Parameter

Description

Type

Size

Default

name

Network interface name.

string

Maximum length: 63

peer-nic

Peer network interface name.

string

Maximum length: 63

config ip

Parameter

Description

Type

Size

Default

name

IP configuration name.

string

Maximum length: 63

private-ip

Private IP address.

string

Maximum length: 39

public-ip

Public IP name.

string

Maximum length: 63

resource-group

Resource group of Azure public IP.

string

Maximum length: 63

config route-table

Parameter

Description

Type

Size

Default

name

Route table name.

string

Maximum length: 63

subscription-id

Subscription ID of Azure route table.

string

Maximum length: 63

resource-group

Resource group of Azure route table.

string

Maximum length: 63

config route

Parameter

Description

Type

Size

Default

name

Route name.

string

Maximum length: 63

next-hop

Next hop address.

string

Maximum length: 127

config route

Parameter

Description

Type

Size

Default

name

Route name.

string

Maximum length: 63

config compartment-list

Parameter

Description

Type

Size

Default

compartment-id

OCI compartment ID.

string

Maximum length: 127

config oci-region-list

Parameter

Description

Type

Size

Default

region

OCI region.

string

Maximum length: 31

config external-ip

Parameter

Description

Type

Size

Default

name

External IP name.

string

Maximum length: 63

config route

Parameter

Description

Type

Size

Default

name

Route name.

string

Maximum length: 63

next-hop

Next hop address.

string

Maximum length: 127

config route

Parameter

Description

Type

Size

Default

name

Route name.

string

Maximum length: 63

config gcp-project-list

Parameter

Description

Type

Size

Default

id

GCP project ID.

string

Maximum length: 127

gcp-zone-list <name>

Configure GCP zone list.

GCP zone name.

string

Maximum length: 127

config forwarding-rule

Parameter

Description

Type

Size

Default

rule-name

Forwarding rule name.

string

Maximum length: 63

target

Target instance name.

string

Maximum length: 63

config system sdn-connector

config system sdn-connector

Configure connection to SDN Connector.

config system sdn-connector
    Description: Configure connection to SDN Connector.
    edit <name>
        set status [disable|enable]
        set type [aci|alicloud|...]
        set proxy {string}
        set use-metadata-iam [disable|enable]
        set ha-status [disable|enable]
        set verify-certificate [disable|enable]
        set server {string}
        set server-list <ip1>, <ip2>, ...
        set server-port {integer}
        set username {string}
        set password {password_aes256}
        set vcenter-server {string}
        set vcenter-username {string}
        set vcenter-password {password_aes256}
        set access-key {string}
        set secret-key {password}
        set region {string}
        set vpc-id {string}
        set alt-resource-ip [disable|enable]
        config external-account-list
            Description: Configure AWS external account list.
            edit <role-arn>
                set external-id {string}
                set region-list <region1>, <region2>, ...
            next
        end
        set tenant-id {string}
        set client-id {string}
        set client-secret {password}
        set subscription-id {string}
        set resource-group {string}
        set login-endpoint {string}
        set resource-url {string}
        set azure-region [global|china|...]
        config nic
            Description: Configure Azure network interface.
            edit <name>
                set peer-nic {string}
                config ip
                    Description: Configure IP configuration.
                    edit <name>
                        set private-ip {string}
                        set public-ip {string}
                        set resource-group {string}
                    next
                end
            next
        end
        config route-table
            Description: Configure Azure route table.
            edit <name>
                set subscription-id {string}
                set resource-group {string}
                config route
                    Description: Configure Azure route.
                    edit <name>
                        set next-hop {string}
                    next
                end
            next
        end
        set user-id {string}
        config compartment-list
            Description: Configure OCI compartment list.
            edit <compartment-id>
            next
        end
        config oci-region-list
            Description: Configure OCI region list.
            edit <region>
            next
        end
        set oci-region-type [commercial|government]
        set oci-cert {string}
        set oci-fingerprint {string}
        config external-ip
            Description: Configure GCP external IP.
            edit <name>
            next
        end
        config route
            Description: Configure GCP route.
            edit <name>
            next
        end
        config gcp-project-list
            Description: Configure GCP project list.
            edit <id>
                set gcp-zone-list <name1>, <name2>, ...
            next
        end
        config forwarding-rule
            Description: Configure GCP forwarding rule.
            edit <rule-name>
                set target {string}
            next
        end
        set service-account {string}
        set private-key {user}
        set secret-token {user}
        set domain {string}
        set group-name {string}
        set server-cert {string}
        set server-ca-cert {string}
        set api-key {password}
        set compute-generation {integer}
        set ibm-region [dallas|washington-dc|...]
        set update-interval {integer}
    next
end

