Fortinet white logo
Fortinet white logo

CLI Reference

system sdn-connector

Configure connection to SDN Connector.

  config system sdn-connector
      Description: Configure connection to SDN Connector.
      edit <name>
          set status [disable|enable]
          set type [aci|alicloud|...]
          set use-metadata-iam [disable|enable]
          set ha-status [disable|enable]
          set server {string}
          set server-port {integer}
          set username {string}
          set password {password_aes256}
          set vcenter-server {string}
          set vcenter-username {string}
          set vcenter-password {password_aes256}
          set access-key {string}
          set secret-key {password}
          set region {string}
          set vpc-id {string}
          set tenant-id {string}
          set client-id {string}
          set client-secret {password}
          set subscription-id {string}
          set resource-group {string}
          set login-endpoint {string}
          set resource-url {string}
          set azure-region [global|china|...]
          config nic
              Description: Configure Azure network interface.
              edit <name>
                  config ip
                      Description: Configure IP configuration.
                      edit <name>
                          set public-ip {string}
                          set resource-group {string}
                      next
                  end
              next
          end
          config route-table
              Description: Configure Azure route table.
              edit <name>
                  set subscription-id {string}
                  set resource-group {string}
                  config route
                      Description: Configure Azure route.
                      edit <name>
                          set next-hop {string}
                      next
                  end
              next
          end
          set user-id {string}
          set compartment-id {string}
          set oci-region {string}
          set oci-region-type [commercial|government]
          set oci-cert {string}
          set oci-fingerprint {string}
          config external-ip
              Description: Configure GCP external IP.
              edit <name>

              next
          end
          config route
              Description: Configure GCP route.
              edit <name>

              next
          end
          set gcp-project {string}
          set service-account {string}
          set private-key {user}
          set secret-token {user}
          set domain {string}
          set group-name {string}
          set api-key {password}
          set compute-generation {integer}
          set ibm-region-gen1 [us-south|us-east|...]
          set ibm-region-gen2 [us-south|us-east|...]
          set update-interval {integer}
      next
  end

config system sdn-connector

Parameter Name Description Type Size
status Enable/disable connection to the remote SDN connector.
disable: Disable connection to this SDN Connector.
enable: Enable connection to this SDN Connector.
option -
type Type of SDN connector.
aci: Application Centric Infrastructure (ACI).
alicloud: AliCloud Service (ACS).
aws: Amazon Web Services (AWS).
azure: Microsoft Azure.
gcp: Google Cloud Platform (GCP).
nsx: VMware NSX.
nuage: Nuage VSP.
oci: Oracle Cloud Infrastructure.
openstack: OpenStack.
kubernetes: Kubernetes.
vmware: VMware vSphere (vCenter & ESXi).
sepm: Symantec Endpoint Protection Manager.
aci-direct: Application Centric Infrastructure (ACI Direct Connection).
ibm: IBM Cloud Infrastructure.
option -
use-metadata-iam Enable/disable use of IAM role from metadata to call API.
disable: Disable using IAM role to call API.
enable: Enable using IAM role to call API.
option -
ha-status Enable/disable use for FortiGate HA service.
disable: Disable use for FortiGate HA service.
enable: Enable use for FortiGate HA service.
option -
server Server address of the remote SDN connector. string Maximum length: 127
server-port Port number of the remote SDN connector. integer Minimum value: 0 Maximum value: 65535
username Username of the remote SDN connector as login credentials. string Maximum length: 64
password Password of the remote SDN connector as login credentials. password_aes256 Not Specified
vcenter-server vCenter server address for NSX quarantine. string Maximum length: 127
vcenter-username vCenter server username for NSX quarantine. string Maximum length: 64
vcenter-password vCenter server password for NSX quarantine. password_aes256 Not Specified
access-key AWS / ACS access key ID. string Maximum length: 31
secret-key AWS / ACS secret access key. password Not Specified
region AWS / ACS region name. string Maximum length: 31
vpc-id AWS VPC ID. string Maximum length: 31
tenant-id Tenant ID (directory ID). string Maximum length: 127
client-id Azure client ID (application ID). string Maximum length: 63
client-secret Azure client secret (application key). password Not Specified
subscription-id Azure subscription ID. string Maximum length: 63
resource-group Azure resource group. string Maximum length: 63
login-endpoint Azure Stack login endpoint. string Maximum length: 127
resource-url Azure Stack resource URL. string Maximum length: 127
azure-region Azure server region.
global: Global Azure Server.
china: China Azure Server.
germany: Germany Azure Server.
usgov: US Government Azure Server.
local: Azure Stack Local Server.
option -
user-id User ID. string Maximum length: 127
compartment-id Compartment ID. string Maximum length: 127
oci-region OCI server region. string Maximum length: 31
oci-region-type OCI region type.
commercial: Commercial region.
government: Government region.
option -
oci-cert OCI certificate. string Maximum length: 63
oci-fingerprint OCI pubkey fingerprint. string Maximum length: 63
gcp-project GCP project name. string Maximum length: 127
service-account GCP service account email. string Maximum length: 127
private-key Private key of GCP service account. user Not Specified
secret-token Secret token of Kubernetes service account. user Not Specified
domain Domain name. string Maximum length: 127
group-name Group name of computers. string Maximum length: 127
api-key IBM cloud API key or service ID API key. password Not Specified
compute-generation Compute generation for IBM cloud infrastructure. integer Minimum value: 1 Maximum value: 2
ibm-region-gen1 IBM cloud compute generation 1 region name.
us-south: US South (Dallas) Server.
us-east: US East (Washington DC) Server.
germany: Germany (Frankfurt) Server.
great-britain: Great Britain (London) Server.
japan: Japan (Tokyo) Server.
australia: Australia (Sydney) Server.
option -
ibm-region-gen2 IBM cloud compute generation 2 region name.
us-south: US South (Dallas) Server.
us-east: US East (Washington DC) Server.
great-britain: Great Britain (London) Server.
option -
update-interval Dynamic object update interval (30 - 3600 sec, default = 60, 0 = disabled). integer Minimum value: 0 Maximum value: 3600

