Fortinet Document Library

Version:


Table of Contents

Cisco ACI Cookbook

6.4.0
Download PDF
Copy Link

Security Fabric connector integration with Cisco ACI

You can use FortiManager to create Fabric connectors for Cisco ACI, and then install the Fabric connectors to FortiOS.

The Fabric connectors in FortiManager define the type of connector and include information for FortiOS to communicate with and authenticate with the products. In some cases the FortiGate must communicate with products through the Fabric connector, and in other cases the FortiGate communicates directly with the products.

FortiOS works with the Fabric connector to communicate with Cisco ACI.

For information about the Fabric connector, see the Fortinet Document Library.

note icon

You cannot import a policy package for the Fabric connector from FortiOS to FortiManager.

Following is an overview of creating Fabric connectors for Cisco ACI using FortiManager:

  1. Create a Fabric connector. See Creating a Fabric connector for Cisco ACI.
  2. Import address names from Cisco ACI to the Fabric connector. See Importing address names to a Fabric connector. FortiManager imports the address names and converts them to dynamic firewall address objects. The objects do not include IP addresses and display in Firewall Objects > Addresses.
  3. In the policy package in which you are creating the new policy, create an IPv4 policy and include the firewall address objects for Cisco ACI. See Creating an IP address policy.
  4. Install the policy package to FortiOS. See Installing a policy package.

    FortiGate communicates with Cisco ACI to dynamically populate the firewall address objects with IP addresses.

    If the address names change in Cisco ACI after you import them to FortiManager, you must reimport the address names.

Security Fabric connector integration with Cisco ACI

You can use FortiManager to create Fabric connectors for Cisco ACI, and then install the Fabric connectors to FortiOS.

The Fabric connectors in FortiManager define the type of connector and include information for FortiOS to communicate with and authenticate with the products. In some cases the FortiGate must communicate with products through the Fabric connector, and in other cases the FortiGate communicates directly with the products.

FortiOS works with the Fabric connector to communicate with Cisco ACI.

For information about the Fabric connector, see the Fortinet Document Library.

note icon

You cannot import a policy package for the Fabric connector from FortiOS to FortiManager.

Following is an overview of creating Fabric connectors for Cisco ACI using FortiManager:

  1. Create a Fabric connector. See Creating a Fabric connector for Cisco ACI.
  2. Import address names from Cisco ACI to the Fabric connector. See Importing address names to a Fabric connector. FortiManager imports the address names and converts them to dynamic firewall address objects. The objects do not include IP addresses and display in Firewall Objects > Addresses.
  3. In the policy package in which you are creating the new policy, create an IPv4 policy and include the firewall address objects for Cisco ACI. See Creating an IP address policy.
  4. Install the policy package to FortiOS. See Installing a policy package.

    FortiGate communicates with Cisco ACI to dynamically populate the firewall address objects with IP addresses.

    If the address names change in Cisco ACI after you import them to FortiManager, you must reimport the address names.