With FortiManager, you can create a fabric connector for VMware NSX-T.
FortiManagerwith ADOM version 6.2 or later.
The method described in this topic for creating fabric connectors requires ADOM version 6.2 or later.
- FortiGate is managed by FortiManager.
- Go to System Settings > Administrators.
- Double-click the admin account to open it for editing.
- Beside JSON API Access, select Read-Write, and click OK.
- Go to Fabric View > Fabric Connectors.
- Click Create New. The Create New Fabric Connector wizard is displayed.
- Under SSO/Identity, select NSX NSX-T, and click Next. The NSX VMware NSX-T screen is displayed.
- Configure the following options, and then click OK:
Type a name for the fabric connector object.
Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.
NSX-T Manager Configuration
Type the IP address of the NSX-T server.
Type the user name for the NSX-T server.
Type the password for the NSX-T server.
Type the IP address for FortiManager.
Type the user name for FortiManager.
Type the password for FortiManager.
A fabric connector for VMware NSX-T is created and a connection to VMware NSX-T manager is established
- Edit the connector to set Status to On.
FortiManager retrieves the groups from VMware NSX-T and stores them as dynamic firewall objects.
- Download the preconfigured deployment image from the Fortinet Support Site for (https://support.fortinet.com) FortiGate VM for VMware NSX-T:
- Place the deployment image on a server that VMware NSX-T and FortiManager can access.
- Note the URL for the deployment image. You will need to add the URL to FortiManager.
- Ensure that you know the URL for the location of the preconfigured deployment image for FortiGate VM and VMware NSX-T.
- On the Fabric View pane, edit the connector for VMware NSX-T, and click Add Service.
- In the Service Name box, type a name for the service.
- In the Integration box, select East-West or North-South to specify the direction of network traffic.
- In the Image Location box, type the URL for the location of the preconfigured deployment file for FortiGate VM.
- Click OK.
The service is added and registered with the VMware NSX-T manager.
- Go to VMware NSX-T manager, and deploy the FortiGate VM.
The deployment file is configured to automatically enable central management.
When prompted by the deployment of FortiGate VM, enter the IP address of the FortiManager used for central management.
The FortiGate is displayed in FortiManager on the Device Manager pane as an unauthorized device.
- On FortiManager, go to Device Manager and authorize the FortiGate.
- In the policy package in which you will be creating the new policy, create an IPv4 virtual wire pair policy and include the firewall address objects for VMware NSX-T. See IP policies.
- Install the policy package to FortiGate.
See Install a policy package.
FortiGate communicates with NSX-T via FortiManager to dynamically populate the firewall address objects with IP addresses.