config system sdn-connector

Parameter

Description

Type

Size

Default

name

SDN connector name.

string

Maximum length: 35

status

Enable/disable connection to the remote SDN connector.

option

-

enable

Option

Description

disable

Disable connection to this SDN Connector.

enable

Enable connection to this SDN Connector.

type

Type of SDN connector.

option

-

aws

Option

Description

aci

Application Centric Infrastructure (ACI).

alicloud

AliCloud Service (ACS).

aws

Amazon Web Services (AWS).

azure

Microsoft Azure.

gcp

Google Cloud Platform (GCP).

nsx

VMware NSX.

nuage

Nuage VSP.

oci

Oracle Cloud Infrastructure.

openstack

OpenStack.

kubernetes

Kubernetes.

vmware

VMware vSphere (vCenter & ESXi).

sepm

Symantec Endpoint Protection Manager.

aci-direct

Application Centric Infrastructure (ACI Direct Connection).

ibm

IBM Cloud Infrastructure.

nutanix

Nutanix Prism Central.

sap

SAP Control.

proxy

SDN proxy.

string

Maximum length: 35

use-metadata-iam

Enable/disable use of IAM role from metadata to call API.

option

-

disable

Option

Description

disable

Disable using IAM role to call API.

enable

Enable using IAM role to call API.

ha-status

Enable/disable use for FortiProxy HA service.

option

-

disable

Option

Description

disable

Disable use for FortiProxy HA service.

enable

Enable use for FortiProxy HA service.

verify-certificate

Enable/disable server certificate verification.

option

-

enable

Option

Description

disable

Disable server certificate verification.

enable

Enable server certificate verification.

server

Server address of the remote SDN connector.

string

Maximum length: 127

server-list <ip>

Server address list of the remote SDN connector.

IPv4 address.

string

Maximum length: 15

server-port

Port number of the remote SDN connector.

integer

Minimum value: 0 Maximum value: 65535

0

username

Username of the remote SDN connector as login credentials.

string

Maximum length: 64

password

Password of the remote SDN connector as login credentials.

password_aes256

Not Specified

vcenter-server

vCenter server address for NSX quarantine.

string

Maximum length: 127

vcenter-username

vCenter server username for NSX quarantine.

string

Maximum length: 64

vcenter-password

vCenter server password for NSX quarantine.

password_aes256

Not Specified

access-key

AWS / ACS access key ID.

string

Maximum length: 31

secret-key

AWS / ACS secret access key.

password

Not Specified

region

AWS / ACS region name.

string

Maximum length: 31

vpc-id

AWS VPC ID.

string

Maximum length: 31

alt-resource-ip

Enable/disable AWS alternative resource IP.

option

-

disable

Option

Description

disable

Disable AWS alternative resource IP.

enable

Enable AWS alternative resource IP.

tenant-id

Tenant ID (directory ID).

string

Maximum length: 127

client-id

Azure client ID (application ID).

string

Maximum length: 63

client-secret

Azure client secret (application key).

password

Not Specified

subscription-id

Azure subscription ID.

string

Maximum length: 63

resource-group

Azure resource group.

string

Maximum length: 63

login-endpoint

Azure Stack login endpoint.

string

Maximum length: 127

resource-url

Azure Stack resource URL.

string

Maximum length: 127

azure-region

Azure server region.

option

-

global

Option

Description

global

Global Azure Server.

china

China Azure Server.

