Created on 10-05-2023 08:56 AM Edited on 02-05-2024 01:16 AM By Jean-Philippe_P
Description |
This article explains how to retrieve AWS Workspaces and ALB/NLB/GWLB ENI IP address, and also how to filter them with the following filters: <OwnerId> <InterfaceType> <SecurityGroupId> <InterfaceId> <Tag> <Description> |
Scope | FortiOS 7.2.4, FortiOS 7.4.2, AWS, SDN-Connector. |
Solution |
One feature of the SDN connector is to retrieve public/private cloud information of network objects to dynamically update network policies via Dynamic Address Objects.
Previously (prior to FortiOS 7.2.4 and FortiOS 7.4.2), FortiGate AWS type SDN connectors did not support AWS Workspaces and ALB/NLB/GWLB ENI IP address retrieval.
To have access to information like AWS ELBs (ALB and NLB) , VPC Endpoints , TGW , GWLB and Workspace Instance Private IPs, it is necessary to enable the feature in the CLI:
config system sdn-connector edit aws-cross-account set alt-resource-ip enable next end
After, it should be possible to access information using filters:
config firewall address edit "aws-sdn-addr-workspace" set type dynamic set sdn "aws-sdn" set filter "tag.Name=my-workspace-demo" config list edit "10.0.1.34" next end next end
config firewall address edit "aws-sdn-addr-ALB" set type dynamic set sdn "aws-sdn" set filter "tag.Name=my-ALB-demo" config list edit "10.0.2.120" next end next end
config firewall address edit "aws-sdn-addr-NLB" set type dynamic set sdn "aws-sdn" set filter "tag.Name=my-NLB-demo" config list edit "10.2.11.181" next edit "10.2.21.189" next end next end
config firewall address edit "aws-sdn-addr-GWLB" set type dynamic set sdn "aws-sdn1" set filter "tag.Name=my-GWLB-demo" config list edit "10.2.1.199" next end next end
config firewall address edit "aws-sdn-addr-GWLB-InterfaceId" set type dynamic set sdn "aws-sdn1" set filter "InterfaceID=eni-0123456789" config list edit "10.2.1.199" next end next end
config firewall address edit "aws-sdn-addr-GWLB-type" set type dynamic set sdn "aws-sdn1" set filter "InterfaceType=gateway_load_balancer" config list edit "10.2.1.199" next end next end
config firewall address edit "aws-sdn-addr-GWLB-SubnetId" set type dynamic set sdn "aws-sdn1" set filter "SubnetId=subnet-1234556789" config list edit "10.2.1.199" next end next end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.