Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Configuring a Fabric connector in Azure

In this section, you configure FortiGate SDN (Fabric) connector for use with Azure.

In the FortiGate interface, these connectors are called Fabric connectors and are SDN connectors that provide integration and orchestration of Fortinet products with key SDN solutions. The Fortinet Security Fabric provides visibility into your security posture across multiple cloud networks, spanning private, public, and Software as a Service (SaaS) clouds. In software-defined networks like Azure, dynamic objects and resources can be cumbersome to secure using traditional firewall policies. By using the Fabric connector for use with the Azure IaaS, changes to attributes in the Azure environment can be automatically updated in the Security Fabric. This helps integrate and orchestrate FortiOS IPv4 policies going forward.

Before installing and configuring the Azure Fabric connector, the following Azure infrastructure and Fortinet FortiGate-VM components should be in place:

  • A valid Azure account and subscription. The account can be one that your organization established or simply one of the free trial options available from Azure. If you do not specify the resource group, you can find all resources that the account has access to.
  • You should have a FortiGate-VM deployed in Azure.
  • An IPv4 outbound policy from the FortiGate-VM on port2 (internal) to port1 (external)
  • A VM instance of a resource in the Azure environment

This section describes configuring an Azure Fabric connector to connect the FortiGate to connect to the Azure backend. This configuration allows easy reference of dynamic Azure objects when creating FortiOS firewall policies. If the FortiGate is a virtual device in one of those environments, it is likely to be the only connector configured.

Configuring a Fabric connector consists of the following steps:

  1. Create a Fabric connector in one of the following ways:
    1. Creating an Azure Fabric connector using service principal
    2. Creating a Fabric connector using a managed identity
  2. Create an address. See Creating an address.
  3. Configure the dynamic address in a policy. See Dynamic address in a policy.

Resources

Configuring a Fabric connector in Azure

In this section, you configure FortiGate SDN (Fabric) connector for use with Azure.

In the FortiGate interface, these connectors are called Fabric connectors and are SDN connectors that provide integration and orchestration of Fortinet products with key SDN solutions. The Fortinet Security Fabric provides visibility into your security posture across multiple cloud networks, spanning private, public, and Software as a Service (SaaS) clouds. In software-defined networks like Azure, dynamic objects and resources can be cumbersome to secure using traditional firewall policies. By using the Fabric connector for use with the Azure IaaS, changes to attributes in the Azure environment can be automatically updated in the Security Fabric. This helps integrate and orchestrate FortiOS IPv4 policies going forward.

Before installing and configuring the Azure Fabric connector, the following Azure infrastructure and Fortinet FortiGate-VM components should be in place:

  • A valid Azure account and subscription. The account can be one that your organization established or simply one of the free trial options available from Azure. If you do not specify the resource group, you can find all resources that the account has access to.
  • You should have a FortiGate-VM deployed in Azure.
  • An IPv4 outbound policy from the FortiGate-VM on port2 (internal) to port1 (external)
  • A VM instance of a resource in the Azure environment

This section describes configuring an Azure Fabric connector to connect the FortiGate to connect to the Azure backend. This configuration allows easy reference of dynamic Azure objects when creating FortiOS firewall policies. If the FortiGate is a virtual device in one of those environments, it is likely to be the only connector configured.

Configuring a Fabric connector consists of the following steps:

  1. Create a Fabric connector in one of the following ways:
    1. Creating an Azure Fabric connector using service principal
    2. Creating a Fabric connector using a managed identity
  2. Create an address. See Creating an address.
  3. Configure the dynamic address in a policy. See Dynamic address in a policy.