germany

Germany Azure Server.

usgov

US Government Azure Server.

local

Azure Stack Local Server.

user-id

User ID.

string

Maximum length: 127

oci-region-type

OCI region type.

option

-

commercial

Option

Description

commercial

Commercial region.

government

Government region.

oci-cert

OCI certificate.

string

Maximum length: 63

oci-fingerprint

OCI pubkey fingerprint.

string

Maximum length: 63

service-account

GCP service account email.

string

Maximum length: 127

private-key

Private key of GCP service account.

user

Not Specified

secret-token

Secret token of Kubernetes service account.

user

Not Specified

domain

Domain name.

string

Maximum length: 127

group-name

Full path group name of computers.

string

Maximum length: 127

server-cert

Trust servers that contain this certificate only.

string

Maximum length: 127

server-ca-cert

Trust only those servers whose certificate is directly/indirectly signed by this certificate.

string

Maximum length: 127

api-key

IBM cloud API key or service ID API key.

password

Not Specified

compute-generation

Compute generation for IBM cloud infrastructure.

integer

Minimum value: 1 Maximum value: 2

2

ibm-region

IBM cloud region name.

option

-

dallas

Option

Description

dallas

US South (Dallas) Public Endpoint.

washington-dc

US East (Washington DC) Public Endpoint.

london

United Kingdom (London) Public Endpoint.

frankfurt

Germany (Frankfurt) Public Endpoint.

sydney

Australia (Sydney) Public Endpoint.

tokyo

Japan (Tokyo) Public Endpoint.

osaka

Japan (Osaka) Public Endpoint.

toronto

Canada (Toronto) Public Endpoint.

sao-paulo

Brazil (Sao Paulo) Public Endpoint.

update-interval

Dynamic object update interval.

integer

Minimum value: 0 Maximum value: 3600

60

config external-account-list

Parameter

Description

Type

Size

Default

role-arn

AWS role ARN to assume.

string

Maximum length: 2047

external-id

AWS external ID.

string

Maximum length: 1399

region-list <region>

AWS region name list.

AWS region name.

string

Maximum length: 31

config nic

Parameter

Description

Type

Size

Default

name

Network interface name.

string

Maximum length: 63

peer-nic

Peer network interface name.

string

Maximum length: 63

config ip

Parameter

Description

Type

Size

Default

name

IP configuration name.

string

Maximum length: 63

private-ip

Private IP address.

string

Maximum length: 39

public-ip

Public IP name.

string

Maximum length: 63

resource-group

Resource group of Azure public IP.

string

Maximum length: 63

config route-table

Parameter

Description

Type

Size

Default

name

Route table name.

string

Maximum length: 63

subscription-id

Subscription ID of Azure route table.

string

Maximum length: 63

resource-group

Resource group of Azure route table.

string

Maximum length: 63

config route

Parameter

Description

Type

Size

Default

name

Route name.

string

Maximum length: 63

next-hop

Next hop address.

string

Maximum length: 127

config route

Parameter

Description

Type

Size

Default

name

Route name.

string

Maximum length: 63

config compartment-list

Parameter

Description

Type

Size

Default

compartment-id

OCI compartment ID.

string

Maximum length: 127

config oci-region-list

Parameter

Description

Type

Size

Default

region

OCI region.

string

Maximum length: 31

config external-ip

Parameter

Description

Type

Size

Default

name

External IP name.

string

Maximum length: 63

config route

Parameter

Description

Type

Size

Default

name

Route name.

string

Maximum length: 63

next-hop

Next hop address.

string

Maximum length: 127

config route

Parameter

Description

Type

Size

Default

name

Route name.

string

Maximum length: 63

config gcp-project-list

Parameter

Description

Type

Size

Default

id

GCP project ID.

string

Maximum length: 127

gcp-zone-list <name>

Configure GCP zone list.

GCP zone name.

string

Maximum length: 127

config forwarding-rule

Parameter

Description

Type

Size

Default

rule-name

Forwarding rule name.

string

Maximum length: 63

target

Target instance name.

string

Maximum length: 63