Fortinet black logo

Azure Administration Guide

Configuring a Fabric connector in Azure

Copy Link
Copy Doc ID 0489513b-b3c1-11e9-a989-00505692583a:502895
Download PDF

Configuring a Fabric connector in Azure

In this section, you configure FortiGate software-defined network (SDN) (Fabric) connector for use with Azure.

In the FortiGate interface, these connectors are called Fabric connectors and are SDN connectors that provide integration and orchestration of Fortinet products with key SDN solutions. The Fortinet Security Fabric provides visibility into your security posture across multiple cloud networks, spanning private, public, and software as a service clouds. In SDNs like Azure, dynamic objects and resources can be cumbersome to secure using traditional firewall policies. By using the Fabric connector with the Azure infrastructure as a service, FortiOS can automatically update changes to attributes in the Azure environment in the Security Fabric. This helps integrate and orchestrate FortiOS IPv4 policies going forward.

Before installing and configuring the Azure Fabric connector, the following Azure infrastructure and Fortinet FortiGate-VM components should be in place:

  • Valid Azure account and subscription. The account can be one that your organization established or simply one of the free trial options available from Azure. If you do not specify the resource group, you can find all resources that the account has access to.
  • FortiGate-VM deployed in Azure
  • IPv4 outbound policy from the FortiGate-VM on port2 (internal) to port1 (external)
  • VM instance of a resource in the Azure environment

This section describes configuring an Azure Fabric connector to connect the FortiGate to connect to the Azure backend. This configuration allows easy reference of dynamic Azure objects when creating FortiOS firewall policies. If the FortiGate is a virtual device in one of those environments, it is likely to be the only connector configured.

Configuring a Fabric connector consists of the following steps:

  1. Create a Fabric connector in one of the following ways:
    1. Creating an Azure Fabric connector using service principal
    2. Creating a Fabric connector using a managed identity
  2. Create an address. See Creating an address.
  3. Configure the dynamic address in a policy. See Dynamic address in a policy.

Configuring a Fabric connector in Azure

In this section, you configure FortiGate software-defined network (SDN) (Fabric) connector for use with Azure.

In the FortiGate interface, these connectors are called Fabric connectors and are SDN connectors that provide integration and orchestration of Fortinet products with key SDN solutions. The Fortinet Security Fabric provides visibility into your security posture across multiple cloud networks, spanning private, public, and software as a service clouds. In SDNs like Azure, dynamic objects and resources can be cumbersome to secure using traditional firewall policies. By using the Fabric connector with the Azure infrastructure as a service, FortiOS can automatically update changes to attributes in the Azure environment in the Security Fabric. This helps integrate and orchestrate FortiOS IPv4 policies going forward.

Before installing and configuring the Azure Fabric connector, the following Azure infrastructure and Fortinet FortiGate-VM components should be in place:

  • Valid Azure account and subscription. The account can be one that your organization established or simply one of the free trial options available from Azure. If you do not specify the resource group, you can find all resources that the account has access to.
  • FortiGate-VM deployed in Azure
  • IPv4 outbound policy from the FortiGate-VM on port2 (internal) to port1 (external)
  • VM instance of a resource in the Azure environment

This section describes configuring an Azure Fabric connector to connect the FortiGate to connect to the Azure backend. This configuration allows easy reference of dynamic Azure objects when creating FortiOS firewall policies. If the FortiGate is a virtual device in one of those environments, it is likely to be the only connector configured.

Configuring a Fabric connector consists of the following steps:

  1. Create a Fabric connector in one of the following ways:
    1. Creating an Azure Fabric connector using service principal
    2. Creating a Fabric connector using a managed identity
  2. Create an address. See Creating an address.
  3. Configure the dynamic address in a policy. See Dynamic address in a policy.