Creating an address using the CLI
To create an address using the CLI:
- Open the FortiOS CLI with administrator credentials.
- Go to Policy & Objects > Addresses. Create a new address, or select an existing address. Right-click the address and select Edit in CLI.
- Configure the filtering rule. This means the Fabric connector automatically populates and updates only instances belonging to the specified VPC that match this filtering condition. You can use the following keys:
Autoscaling group AutoScaleGroup
Group name placement.groupname Image ID imageId
Instance ID instanceId
Instance type instanceType
Key name keyName Kubernetes cluster k8s_cluster Kubernetes label and its name k8s_label.Name Kubernetes namespace k8s_namespace Kubernetes node name k8s_nodename Kubernetes pod name k8s_podname Kubernetes region k8s_region Kubernetes service name k8s_servicename Kubernetes zone k8s_zone Private DNS name privateDnsName
Public DNS name publicDnsName
Security group ID SecurityGroupId Subnet ID subnetId
Tag and its name. This key supports a maximum of eight tags. tag.Name Tenancy placement placement.tenancy VPC ID VpcId
For example, to automatically populate instances that belong to a certain subnet within the VPC, you can create a filtering condition using subnetID. First, check the subnet ID in the AWS management portal.
set filter "subnetId=subnet-fb2506a0", as well as other commands to configure the address as desired. In this example, the subnet is 10.0.2.0/24. At this point,
showshows the following:
Three instances with IP addresses 10.0.2.111, 10.0.2.112, and 10.0.2.114 have just been populated and are updated automatically as you set the filtering condition above and the update interval specified in the GUI has been reached. Since these three instances have been up and running in the specified VPC, the Fabric connector found them through APIs that FortiOS called to AWS.
You can set the filtering condition using multiple entries with
|(or) button for each entry. When you use both
|, FortiOS interprets & before |. For example, you can enter
subnetId=subnet-fb2506a0 & tag.Name=abc123. In this case, an IP address of the instance that matches both the subnet ID and the tag “Name” shows up. Filters support wildcard values.