Fortinet Document Library

Version:


Table of Contents

About FortiGate for OCI

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on OCI

Deploying FortiGate-VM using Terraform

Security Fabric Connector Integration with OCI

Resources

Upgrade Path Tool
6.0.0
Copy Link

Configuring OCI SDN Connector

  1. In FortiOS, go to Security Fabric > Fabric Connectors. Click Create New, then select Oracle Cloud Infrastructure (OCI).

    Note

    You can create only one SDN Connector per connector type. For example, you can create only one Connector for OCI.

  2. Configure the Connector as follows:
    1. Name: Enter the desired Connector name.
    2. User ID: Enter the OCID of the OCI user who belongs to the administrator group. You can find the OCID on the OCI portal as shown:

      The user must be in the Administrators Group on OCI.

    3. Tenant ID: Enter the tenant's OCID. You can find this on the OCI portal as shown:

    4. Compartment ID: Enter the compartment's OCID. If you have multiple compartments, choose the desired one. You can find this on the OCI portal as shown:

    5. OCI Region: Choose the one currently in use.
    6. OCI Certificate: You can choose a built-in default certificate called Fortinet_Factor. You can also select your own custom certificate. For instructions on creating a custom certificate, see Using a Custom Certificate.
  3. At this stage, you must register the certificate's fingerprint to the specified OCI user.
    1. Go to the OCI user, then API Keys > Add Public Key.

    2. In FortiOS, go to System > Certificate. Select Fortinet_Factory, then click Download.

    3. You now have the Fortinet_Factory.cer file. Create a public key file in PEM format from it, using a freely available tool of your choice such as openssl.
    4. Copy and paste the content of the PEM file in the Add Public Key window in OCI. Click Add.

    5. You now see the fingerprint.

      You can configure the following for the fingerprint:

      1. Update Interval: The default value is 60 seconds. You can change the value to between 1 and 3600 seconds.
      2. Status: Green means that the Connector is enabled. You can disable it at any time by toggling the switch.
    6. Click OK. The SDN Connector is now configured.

      You can also configure the SDN Connector using the CLI console. Execute the following commands. In this example, the OCI connector name is "oci-sdn".

      config system sdn-connector

      edit "<OCI connector name>"

      The show command will show what are currently configured. To set each element, execute set <element> <value> and then next end saves the configuration and returns to the original indentation that you started with.

      You can also see the configuration by running get <OCI connector name>. In this case, type get oci-sdn.

Resources

Configuring OCI SDN Connector

  1. In FortiOS, go to Security Fabric > Fabric Connectors. Click Create New, then select Oracle Cloud Infrastructure (OCI).

    Note

    You can create only one SDN Connector per connector type. For example, you can create only one Connector for OCI.

  2. Configure the Connector as follows:
    1. Name: Enter the desired Connector name.
    2. User ID: Enter the OCID of the OCI user who belongs to the administrator group. You can find the OCID on the OCI portal as shown:

      The user must be in the Administrators Group on OCI.

    3. Tenant ID: Enter the tenant's OCID. You can find this on the OCI portal as shown:

    4. Compartment ID: Enter the compartment's OCID. If you have multiple compartments, choose the desired one. You can find this on the OCI portal as shown:

    5. OCI Region: Choose the one currently in use.
    6. OCI Certificate: You can choose a built-in default certificate called Fortinet_Factor. You can also select your own custom certificate. For instructions on creating a custom certificate, see Using a Custom Certificate.
  3. At this stage, you must register the certificate's fingerprint to the specified OCI user.
    1. Go to the OCI user, then API Keys > Add Public Key.

    2. In FortiOS, go to System > Certificate. Select Fortinet_Factory, then click Download.

    3. You now have the Fortinet_Factory.cer file. Create a public key file in PEM format from it, using a freely available tool of your choice such as openssl.
    4. Copy and paste the content of the PEM file in the Add Public Key window in OCI. Click Add.

    5. You now see the fingerprint.

      You can configure the following for the fingerprint:

      1. Update Interval: The default value is 60 seconds. You can change the value to between 1 and 3600 seconds.
      2. Status: Green means that the Connector is enabled. You can disable it at any time by toggling the switch.
    6. Click OK. The SDN Connector is now configured.

      You can also configure the SDN Connector using the CLI console. Execute the following commands. In this example, the OCI connector name is "oci-sdn".

      config system sdn-connector

      edit "<OCI connector name>"

      The show command will show what are currently configured. To set each element, execute set <element> <value> and then next end saves the configuration and returns to the original indentation that you started with.

      You can also see the configuration by running get <OCI connector name>. In this case, type get oci-sdn.