Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.4.3 Administration Guide
    7.4.3
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Public and private SDN connectors

    Public and private SDN connectors

    Cloud SDN connectors provide integration and orchestration of Fortinet products with public and private cloud solutions. In a typical cloud environment, resources are dynamic and often provisioned and scaled on-demand. By using an SDN connector, you can ensure that changes to cloud environment attributes are automatically updated in the Security Fabric.

    To protect the East-West or North-South traffic in these environments, the FortiGate uses the SDN connector to sync the dynamic addresses that these volatile environments use. You can then configure the dynamic address objects as sources or destinations for firewall policies. When you make changes to cloud environment resources, such as moving them to a new location or assigning different IP addresses to them, you do not need to modify the policy in FortiOS, as the SDN connector syncs changes to the cloud address objects.

    These configurations consist of three primary steps:

    1. Configure the cloud SDN connector to connect your FortiGate and public or private cloud account.
    2. Create dynamic address objects to use the SDN connector. Use filters to sync only cloud address objects that you require.
    3. Apply the dynamic address objects to your firewall policy to protect your traffic.

    This chapter explores the steps in detail and describes how to connect to each currently supported cloud platform. This chapter does not discuss cloud account role-based or permission requirements. The respective cloud documents contain this information.

    The following external connectors are available in the Security Fabric:

    Category

    Connector

    Example configuration

    Public SDN

    Amazon Web Services (AWS)

    AWS SDN connector using access keys

    Microsoft Azure

    Azure SDN connector using service principal

    Google Cloud Platform (GCP)

    GCP SDN connector using service account

    Oracle Cloud Infrastructure (OCI)

    OCI SDN connector using certificates

    IBM Cloud

    IBM Cloud SDN connector using API keys

    AliCloud

    AliCloud SDN connector using access key

    Private SDN

    Kubernetes

    Kubernetes (K8s) SDN connectors

    VMware ESXi

    VMware ESXi SDN connector using server credentials

    VMware NSX

    VMware NSX-T Manager SDN connector using NSX-T Manager credentials

    OpenStack (Horizon)

    OpenStack SDN connector using node credentials

    Application Centric Infrastructure (ACI)

    Cisco ACI SDN connector using a standalone connector

    Nuage Virtualized Services Platform

    Nuage SDN connector using server credentials

    Nutanix

    Nutanix SDN connector using server credentials

    SAP

    SAP SDN connector

    Endpoint/Identity

    FSSO Agent on Windows AD

    Fortinet single sign-on agent

    Symantec Endpoint Protection

    Symantec endpoint connector

    Poll Active Directory Server

    Poll Active Directory server

    RADIUS Single Sign-On Agent

    RADIUS single sign-on agent

    Exchange Server

    Exchange Server connector

    Threat Feeds

    FortiGuard Category

    Threat feeds

    IP Address

    IP address threat feed

    Domain Name

    Domain name threat feed

    Malware Hash

    Malware hash threat feed

    Note

    If VDOMs are enabled, SDN and Threat Feeds connectors are in the global settings, and Endpoint/Identity connectors are per VDOM.
    Previous
    Next

    Public and private SDN connectors

    Public and private SDN connectors

    Cloud SDN connectors provide integration and orchestration of Fortinet products with public and private cloud solutions. In a typical cloud environment, resources are dynamic and often provisioned and scaled on-demand. By using an SDN connector, you can ensure that changes to cloud environment attributes are automatically updated in the Security Fabric.

    To protect the East-West or North-South traffic in these environments, the FortiGate uses the SDN connector to sync the dynamic addresses that these volatile environments use. You can then configure the dynamic address objects as sources or destinations for firewall policies. When you make changes to cloud environment resources, such as moving them to a new location or assigning different IP addresses to them, you do not need to modify the policy in FortiOS, as the SDN connector syncs changes to the cloud address objects.

    These configurations consist of three primary steps:

    1. Configure the cloud SDN connector to connect your FortiGate and public or private cloud account.
    2. Create dynamic address objects to use the SDN connector. Use filters to sync only cloud address objects that you require.
    3. Apply the dynamic address objects to your firewall policy to protect your traffic.

    This chapter explores the steps in detail and describes how to connect to each currently supported cloud platform. This chapter does not discuss cloud account role-based or permission requirements. The respective cloud documents contain this information.

    The following external connectors are available in the Security Fabric:

    Category

    Connector

    Example configuration

    Public SDN

    Amazon Web Services (AWS)

    AWS SDN connector using access keys

    Microsoft Azure

    Azure SDN connector using service principal

    Google Cloud Platform (GCP)

    GCP SDN connector using service account

    Oracle Cloud Infrastructure (OCI)

    OCI SDN connector using certificates

    IBM Cloud

    IBM Cloud SDN connector using API keys

    AliCloud

    AliCloud SDN connector using access key

    Private SDN

    Kubernetes

    Kubernetes (K8s) SDN connectors

    VMware ESXi

    VMware ESXi SDN connector using server credentials

    VMware NSX

    VMware NSX-T Manager SDN connector using NSX-T Manager credentials

    OpenStack (Horizon)

    OpenStack SDN connector using node credentials

    Application Centric Infrastructure (ACI)

    Cisco ACI SDN connector using a standalone connector

    Nuage Virtualized Services Platform

    Nuage SDN connector using server credentials

    Nutanix

    Nutanix SDN connector using server credentials

    SAP

    SAP SDN connector

    Endpoint/Identity

    FSSO Agent on Windows AD

    Fortinet single sign-on agent

    Symantec Endpoint Protection

    Symantec endpoint connector

    Poll Active Directory Server

    Poll Active Directory server

    RADIUS Single Sign-On Agent

    RADIUS single sign-on agent

    Exchange Server

    Exchange Server connector

    Threat Feeds

    FortiGuard Category

    Threat feeds

    IP Address

    IP address threat feed

    Domain Name

    Domain name threat feed

    Malware Hash

    Malware hash threat feed

    Note

    If VDOMs are enabled, SDN and Threat Feeds connectors are in the global settings, and Endpoint/Identity connectors are per VDOM.
    Previous
    Next