Fortinet Document Library

Version:


Table of Contents

About FortiGate for OCI

Single FortiGate-VM Deployment

Use Case: High Availability for FortiGate on OCI

Deploying FortiGate-VM using Terraform

Security Fabric Connector Integration with OCI

Resources

Upgrade Path Tool
6.0.0
Copy Link

Creating an address via the CLI

  1. Open the FortiOS CLI with admin credentials.
  2. Enter config firewall address.
  3. The prompt becomes the FortiGate hostname and (address)$. Enter edit <address_name> to create an address. For example, if the address name is jkatoociaddress002, enter edit jkatoociaddress002.
  4. Configure the address as a Fabric connector supporting element:
    1. Enter set type dynamic.
    2. Enter set sdn oci.
  5. Configure the filter. Only IP addresses belonging to the specified filter that matches the condition are automatically populated and updated by the Fabric connector. OCI connectors support the following filters:
    1. 'vm_name=<vm name>': This matches a VM instance name.
    2. 'tag.<key>=<value>': This matches a freeform tag key and its value.
    3. 'instance_id=<instance id>': This matches an instance OCID.
    4. 'definedtag.<namespace>.<key>=<value>': This matches a tag namespace, tag key, and its value.

    In this example, let's use 'tag.<key>=<value>', populating IP addresses of instances that have the "jkatoinstance" tag name with the "demomachine" value. Enter set filter tag.jkatoinstance=demomachine. Entering next end saves the configuration and returns to the original indentation you started with.

    You can set filtering conditions using multiple entries with AND ("&") or OR ("|"). When both AND and OR are specified, AND is interpreted first, then OR.

    You can check the syntax by entering set filter ?

    For example, you can enter "tag.<key>=<value> & vm_name=<vm name>". In this case, IP addresses of instances that match both the tag and VM machine name are populated and updated by the SDN Connector. Filter values do not allow wildcards (such as asterisks).

  6. After a few minutes, the new Address will take effect. Repeat steps 1-3, then enter show. You can see the list of IP addresses that have been populated.

Resources

Creating an address via the CLI

  1. Open the FortiOS CLI with admin credentials.
  2. Enter config firewall address.
  3. The prompt becomes the FortiGate hostname and (address)$. Enter edit <address_name> to create an address. For example, if the address name is jkatoociaddress002, enter edit jkatoociaddress002.
  4. Configure the address as a Fabric connector supporting element:
    1. Enter set type dynamic.
    2. Enter set sdn oci.
  5. Configure the filter. Only IP addresses belonging to the specified filter that matches the condition are automatically populated and updated by the Fabric connector. OCI connectors support the following filters:
    1. 'vm_name=<vm name>': This matches a VM instance name.
    2. 'tag.<key>=<value>': This matches a freeform tag key and its value.
    3. 'instance_id=<instance id>': This matches an instance OCID.
    4. 'definedtag.<namespace>.<key>=<value>': This matches a tag namespace, tag key, and its value.

    In this example, let's use 'tag.<key>=<value>', populating IP addresses of instances that have the "jkatoinstance" tag name with the "demomachine" value. Enter set filter tag.jkatoinstance=demomachine. Entering next end saves the configuration and returns to the original indentation you started with.

    You can set filtering conditions using multiple entries with AND ("&") or OR ("|"). When both AND and OR are specified, AND is interpreted first, then OR.

    You can check the syntax by entering set filter ?

    For example, you can enter "tag.<key>=<value> & vm_name=<vm name>". In this case, IP addresses of instances that match both the tag and VM machine name are populated and updated by the SDN Connector. Filter values do not allow wildcards (such as asterisks).

  6. After a few minutes, the new Address will take effect. Repeat steps 1-3, then enter show. You can see the list of IP addresses that have been populated.