Fortinet black logo

Configuring SDN connector

Copy Link
Copy Doc ID fe963d19-9275-11e9-81a4-00505692583a:882143

Configuring SDN connector

You are required to configure the SDN Connectors if FortiWeb-VMs are in HA Active-Passive mode. This is to notify the load balancer to distribute the traffic to the new master node when fail-over occurs.

Configuring SDN Connectors

  1. Go to Security Fabric > External Connectors.
  2. Click Create New.
  3. Under Public SDN, select Oracle Cloud Infrastructure (OCI). The OCI screen is displayed.
  4. Configure the settings.
  5. Name Enter a name for the SDN Connector.
    Status

    Toggle on to enable the external connector object.

    Toggle off to disable the external connector object.

    Update Interval (s)

    Specify the update interval for the connector to get OCI objects.

    OCI Server Region Type

    If your OCI server region is either “US Federal Cloud with DISA Impact Level 5 Authorization Regions” or “US Government Cloud with FedRAMP Authorization Regions”, please select Government. Otherwise please select Commercial.

    OCI Server Region

    Enter the Region Identifier of your load balancer.

    User OCID

    To get the User OCID:

    1. Log in to OCI.
    2. Go to Governance and Administration > Identity > User.
    3. Click the user you want to use.
    4. Copy the OCID of this user.
    Tenant OCID

    To get the tenant OCID:

    1. Log in to OCI.
    2. Go to Governance and Administration > Administration > Tenancy Details.
    3. Click the Tenancy you want to use.
    4. Copy the OCID of this Tenancy.
    Compartment OCID

    To get the compartment OCID:

    1. Log in to OCI.
    2. Go to Governance and Administration > Identity > Compartments.
    3. Click the compartment that your load balancer is located in.
    4. Copy the OCID of this Tenancy.

    Note: If you don't have a compartment, you can leave this option empty.

    Certificate FortiWeb by default uses the rootCA certificate for authentication with OCI. It's the certificate in System > Admin > Certificates > Admin Cert Local.

Using SDN connector to obtain the HA member information

  1. Go to System > High Availability > Settings, select Active- Passive Mode.
  2. Refer to Configuring High Availability (HA) basic settings for the HA basic settings such as Group ID.
  3. Select the SDN Connector you have created.
  4. Enter the Load Balancer's OCID in LB OCID.

    To get the Load Balancer OCID:

    1. Log in to OCI.
    2. Go to Core Infrastructure > Networking > Load Balancers.
    3. Click the load balancer used for the HA cluster.
    4. Copy the OCID of this load balancer.
  5. The HA members whose traffic is distributed by this load balancer will be listed in the table

Configuring SDN connector

You are required to configure the SDN Connectors if FortiWeb-VMs are in HA Active-Passive mode. This is to notify the load balancer to distribute the traffic to the new master node when fail-over occurs.

Configuring SDN Connectors

  1. Go to Security Fabric > External Connectors.
  2. Click Create New.
  3. Under Public SDN, select Oracle Cloud Infrastructure (OCI). The OCI screen is displayed.
  4. Configure the settings.
  5. Name Enter a name for the SDN Connector.
    Status

    Toggle on to enable the external connector object.

    Toggle off to disable the external connector object.

    Update Interval (s)

    Specify the update interval for the connector to get OCI objects.

    OCI Server Region Type

    If your OCI server region is either “US Federal Cloud with DISA Impact Level 5 Authorization Regions” or “US Government Cloud with FedRAMP Authorization Regions”, please select Government. Otherwise please select Commercial.

    OCI Server Region

    Enter the Region Identifier of your load balancer.

    User OCID

    To get the User OCID:

    1. Log in to OCI.
    2. Go to Governance and Administration > Identity > User.
    3. Click the user you want to use.
    4. Copy the OCID of this user.
    Tenant OCID

    To get the tenant OCID:

    1. Log in to OCI.
    2. Go to Governance and Administration > Administration > Tenancy Details.
    3. Click the Tenancy you want to use.
    4. Copy the OCID of this Tenancy.
    Compartment OCID

    To get the compartment OCID:

    1. Log in to OCI.
    2. Go to Governance and Administration > Identity > Compartments.
    3. Click the compartment that your load balancer is located in.
    4. Copy the OCID of this Tenancy.

    Note: If you don't have a compartment, you can leave this option empty.

    Certificate FortiWeb by default uses the rootCA certificate for authentication with OCI. It's the certificate in System > Admin > Certificates > Admin Cert Local.

Using SDN connector to obtain the HA member information

  1. Go to System > High Availability > Settings, select Active- Passive Mode.
  2. Refer to Configuring High Availability (HA) basic settings for the HA basic settings such as Group ID.
  3. Select the SDN Connector you have created.
  4. Enter the Load Balancer's OCID in LB OCID.

    To get the Load Balancer OCID:

    1. Log in to OCI.
    2. Go to Core Infrastructure > Networking > Load Balancers.
    3. Click the load balancer used for the HA cluster.
    4. Copy the OCID of this load balancer.
  5. The HA members whose traffic is distributed by this load balancer will be listed in the table