To confirm that you successfully configured the connector, you must have a Fabric connector address.
- The address or address group is used for source/destination of firewall policies. The address is based on IP addresses. The address contains address(es) within the Azure instance that are running.
- When changes occur to addresses in the Azure environment, the Fabric connector populates and updates the changes automatically based on the specified filtering condition so administrators do not need to reconfigure the address’s content manually.
- As instances that match the filter appear in the environment, changes are propagated to the firewall policies that use the address object.
Configuring one of these addresses is similar to configuring any other address object, but with a few different options.
To create an address:
- Go to Policy & Objects > Addresses.
- In the Name field, enter the desired name.
- From the Type dropdown list, select Dynamic.
- From the Sub Type dropdown list, select Fabric Connector Address.
- From the SDN Connector dropdown list, select the Fabric connector created in Creating an Azure Fabric connector using service principal.
- Input a filter into the Filter field. You can add multiple filters and use logical operators OR and AND to include many or specific devices.
- Set the interface to a specific port or leave it at the default any.
- Add any Comments or Tags that are applicable.
When a dynamic object is created, FortiOS first displays it with a warning that the object is not resolved. The warning clears itself once the Fabric connector refreshes. By default, the Fabric connector refreshes every 60 seconds. You can force refresh in Security Fabric > Connectors by clicking the connector Refresh icon.
Tags are not the only option to filter the address. The Azure Fabric connector supports the following filters:
vmss=<VM scale set>
Just like the tag value, you can find these properties in the Azure interface