config ip

Parameter Name Description Type Size
public-ip Public IP name. string Maximum length: 63
resource-group Resource group of Azure public IP. string Maximum length: 63

config route-table

Parameter Name Description Type Size
subscription-id Subscription ID of Azure route table. string Maximum length: 63
resource-group Resource group of Azure route table. string Maximum length: 63

config route

Parameter Name Description Type Size
next-hop Next hop address. string Maximum length: 127

system sdn-connector

Configure connection to SDN Connector.

  config system sdn-connector
      Description: Configure connection to SDN Connector.
      edit <name>
          set status [disable|enable]
          set type [aci|alicloud|...]
          set use-metadata-iam [disable|enable]
          set ha-status [disable|enable]
          set server {string}
          set server-port {integer}
          set username {string}
          set password {password_aes256}
          set vcenter-server {string}
          set vcenter-username {string}
          set vcenter-password {password_aes256}
          set access-key {string}
          set secret-key {password}
          set region {string}
          set vpc-id {string}
          set tenant-id {string}
          set client-id {string}
          set client-secret {password}
          set subscription-id {string}
          set resource-group {string}
          set login-endpoint {string}
          set resource-url {string}
          set azure-region [global|china|...]
          config nic
              Description: Configure Azure network interface.
              edit <name>
                  config ip
                      Description: Configure IP configuration.
                      edit <name>
                          set public-ip {string}
                          set resource-group {string}
                      next
                  end
              next
          end
          config route-table
              Description: Configure Azure route table.
              edit <name>
                  set subscription-id {string}
                  set resource-group {string}
                  config route
                      Description: Configure Azure route.
                      edit <name>
                          set next-hop {string}
                      next
                  end
              next
          end
          set user-id {string}
          set compartment-id {string}
          set oci-region {string}
          set oci-region-type [commercial|government]
          set oci-cert {string}
          set oci-fingerprint {string}
          config external-ip
              Description: Configure GCP external IP.
              edit <name>

              next
          end
          config route
              Description: Configure GCP route.
              edit <name>

              next
          end
          set gcp-project {string}
          set service-account {string}
          set private-key {user}
          set secret-token {user}
          set domain {string}
          set group-name {string}
          set api-key {password}
          set compute-generation {integer}
          set ibm-region-gen1 [us-south|us-east|...]
          set ibm-region-gen2 [us-south|us-east|...]
          set update-interval {integer}
      next
  end

