Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

On This Page

Dynamic address in a policy
Result

Resources

Upgrade Path Tool

Azure Cookbook

6.2.0
Download PDF
Copy Link

Dynamic address in a policy

You can use a dynamic address in a policy just like any other address object. Dynamic addresses have a different icon to show that they are a Fabric connector address.

The CLI commands to configure the same policy are as follows:

config firewall policy

edit 0

set name "outgoing1"

set srcintf "port2"

set dstintf "port1"

set srcaddr "azure-client"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set logtraffic all

set logtraffic-start enable

set capture-packet enable

set nat enable

next

end

Result

By using the FortiGate Fabric connector for Azure, the configuration of the FortiGate’s policies does not depend on the IP addresses of the resources connecting to it. You could move the entire environment to a new Azure location on a different continent with different public IP addresses, even for internal resources. After the move, no reconfiguration needs to take place. Everything works just as it did before the move.

On This Page

Resources

Dynamic address in a policy

You can use a dynamic address in a policy just like any other address object. Dynamic addresses have a different icon to show that they are a Fabric connector address.

The CLI commands to configure the same policy are as follows:

config firewall policy

edit 0

set name "outgoing1"

set srcintf "port2"

set dstintf "port1"

set srcaddr "azure-client"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set logtraffic all

set logtraffic-start enable

set capture-packet enable

set nat enable

next

end

Result

By using the FortiGate Fabric connector for Azure, the configuration of the FortiGate’s policies does not depend on the IP addresses of the resources connecting to it. You could move the entire environment to a new Azure location on a different continent with different public IP addresses, even for internal resources. After the move, no reconfiguration needs to take place. Everything works just as it did before the move.