Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Use Case: High Availability for FortiWeb on OCI

    Home FortiWeb Public Cloud Use Case: High Availability for FortiWeb on OCI

    Configuring SDN connector

    Configuring SDN connector

    You are required to configure the SDN Connectors if FortiWeb-VMs are in HA Active-Passive mode. This is to notify the load balancer to distribute the traffic to the new master node when fail-over occurs.

    Configuring SDN Connectors

    1. Go to Security Fabric > External Connectors.
    2. Click Create New.
    3. Under Public SDN, select Oracle Cloud Infrastructure (OCI). The OCI screen is displayed.
    4. Configure the settings.
      5. Name Enter a name for the SDN Connector.
      Status

      Toggle on to enable the external connector object.

      Toggle off to disable the external connector object.
      Update Interval (s)

      Specify the update interval for the connector to get OCI objects.

      OCI Server Region Type

      If your OCI server region is either “US Federal Cloud with DISA Impact Level 5 Authorization Regions” or “US Government Cloud with FedRAMP Authorization Regions”, please select Government. Otherwise please select Commercial.
      OCI Server Region

      Enter the Region Identifier of your load balancer.

      User OCID

      To get the User OCID:

      1. Log in to OCI.
      2. Go to Governance and Administration > Identity > User.
      3. Click the user you want to use.
      4. Copy the OCID of this user.
      Tenant OCID

      To get the tenant OCID:

      1. Log in to OCI.
      2. Go to Governance and Administration > Administration > Tenancy Details.
      3. Click the Tenancy you want to use.
      4. Copy the OCID of this Tenancy.
      Compartment OCID

      To get the compartment OCID:

      1. Log in to OCI.
      2. Go to Governance and Administration > Identity > Compartments.
      3. Click the compartment that your load balancer is located in.
      4. Copy the OCID of this Tenancy.

      Note: If you don't have a compartment, you can leave this option empty.
      Certificate FortiWeb by default uses the rootCA certificate for authentication with OCI. It's the certificate in System > Admin > Certificates > Admin Cert Local.

    Using SDN connector to obtain the HA member information

    1. Go to System > High Availability > Settings, select Active- Passive Mode.
    2. Refer to Configuring High Availability (HA) basic settings for the HA basic settings such as Group ID.
    3. Select the SDN Connector you have created.
    4. Enter the Load Balancer's OCID in LB OCID.

      To get the Load Balancer OCID:

      1. Log in to OCI.
      2. Go to Core Infrastructure > Networking > Load Balancers.
      3. Click the load balancer used for the HA cluster.
      4. Copy the OCID of this load balancer.
    5. The HA members whose traffic is distributed by this load balancer will be listed in the table
    Previous
    Next

    Configuring SDN connector

    Configuring SDN connector

    You are required to configure the SDN Connectors if FortiWeb-VMs are in HA Active-Passive mode. This is to notify the load balancer to distribute the traffic to the new master node when fail-over occurs.

    Configuring SDN Connectors

    1. Go to Security Fabric > External Connectors.
    2. Click Create New.
    3. Under Public SDN, select Oracle Cloud Infrastructure (OCI). The OCI screen is displayed.
    4. Configure the settings.
      5. Name Enter a name for the SDN Connector.
      Status

      Toggle on to enable the external connector object.

      Toggle off to disable the external connector object.
      Update Interval (s)

      Specify the update interval for the connector to get OCI objects.

      OCI Server Region Type

      If your OCI server region is either “US Federal Cloud with DISA Impact Level 5 Authorization Regions” or “US Government Cloud with FedRAMP Authorization Regions”, please select Government. Otherwise please select Commercial.
      OCI Server Region

      Enter the Region Identifier of your load balancer.

      User OCID

      To get the User OCID:

      1. Log in to OCI.
      2. Go to Governance and Administration > Identity > User.
      3. Click the user you want to use.
      4. Copy the OCID of this user.
      Tenant OCID

      To get the tenant OCID:

      1. Log in to OCI.
      2. Go to Governance and Administration > Administration > Tenancy Details.
      3. Click the Tenancy you want to use.
      4. Copy the OCID of this Tenancy.
      Compartment OCID

      To get the compartment OCID:

      1. Log in to OCI.
      2. Go to Governance and Administration > Identity > Compartments.
      3. Click the compartment that your load balancer is located in.
      4. Copy the OCID of this Tenancy.

      Note: If you don't have a compartment, you can leave this option empty.
      Certificate FortiWeb by default uses the rootCA certificate for authentication with OCI. It's the certificate in System > Admin > Certificates > Admin Cert Local.

    Using SDN connector to obtain the HA member information

    1. Go to System > High Availability > Settings, select Active- Passive Mode.
    2. Refer to Configuring High Availability (HA) basic settings for the HA basic settings such as Group ID.
    3. Select the SDN Connector you have created.
    4. Enter the Load Balancer's OCID in LB OCID.

      To get the Load Balancer OCID:

      1. Log in to OCI.
      2. Go to Core Infrastructure > Networking > Load Balancers.
      3. Click the load balancer used for the HA cluster.
      4. Copy the OCID of this load balancer.
    5. The HA members whose traffic is distributed by this load balancer will be listed in the table
    Previous
    Next