Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.4.0
Download PDF
Copy Link

Azure SDN connector using ServiceTag and Region filter keys

The ServiceTag and Region filter keys can be used in Azure SDN connectors to filter service tag IP ranges. These can be used in dynamic firewall addresses.

To use the new filters keys in the GUI:
  1. Create an Azure SDN connector:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. Select Microsoft Azure.
    3. Configure the connector:

    4. Click OK.
  2. Create a dynamic firewall address for the Azure connector, filtering based on the servicetag and region:
    1. Go to Policy & Objects > Addresses and click Create New > Address.
    2. Configure the address, adding two filters: ServiceTag=ApiManagement and Region=canadacentral:

    3. Click OK.
    4. Hover the cursor over the address name to see the dynamic IP addresses that are resolved by the connector:

To use the new filters keys in the CLI:
  1. Create an Azure SDN connector:
    config system sdn-connector
        edit "azure1"
            set type azure
            set tenant-id "942b80cd-1b14-42a1-8dcf-4b21dece61ba"
            set client-id "44e79db7-621d-46f3-8625-58e209654e58"
            set client-secret xxxxxx
        next
    end
  2. Create a dynamic firewall address for the Azure connector, filtering based on the servicetag and region:
    config firewall address
        edit "azure-address-sertag1-o-region1"
            set type dynamic
            set sdn "azure1"
            set color 2
            set filter "ServiceTag=ApiManagement | Region=canadacentral"
        next
    end
  3. View the dynamic IP addresses that are resolved by the connector:
    # show firewall address azure-address-sertag1
    config firewall address
        edit "azure-address-sertag1"
            set uuid 50a0afd4-b1bf-51ea-651b-f9ba7f6db455
            set type dynamic
            set sdn "azure1"
            set color 2
            set filter "ServiceTag=ApiManagement | Region=canadacentral"
            config list
                edit "102.133.0.79/32"
                next
                edit "102.133.130.197/32"
                next
                ...
                edit "13.78.108.176/28"
                next
                edit "13.86.102.66/32"
                next
                ...
            end
        next
    end

Resources

Azure SDN connector using ServiceTag and Region filter keys

The ServiceTag and Region filter keys can be used in Azure SDN connectors to filter service tag IP ranges. These can be used in dynamic firewall addresses.

To use the new filters keys in the GUI:
  1. Create an Azure SDN connector:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. Select Microsoft Azure.
    3. Configure the connector:

    4. Click OK.
  2. Create a dynamic firewall address for the Azure connector, filtering based on the servicetag and region:
    1. Go to Policy & Objects > Addresses and click Create New > Address.
    2. Configure the address, adding two filters: ServiceTag=ApiManagement and Region=canadacentral:

    3. Click OK.
    4. Hover the cursor over the address name to see the dynamic IP addresses that are resolved by the connector:

To use the new filters keys in the CLI:
  1. Create an Azure SDN connector:
    config system sdn-connector
        edit "azure1"
            set type azure
            set tenant-id "942b80cd-1b14-42a1-8dcf-4b21dece61ba"
            set client-id "44e79db7-621d-46f3-8625-58e209654e58"
            set client-secret xxxxxx
        next
    end
  2. Create a dynamic firewall address for the Azure connector, filtering based on the servicetag and region:
    config firewall address
        edit "azure-address-sertag1-o-region1"
            set type dynamic
            set sdn "azure1"
            set color 2
            set filter "ServiceTag=ApiManagement | Region=canadacentral"
        next
    end
  3. View the dynamic IP addresses that are resolved by the connector:
    # show firewall address azure-address-sertag1
    config firewall address
        edit "azure-address-sertag1"
            set uuid 50a0afd4-b1bf-51ea-651b-f9ba7f6db455
            set type dynamic
            set sdn "azure1"
            set color 2
            set filter "ServiceTag=ApiManagement | Region=canadacentral"
            config list
                edit "102.133.0.79/32"
                next
                edit "102.133.130.197/32"
                next
                ...
                edit "13.78.108.176/28"
                next
                edit "13.86.102.66/32"
                next
                ...
            end
        next
    end