Fortinet black logo

Universal Connector 1.0.0 Administration Guide

Home FortiManager 7.4.0 Universal Connector 1.0.0 Administration Guide
7.4.0
7.4.0
7.2.0
7.0.1

Configure the connector

Configure the connector

To configure the Azure Universal Connector:

  1. Enable the Universal Connector. See Enabling Universal Connector MEA.

  2. Go to Management Extensions > Universal Connector.

  3. Click Create New on the toolbar, and select Azure.

  4. Configure the connector settings:

    Name Enter the connector name.
    Server Region Select an Azure region.
    Tenant ID Enter your tenant ID.
    Client ID Enter your client ID.

    Client Secret

    		 Enter your client secret.

    Proxy

    Enable the proxy option if your FortiManager and FortiGate are behind proxy servers.

    When Proxy is enabled, you can select the following:

    Authentication Method Specify the authentication method as either Basic or Kerberos.
    Proxy Scheme Choose either HTTP or HTTPS.
    Proxy Host Enter the proxy host information.

    Proxy Username

    Enter the proxy username.

    Proxy Password

    Enter the proxy password.

    Realm

    Specify a Kerberos realm.

    This setting is only available when using the Kerberos Authentication Method.

    SPN

    Enter a Service Principal Name (SPN).

    This setting is only available when using the Kerberos Authentication Method.

    Kerberos Configuration

    Enter the Kerberos configuration.

    Below is an example of how to input Kerberos configurations:

    [realms]

    DEMO.IO = {

    kdc = demo-vm1.demo.io

    }

    This setting is only available when using the Kerberos Authentication Method.

    Verify Certificate

    Enable or disable server certificate verification.

    Status

    Enable or disable the connector.

    The status is disabled by default and cannot be enabled until you have added a FSSO group.

    Remove the addresses when the remote connector is unreachable for more than five minutes.

    This option is enabled by default, and addresses are cleared if the connection to Azure is lost for five minutes.

    When the checkbox is not selected, all address information is maintained until the connection is reestablished or the administrator changes the connector configuration.

    Interval

    You can manually change the interval for the Universal Connector to fetch groups and IPS from Azure and then send them to FortiManager. The default interval is 60 seconds.

  5. Click Save & Continue.

  6. Configure the FSSO Groups by clicking Add Filter Group.
    Add Filter Group is grayed out by default, and you can only select it after you have entered all of the credential information required by the connector and clicked Save & Continue.

    1. Configure the FSSO Group Name.

    2. Select the Add Conditions, and click Apply.

    3. Click Add.

  7. Toggle the Status of the connector to ON, fill in a change note, and click OK.

Previous
Next

Configure the connector

To configure the Azure Universal Connector:

  1. Enable the Universal Connector. See Enabling Universal Connector MEA.

  2. Go to Management Extensions > Universal Connector.

  3. Click Create New on the toolbar, and select Azure.

  4. Configure the connector settings:

    Name Enter the connector name.
    Server Region Select an Azure region.
    Tenant ID Enter your tenant ID.
    Client ID Enter your client ID.

    Client Secret

    		 Enter your client secret.

    Proxy

    Enable the proxy option if your FortiManager and FortiGate are behind proxy servers.

    When Proxy is enabled, you can select the following:

    Authentication Method Specify the authentication method as either Basic or Kerberos.
    Proxy Scheme Choose either HTTP or HTTPS.
    Proxy Host Enter the proxy host information.

    Proxy Username

    Enter the proxy username.

    Proxy Password

    Enter the proxy password.

    Realm

    Specify a Kerberos realm.

    This setting is only available when using the Kerberos Authentication Method.

    SPN

    Enter a Service Principal Name (SPN).

    This setting is only available when using the Kerberos Authentication Method.

    Kerberos Configuration

    Enter the Kerberos configuration.

    Below is an example of how to input Kerberos configurations:

    [realms]

    DEMO.IO = {

    kdc = demo-vm1.demo.io

    }

    This setting is only available when using the Kerberos Authentication Method.

    Verify Certificate

    Enable or disable server certificate verification.

    Status

    Enable or disable the connector.

    The status is disabled by default and cannot be enabled until you have added a FSSO group.

    Remove the addresses when the remote connector is unreachable for more than five minutes.

    This option is enabled by default, and addresses are cleared if the connection to Azure is lost for five minutes.

    When the checkbox is not selected, all address information is maintained until the connection is reestablished or the administrator changes the connector configuration.

    Interval

    You can manually change the interval for the Universal Connector to fetch groups and IPS from Azure and then send them to FortiManager. The default interval is 60 seconds.

  5. Click Save & Continue.

  6. Configure the FSSO Groups by clicking Add Filter Group.
    Add Filter Group is grayed out by default, and you can only select it after you have entered all of the credential information required by the connector and clicked Save & Continue.

    1. Configure the FSSO Group Name.

    2. Select the Add Conditions, and click Apply.

    3. Click Add.

  7. Toggle the Status of the connector to ON, fill in a change note, and click OK.

Previous
Next