When you create an Azure connector, you are authorizing FortiWeb to periodically get information of Azure instances and dynamically populates it in server pool configuration.
To create an Azure Connector:
- Go to Security Fabric > External Connectors.
To access this part of the web UI, your administrator’s account access profile must have Read and Write permission to items in the System Configuration category. For details, see Permissions.
- Click Create New.
- Under Public SDN, select Microsoft Azure. The Azure screen is displayed.
- Configure the following options, and then click Save.
You must create an Azure AD application to generate the Azure client ID and corresponding Azure client secret. This application must be a service principal. Otherwise, the Fabric connector cannot read the inventory. You can find the complete instructions at Use portal to create an Azure Active Directory application and service principal that can access resources.
Keep the following in mind when you get to the part about making a new application registration:
- The Application type has two options. Choose Web app/API.
- The Sign-on URL has the asterisk commonly associated with a required field, but this is not applicable in this case. Put in any valid URL in the field to complete the form and enable the Create button.
Name Type a name for the external connector object. Status
Toggle on to enable the external connector object.
Toggle off to disable the external connector object.
Update Interval (s)
Specify the update interval for the connector to get AWS objects and dynamically populates the information in the server pool configuration.
Server Region The region where your application server is deployed. Tenant ID See instructions above for how to find the Tenant ID. Client ID See instructions above for how to find the Client ID. Client Secret See instructions above for how to find the Client Secret. Subscription ID The ID of the subscription where your application server is deployed. Resource Group The name of the resource group where your application server is deployed. Make sure that the service principal (app registration) is granted for the network contributor and VM contributor roles for the target resource group.
After the connector is created, you can configure the Server Type, SDN address type, SDN Connector, and Filter options in Server Objects > Server > Server Pool. FortiWeb will then get the IP addresses of the compute instances from Azure and dynamically populates the objects in server pool configuration. See Defining your web servers.