Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Creating VMware NSX-T connector

With FortiManager, you can create a fabric connector for VMware NSX-T.

Requirements:

  • FortiManagerwith ADOM version 6.2 or later.

    The method described in this topic for creating fabric connectors requires ADOM version 6.2 or later.

  • FortiGate is managed by FortiManager.
To enable read-write JSON API access:
  1. Go to System Settings > Administrators.
  2. Double-click the admin account to open it for editing.
  3. Beside JSON API Access, select Read-Write, and click OK.
To create a fabric connector for VMware NSX-T:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New. The Create New Fabric Connector wizard is displayed.
  3. Under SSO/Identity, select NSX NSX-T, and click Next. The NSX VMware NSX-T screen is displayed.

  4. Configure the following options, and then click OK:

    Name

    Type a name for the fabric connector object.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    NSX-T Manager Configuration

     

    Server

    Type the IP address of the NSX-T server.

    User Name

    Type the user name for the NSX-T server.

    Password

    Type the password for the NSX-T server.

    FortiManager Configurations

     

    IP Address

    Type the IP address for FortiManager.

    User Name

    Type the user name for FortiManager.

    Password

    Type the password for FortiManager.

    A fabric connector for VMware NSX-T is created and a connection to VMware NSX-T manager is established

  5. Edit the connector to set Status to On.

    FortiManager retrieves the groups from VMware NSX-T and stores them as dynamic firewall objects.

To download the FortiGate VM deployment image:
  1. Download the preconfigured deployment image from the Fortinet Support Site for (https://support.fortinet.com) FortiGate VM for VMware NSX-T:

    fortigate-vm64-nsxt.ovf

  2. Place the deployment image on a server that VMware NSX-T and FortiManager can access.
  3. Note the URL for the deployment image. You will need to add the URL to FortiManager.
To register a service from FortiManager to VMware NSX-T:
  1. Ensure that you know the URL for the location of the preconfigured deployment image for FortiGate VM and VMware NSX-T.
  2. On the Fabric View pane, edit the connector for VMware NSX-T, and click Add Service.
  3. In the Service Name box, type a name for the service.
  4. In the Integration box, select East-West or North-South to specify the direction of network traffic.
  5. In the Image Location box, type the URL for the location of the preconfigured deployment file for FortiGate VM.
  6. Click OK.

    The service is added and registered with the VMware NSX-T manager.

To deploy a FortiGate VM from VMware NSX-T and enable central management:
  1. Go to VMware NSX-T manager, and deploy the FortiGate VM.

    The deployment file is configured to automatically enable central management.

  2. When prompted by the deployment of FortiGate VM, enter the IP address of the FortiManager used for central management.

    The FortiGate is displayed in FortiManager on the Device Manager pane as an unauthorized device.

  3. On FortiManager, go to Device Manager and authorize the FortiGate.
To complete the fabric connector setup:
  1. In the policy package in which you will be creating the new policy, create an IPv4 virtual wire pair policy and include the firewall address objects for VMware NSX-T. See IP policies.
  2. Install the policy package to FortiGate. See Install a policy package.

    FortiGate communicates with NSX-T via FortiManager to dynamically populate the firewall address objects with IP addresses.

Creating VMware NSX-T connector

With FortiManager, you can create a fabric connector for VMware NSX-T.

Requirements:

  • FortiManagerwith ADOM version 6.2 or later.

    The method described in this topic for creating fabric connectors requires ADOM version 6.2 or later.

  • FortiGate is managed by FortiManager.
To enable read-write JSON API access:
  1. Go to System Settings > Administrators.
  2. Double-click the admin account to open it for editing.
  3. Beside JSON API Access, select Read-Write, and click OK.
To create a fabric connector for VMware NSX-T:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New. The Create New Fabric Connector wizard is displayed.
  3. Under SSO/Identity, select NSX NSX-T, and click Next. The NSX VMware NSX-T screen is displayed.

  4. Configure the following options, and then click OK:

    Name

    Type a name for the fabric connector object.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    NSX-T Manager Configuration

     

    Server

    Type the IP address of the NSX-T server.

    User Name

    Type the user name for the NSX-T server.

    Password

    Type the password for the NSX-T server.

    FortiManager Configurations

     

    IP Address

    Type the IP address for FortiManager.

    User Name

    Type the user name for FortiManager.

    Password

    Type the password for FortiManager.

    A fabric connector for VMware NSX-T is created and a connection to VMware NSX-T manager is established

  5. Edit the connector to set Status to On.

    FortiManager retrieves the groups from VMware NSX-T and stores them as dynamic firewall objects.

To download the FortiGate VM deployment image:
  1. Download the preconfigured deployment image from the Fortinet Support Site for (https://support.fortinet.com) FortiGate VM for VMware NSX-T:

    fortigate-vm64-nsxt.ovf

  2. Place the deployment image on a server that VMware NSX-T and FortiManager can access.
  3. Note the URL for the deployment image. You will need to add the URL to FortiManager.
To register a service from FortiManager to VMware NSX-T:
  1. Ensure that you know the URL for the location of the preconfigured deployment image for FortiGate VM and VMware NSX-T.
  2. On the Fabric View pane, edit the connector for VMware NSX-T, and click Add Service.
  3. In the Service Name box, type a name for the service.
  4. In the Integration box, select East-West or North-South to specify the direction of network traffic.
  5. In the Image Location box, type the URL for the location of the preconfigured deployment file for FortiGate VM.
  6. Click OK.

    The service is added and registered with the VMware NSX-T manager.

To deploy a FortiGate VM from VMware NSX-T and enable central management:
  1. Go to VMware NSX-T manager, and deploy the FortiGate VM.

    The deployment file is configured to automatically enable central management.

  2. When prompted by the deployment of FortiGate VM, enter the IP address of the FortiManager used for central management.

    The FortiGate is displayed in FortiManager on the Device Manager pane as an unauthorized device.

  3. On FortiManager, go to Device Manager and authorize the FortiGate.
To complete the fabric connector setup:
  1. In the policy package in which you will be creating the new policy, create an IPv4 virtual wire pair policy and include the firewall address objects for VMware NSX-T. See IP policies.
  2. Install the policy package to FortiGate. See Install a policy package.

    FortiGate communicates with NSX-T via FortiManager to dynamically populate the firewall address objects with IP addresses.