Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

On This Page

Creating an address
Filters

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Creating an address

In order to confirm that you successfully configured the connector, you must have a Fabric connector address.

  • The address or address group is used for source/destination of firewall policies. The address is based on IP addresses. The address contains address(es) within the Azure instance that are running.
  • When changes occur to addresses in the Azure environment, the Fabric connector populates and updates the changes automatically based on the specified filtering condition so administrators do not need to reconfigure the address’s content manually.
  • As instances that match the filter appear in the environment, changes are propagated to the firewall policies that use the address object.

Configuring one of these addresses is similar to configuring any other address object, but with a few different options.

  1. Go to Policy & Objects > Addresses.
  2. Give the address a name.
  3. From the Type dropdown list, select Fabric Connector Address.
  4. From the Fabric Connector Type dropdown list, select Microsoft Azure.
  5. Input a filter into the Filter field.
  6. Set the interface to a specific port or leave it at the default any.
  7. Add any Comments or Tags that are applicable.

The CLI commands to configure the same address are as follows:

config firewall address

edit "azure-client"

set type dynamic

set comment ''

set visibility enable

set associated-interface ''

set color 0

set sdn azure

set filter "tag.Owner=test"

next

end

Filters

Tags are not the only option to filter the address. The Azure Fabric connector supports the following filters:

  • vm=<VM name>
  • securitygroup=<nsg id>
  • vnet=<VNet id>
  • subnet=<subnet id>
  • vmss=<VM scale set>
  • tag.<key>=<value>

Just like the tag value, you can find these properties in the Azure interface

On This Page

Resources

Creating an address

In order to confirm that you successfully configured the connector, you must have a Fabric connector address.

  • The address or address group is used for source/destination of firewall policies. The address is based on IP addresses. The address contains address(es) within the Azure instance that are running.
  • When changes occur to addresses in the Azure environment, the Fabric connector populates and updates the changes automatically based on the specified filtering condition so administrators do not need to reconfigure the address’s content manually.
  • As instances that match the filter appear in the environment, changes are propagated to the firewall policies that use the address object.

Configuring one of these addresses is similar to configuring any other address object, but with a few different options.

  1. Go to Policy & Objects > Addresses.
  2. Give the address a name.
  3. From the Type dropdown list, select Fabric Connector Address.
  4. From the Fabric Connector Type dropdown list, select Microsoft Azure.
  5. Input a filter into the Filter field.
  6. Set the interface to a specific port or leave it at the default any.
  7. Add any Comments or Tags that are applicable.

The CLI commands to configure the same address are as follows:

config firewall address

edit "azure-client"

set type dynamic

set comment ''

set visibility enable

set associated-interface ''

set color 0

set sdn azure

set filter "tag.Owner=test"

next

end

Filters

Tags are not the only option to filter the address. The Azure Fabric connector supports the following filters:

  • vm=<VM name>
  • securitygroup=<nsg id>
  • vnet=<VNet id>
  • subnet=<subnet id>
  • vmss=<VM scale set>
  • tag.<key>=<value>

Just like the tag value, you can find these properties in the Azure interface