Fortinet black logo

Administration Guide

Creating Microsoft Azure fabric connectors

Creating Microsoft Azure fabric connectors

With FortiManager, you can create a fabric connector for Microsoft Azure. You cannot import address names from Microsoft Azure to the fabric connector. Instead you must manually create dynamic firewall objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with Microsoft Azure and dynamically populate the objects with IP addresses. Fortinet SDN Connector is not required for this configuration.

When you create a fabric connector for Microsoft Azure, you are specifying how FortiGate can communicate directly with Microsoft Azure.

If ADOMs are enabled, you can create one fabric connector per ADOM.

Requirements:

  • FortiManager version 5.6 ADOM or later

    The method described in this topic for creating fabric connectors requires version 6.0 ADOM or later.

  • FortiGate is managed by FortiManager.
  • The managed FortiGate unit is configured to work with Microsoft Azure.
To create a fabric connector object for Microsoft Azure:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New. The Create New Fabric Connector wizard is displayed.
  3. Under SDN, select Azure, and click Next.
  4. Configure the following options, and then click OK:

    Name

    Type a name for the fabric connector object.

    Type

    Displays Microsoft Azure.

    Azure tenant ID

    Type the tenant ID from Azure.

    Azure client ID

    Type the client ID from Azure.

    Azure client secret

    Type the client secret from Azure.

    Azure subscription ID

    Type the subscription ID for Azure.

    Azure resource group

    Type the resource group for Azure.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    Advanced Options

    Expand to specify advanced options for Azure.

    azure-region

    Select an Azure region.

To complete the fabric connector setup:
  1. Create dynamic firewall address objects. See Configuring dynamic firewall addresses for fabric connectors.

    You cannot import address names from Microsoft Azure to FortiManager.

  2. In the policy package in which you will be creating the new policy, create an IPv4 policy and include the dynamic firewall address objects for Microsoft Azure. See IP policies.
  3. Install the policy package to FortiGate. See Install a policy package.

    FortiGate communicates with Microsoft Azure to dynamically populate the firewall address objects with IP addresses.

Creating Microsoft Azure fabric connectors

With FortiManager, you can create a fabric connector for Microsoft Azure. You cannot import address names from Microsoft Azure to the fabric connector. Instead you must manually create dynamic firewall objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate with Microsoft Azure and dynamically populate the objects with IP addresses. Fortinet SDN Connector is not required for this configuration.

When you create a fabric connector for Microsoft Azure, you are specifying how FortiGate can communicate directly with Microsoft Azure.

If ADOMs are enabled, you can create one fabric connector per ADOM.

Requirements:

  • FortiManager version 5.6 ADOM or later

    The method described in this topic for creating fabric connectors requires version 6.0 ADOM or later.

  • FortiGate is managed by FortiManager.
  • The managed FortiGate unit is configured to work with Microsoft Azure.
To create a fabric connector object for Microsoft Azure:
  1. Go to Fabric View > Fabric Connectors.
  2. Click Create New. The Create New Fabric Connector wizard is displayed.
  3. Under SDN, select Azure, and click Next.
  4. Configure the following options, and then click OK:

    Name

    Type a name for the fabric connector object.

    Type

    Displays Microsoft Azure.

    Azure tenant ID

    Type the tenant ID from Azure.

    Azure client ID

    Type the client ID from Azure.

    Azure client secret

    Type the client secret from Azure.

    Azure subscription ID

    Type the subscription ID for Azure.

    Azure resource group

    Type the resource group for Azure.

    Update Interval (s)

    Specify how often in seconds that the dynamic firewall objects should be updated.

    Status

    Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.

    Advanced Options

    Expand to specify advanced options for Azure.

    azure-region

    Select an Azure region.

To complete the fabric connector setup:
  1. Create dynamic firewall address objects. See Configuring dynamic firewall addresses for fabric connectors.

    You cannot import address names from Microsoft Azure to FortiManager.

  2. In the policy package in which you will be creating the new policy, create an IPv4 policy and include the dynamic firewall address objects for Microsoft Azure. See IP policies.
  3. Install the policy package to FortiGate. See Install a policy package.

    FortiGate communicates with Microsoft Azure to dynamically populate the firewall address objects with IP addresses.