config system sdn-connector

Parameter Name Description Type Size
status Enable/disable connection to the remote SDN connector.
disable: Disable connection to this SDN Connector.
enable: Enable connection to this SDN Connector.
option -
type Type of SDN connector.
aci: Application Centric Infrastructure (ACI).
alicloud: AliCloud Service (ACS).
aws: Amazon Web Services (AWS).
azure: Microsoft Azure.
gcp: Google Cloud Platform (GCP).
nsx: VMware NSX.
nuage: Nuage VSP.
oci: Oracle Cloud Infrastructure.
openstack: OpenStack.
kubernetes: Kubernetes.
vmware: VMware vSphere (vCenter & ESXi).
sepm: Symantec Endpoint Protection Manager.
aci-direct: Application Centric Infrastructure (ACI Direct Connection).
ibm: IBM Cloud Infrastructure.
option -
use-metadata-iam Enable/disable use of IAM role from metadata to call API.
disable: Disable using IAM role to call API.
enable: Enable using IAM role to call API.
option -
ha-status Enable/disable use for FortiGate HA service.
disable: Disable use for FortiGate HA service.
enable: Enable use for FortiGate HA service.
option -
server Server address of the remote SDN connector. string Maximum length: 127
server-port Port number of the remote SDN connector. integer Minimum value: 0 Maximum value: 65535
username Username of the remote SDN connector as login credentials. string Maximum length: 64
password Password of the remote SDN connector as login credentials. password_aes256 Not Specified
vcenter-server vCenter server address for NSX quarantine. string Maximum length: 127
vcenter-username vCenter server username for NSX quarantine. string Maximum length: 64
vcenter-password vCenter server password for NSX quarantine. password_aes256 Not Specified
access-key AWS / ACS access key ID. string Maximum length: 31
secret-key AWS / ACS secret access key. password Not Specified
region AWS / ACS region name. string Maximum length: 31
vpc-id AWS VPC ID. string Maximum length: 31
tenant-id Tenant ID (directory ID). string Maximum length: 127
client-id Azure client ID (application ID). string Maximum length: 63
client-secret Azure client secret (application key). password Not Specified
subscription-id Azure subscription ID. string Maximum length: 63
resource-group Azure resource group. string Maximum length: 63
login-endpoint Azure Stack login endpoint. string Maximum length: 127
resource-url Azure Stack resource URL. string Maximum length: 127
azure-region Azure server region.
global: Global Azure Server.
china: China Azure Server.
germany: Germany Azure Server.
usgov: US Government Azure Server.
local: Azure Stack Local Server.
option -
user-id User ID. string Maximum length: 127
compartment-id Compartment ID. string Maximum length: 127
oci-region OCI server region. string Maximum length: 31
oci-region-type OCI region type.
commercial: Commercial region.
government: Government region.
option -
oci-cert OCI certificate. string Maximum length: 63
oci-fingerprint OCI pubkey fingerprint. string Maximum length: 63
gcp-project GCP project name. string Maximum length: 127
service-account GCP service account email. string Maximum length: 127
private-key Private key of GCP service account. user Not Specified
secret-token Secret token of Kubernetes service account. user Not Specified
domain Domain name. string Maximum length: 127
group-name Group name of computers. string Maximum length: 127
api-key IBM cloud API key or service ID API key. password Not Specified
compute-generation Compute generation for IBM cloud infrastructure. integer Minimum value: 1 Maximum value: 2
ibm-region-gen1 IBM cloud compute generation 1 region name.
us-south: US South (Dallas) Server.
us-east: US East (Washington DC) Server.
germany: Germany (Frankfurt) Server.
great-britain: Great Britain (London) Server.
japan: Japan (Tokyo) Server.
australia: Australia (Sydney) Server.
option -
ibm-region-gen2 IBM cloud compute generation 2 region name.
us-south: US South (Dallas) Server.
us-east: US East (Washington DC) Server.
great-britain: Great Britain (London) Server.
option -
update-interval Dynamic object update interval (30 - 3600 sec, default = 60, 0 = disabled). integer Minimum value: 0 Maximum value: 3600

config ip

Parameter Name Description Type Size
public-ip Public IP name. string Maximum length: 63
resource-group Resource group of Azure public IP. string Maximum length: 63

config route-table

Parameter Name Description Type Size
subscription-id Subscription ID of Azure route table. string Maximum length: 63
resource-group Resource group of Azure route table. string Maximum length: 63

config route

Parameter Name Description Type Size
next-hop Next hop address. string Maximum length: 127