Fortinet Document Library

Version:


Table of Contents

Security Fabric Integration with ACI

6.2.0
Download PDF
Copy Link

Creating fabric connectors for ACI

You can use FortiManager to create SDN fabric connectors for Cisco Application Centric Infrastructure (ACI), and then install the fabric connector settings to FortiGates.

The fabric connectors in FortiManager define the type of connector and include information for FortiGate to communicate with and authenticate with the products. In some cases FortiGate units must communicate with products through the Fortinet SDN Connector, and in other cases FortiGate units communicate directly with the products.

FortiGate works with Fortinet SDN Connector to communicate with ACI.

For more information about Fortinet SDN Connector, see the Fortinet Document Library.

note icon

You cannot import a policy package for Fortinet SDN Connector from FortiGate to FortiManager.

Following is an overview of how to create fabric connectors for ACI by using FortiManager:

  1. Create a fabric connector object for ACI. See Creating fabric connector objects for ACI.
  2. Import address names from ACI to the fabric connector object. See Importing address names to fabric connectors.

    The address names are imported and converted to dynamic firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.

  3. In the policy package in which you will be creating the new policy, create an IPv4 policy and include the firewall address objects for ACI. See Creating IP policies.
  4. Install the policy package to FortiGate. See Installing policy packages.

    FortiGate uses the information and Fortinet SDN Connector to communicate with ACI and dynamically populate the firewall address objects with IP addresses.

If the address names change in ACI after you import them to FortiManager, you must import the address names again.

Creating fabric connectors for ACI

You can use FortiManager to create SDN fabric connectors for Cisco Application Centric Infrastructure (ACI), and then install the fabric connector settings to FortiGates.

The fabric connectors in FortiManager define the type of connector and include information for FortiGate to communicate with and authenticate with the products. In some cases FortiGate units must communicate with products through the Fortinet SDN Connector, and in other cases FortiGate units communicate directly with the products.

FortiGate works with Fortinet SDN Connector to communicate with ACI.

For more information about Fortinet SDN Connector, see the Fortinet Document Library.

note icon

You cannot import a policy package for Fortinet SDN Connector from FortiGate to FortiManager.

Following is an overview of how to create fabric connectors for ACI by using FortiManager:

  1. Create a fabric connector object for ACI. See Creating fabric connector objects for ACI.
  2. Import address names from ACI to the fabric connector object. See Importing address names to fabric connectors.

    The address names are imported and converted to dynamic firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.

  3. In the policy package in which you will be creating the new policy, create an IPv4 policy and include the firewall address objects for ACI. See Creating IP policies.
  4. Install the policy package to FortiGate. See Installing policy packages.

    FortiGate uses the information and Fortinet SDN Connector to communicate with ACI and dynamically populate the firewall address objects with IP addresses.

If the address names change in ACI after you import them to FortiManager, you must import the address names again.