Fortinet black logo

Security Fabric Integration with NSX

Home FortiManager Private Cloud 6.0.0 Security Fabric Integration with NSX
6.0.0
6.0.0
6.0.0

Creating fabric connectors for NSX

Creating fabric connectors for NSX

You can use FortiManager to create SDN fabric connectors for VMware NSX, and then install the fabric connectors to FortiGates.

The fabric connectors in FortiManager define the type of connector and include information for FortiGate to communicate with and authenticate with the products. In some cases FortiGate units must communicate with products through the Fortinet SDN Connector, and in other cases FortiGate units communicate directly with the products.

FortiGate works without Fortinet SDN Connector to communicate directly with VMware NSX.

Following is an overview of how to create fabric connectors for NSX by using FortiManager:

  1. Create a fabric connector object for NSX. See Creating fabric connector objects for NSX.
  2. Import address names from VMware NSX to the fabric connector object. See Importing address names to fabric connectors.

    The address names are imported and converted to firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.

  3. Create a virtual wire pair. See Configuring virtual wire pairs.
  4. In the policy package in which you will be creating the new policy, create an IPv4 virtual wire pair policy, select the virtual wire pair, and add the firewall address objects for the VMware NSX. See Creating IP policies.
  5. Install the policy package to FortiGate or FortiGate VMX Service Manager. See Installing policy packages.

    The ForitGate unit or FortiGate VMX Service Manager communicates with VMware NSX to dynamically populate the firewall address objects with IP addresses.

If the address names change in VMware NSX after you import them to FortiManager, you must import the address names again.

Previous
Next

Creating fabric connectors for NSX

You can use FortiManager to create SDN fabric connectors for VMware NSX, and then install the fabric connectors to FortiGates.

The fabric connectors in FortiManager define the type of connector and include information for FortiGate to communicate with and authenticate with the products. In some cases FortiGate units must communicate with products through the Fortinet SDN Connector, and in other cases FortiGate units communicate directly with the products.

FortiGate works without Fortinet SDN Connector to communicate directly with VMware NSX.

Following is an overview of how to create fabric connectors for NSX by using FortiManager:

  1. Create a fabric connector object for NSX. See Creating fabric connector objects for NSX.
  2. Import address names from VMware NSX to the fabric connector object. See Importing address names to fabric connectors.

    The address names are imported and converted to firewall address objects. The objects do not yet include IP addresses. The objects are displayed on the Firewall Objects > Addresses pane.

  3. Create a virtual wire pair. See Configuring virtual wire pairs.
  4. In the policy package in which you will be creating the new policy, create an IPv4 virtual wire pair policy, select the virtual wire pair, and add the firewall address objects for the VMware NSX. See Creating IP policies.
  5. Install the policy package to FortiGate or FortiGate VMX Service Manager. See Installing policy packages.

    The ForitGate unit or FortiGate VMX Service Manager communicates with VMware NSX to dynamically populate the firewall address objects with IP addresses.

If the address names change in VMware NSX after you import them to FortiManager, you must import the address names again.

Previous
Next