Creating an Address using the CLI
- Create an Address to use to configure a firewall policy. Open the CLI with administrator credentials. Right-click the Address and select Edit in CLI.
- Configure the filtering rule. This means the SDNConnector will automatically populate and update only instances belonging to the specified VPN that match this filtering condition. The following keys can be used:
1. instanceId (e.g. instanceId=i-12345678)
2. instanceType (e.g. instanceType=t2.micro)
3. imageId (e.g. imageId=ami-123456)
4. keyName (e.g. keyName=aws-key-name)
5. architecture (e.g. architecture=x86)
6. subnetId (e.g. subnetId=sub-123456)
7. placement.availabilityzone (e.g. placement.availabilityzone=us-east-la)
8. placement.groupname (e.g. placement.groupname=group-name)
9. placement.tenancy (e.g. placement.tenancy=tenancy-name)
10. privateDnsName (e.g. privateDnsName=ip-172-31-10-211.us-west-2.compute.internal)
11. publicDnsName (e.g. publicDnsName=ec2-54-202-168-254.us-west-2.compute.amazonaws.com)
12. tag.Name AWSinstance tag called "Name" (e.g. tagName=Value, maximum of 8 tags are supported.)
- For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using the above
6. subnetID. First, check the subnet ID in the AWSmanagement portal.
- Enter set filter
"subnetId=subnet-fb2506a0". In this example, the subnet is 10.0.2.0/24. At this point,
showshows the following:
Note three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, SDN Connector found them through APIs FortiGate called to AWS.