Fortinet black logo

Cookbook

OCI SDN connector

Copy Link
Copy Doc ID 3c219ad1-1ba7-11ea-9384-00505692583a:480499
Download PDF

You can configure Security Fabric connector integration with Oracle Cloud Infrastructure (OCI).

To configure an OCI SDN connector in the CLI:
  1. Configure an SDN connector:
    config system sdn-connector
        edit "oci1"
            set status enable
            set type oci
            set tenant-id "ocid1.tenancy.oc1..aaaaaaaaaaa3aaaaaaaaaaaaaaaaa77xxxxxx54bbbbbb4xxxx35xx55xxxx"
            set user-id "ocid1.user.oc1..aaaaaaaaa2laaaaa3aaaaaaaaaabbbbbbbbbbcccc3ccccccccccxxxxxxxx"
            set compartment-id "ocid1.compartment.oc1..aaaaaaaaaaaaaaaaaa7bbbbbbbbbbcccccccccc6xxx53xxxx7xxxxxxxxxx"
            set oci-region "us-ashburn-1"
            set oci-region-type commercial
            set oci-cert "cert-sha2"
            set update-interval 30
        next
    end
  2. Create a dynamic firewall address for the SDN connector with a supported filter:
    config firewall address
        edit "oci-address-1"
            set uuid 0b4a496e-8974-51e9-e223-fee75c935fb7
            set type dynamic
            set sdn "oci1"
            set filter "CompartmentName=DevelopmentEngineering"
        next
    end
To configure an OCI SDN connector in the GUI:
  1. Go to Security Fabric > Fabric Connectors and click Create New.
  2. In the Public SDN section, select Oracle Cloud Infrastructure (OCI).
  3. Configuration the connector as needed.

  4. Click OK.
  5. Go to Policy & Objects > Addresses and click Create New > Address.
  6. Configure the address as needed, selecting the OCI connector in the SDN Connector field.

  7. Click OK.
To confirm that dynamic firewall addresses are resolved by the SDN connector:
  1. In the CLI, check that the addresses are listed:
    config firewall address
        edit "oci-address-1"
            set uuid 0b4a496e-8974-51e9-e223-fee75c935fb7
            set type dynamic
            set sdn "oci1"
            set filter "CompartmentName=DevelopmentEngineering"
            config list
                edit "10.0.0.11"
                next
                edit "10.0.0.118"
                next
                ...
                next
            end
        next
    end
  2. In the GUI, go to Policy & Objects > Addresses and hover the cursor over the address name.

You can configure Security Fabric connector integration with Oracle Cloud Infrastructure (OCI).

To configure an OCI SDN connector in the CLI:
  1. Configure an SDN connector:
    config system sdn-connector
        edit "oci1"
            set status enable
            set type oci
            set tenant-id "ocid1.tenancy.oc1..aaaaaaaaaaa3aaaaaaaaaaaaaaaaa77xxxxxx54bbbbbb4xxxx35xx55xxxx"
            set user-id "ocid1.user.oc1..aaaaaaaaa2laaaaa3aaaaaaaaaabbbbbbbbbbcccc3ccccccccccxxxxxxxx"
            set compartment-id "ocid1.compartment.oc1..aaaaaaaaaaaaaaaaaa7bbbbbbbbbbcccccccccc6xxx53xxxx7xxxxxxxxxx"
            set oci-region "us-ashburn-1"
            set oci-region-type commercial
            set oci-cert "cert-sha2"
            set update-interval 30
        next
    end
  2. Create a dynamic firewall address for the SDN connector with a supported filter:
    config firewall address
        edit "oci-address-1"
            set uuid 0b4a496e-8974-51e9-e223-fee75c935fb7
            set type dynamic
            set sdn "oci1"
            set filter "CompartmentName=DevelopmentEngineering"
        next
    end
To configure an OCI SDN connector in the GUI:
  1. Go to Security Fabric > Fabric Connectors and click Create New.
  2. In the Public SDN section, select Oracle Cloud Infrastructure (OCI).
  3. Configuration the connector as needed.

  4. Click OK.
  5. Go to Policy & Objects > Addresses and click Create New > Address.
  6. Configure the address as needed, selecting the OCI connector in the SDN Connector field.

  7. Click OK.
To confirm that dynamic firewall addresses are resolved by the SDN connector:
  1. In the CLI, check that the addresses are listed:
    config firewall address
        edit "oci-address-1"
            set uuid 0b4a496e-8974-51e9-e223-fee75c935fb7
            set type dynamic
            set sdn "oci1"
            set filter "CompartmentName=DevelopmentEngineering"
            config list
                edit "10.0.0.11"
                next
                edit "10.0.0.118"
                next
                ...
                next
            end
        next
    end
  2. In the GUI, go to Policy & Objects > Addresses and hover the cursor over the address name.