Fortinet Document Library

Version:


Table of Contents

AWS Cookbook

6.4.0
Download PDF
Copy Link

Security Fabric connector integration with AWS

You can use FortiManager to create Fabric connectors for AWS and install the Fabric connectors to FortiOS.

The Fabric connectors in FortiManager define the connector type and include information for FortiOS to communicate with and authenticate with the products. In some cases the FortiGate must communicate with products through the Fabric connector, and in other cases the FortiGate communicates directly with the products.

FortiOS works without the Fabric connector to communicate directly with AWS.

Following is an overview of creating Fabric connectors for AWS using FortiManager:

  1. Create a Fabric connector object for AWS. See Creating Fabric connector objects for AWS.
  2. Import address names from AWS to the Fabric connector object. See Importing address names to fabric connectors.

    The address names are imported and converted to firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.

  3. In the policy package in which you will be creating the new policy, create an IPv4 policy and include the firewall address objects for AWS. See Creating an IP address policy.
  4. Install the policy package to FortiGate. See Installing a policy package.

    FortiGate communicates with AWS to dynamically populate the firewall address objects with IP addresses.

If the filter names change in AWS after you import them to FortiManager, you must modify the filter again.

Security Fabric connector integration with AWS

You can use FortiManager to create Fabric connectors for AWS and install the Fabric connectors to FortiOS.

The Fabric connectors in FortiManager define the connector type and include information for FortiOS to communicate with and authenticate with the products. In some cases the FortiGate must communicate with products through the Fabric connector, and in other cases the FortiGate communicates directly with the products.

FortiOS works without the Fabric connector to communicate directly with AWS.

Following is an overview of creating Fabric connectors for AWS using FortiManager:

  1. Create a Fabric connector object for AWS. See Creating Fabric connector objects for AWS.
  2. Import address names from AWS to the Fabric connector object. See Importing address names to fabric connectors.

    The address names are imported and converted to firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.

  3. In the policy package in which you will be creating the new policy, create an IPv4 policy and include the firewall address objects for AWS. See Creating an IP address policy.
  4. Install the policy package to FortiGate. See Installing a policy package.

    FortiGate communicates with AWS to dynamically populate the firewall address objects with IP addresses.

If the filter names change in AWS after you import them to FortiManager, you must modify the filter again.