This article describes the integration of Kubernetes with FortiManager External Connector.
FortiManager.
FortiManager Fabric View enables integration with Kubernetes to dynamically pull Kubernetes addresses and apply them to the firewall policy. The configuration guides are provided below:
1) In FortiManager, go to Fabric View -> External Connectors and select 'Create New':
Name = Connector Name
Status = enable
IP = Kubernetes IP
Port = Kubernetes Cluster Port
Secret Token = Kubernetes service account secret
Note:
Secret Token can be obtained from Kubernetes kubectl get secrets -o json and decode with base64.
2) Object Configuration:
After the Kubernetes External Connector is created, go to Policy & Objects -> Object Configuration -> Firewall Objects -> Addresses, select 'Create New' -> Address:
At the filter column, select the Icon to import all SDN Connector filters. It will load all the filters and provide a selection as shown below. Toggle the '+' sign will provide different display:
Display 1.
Display 2.
If multiple filters are selected, an 'OR' or 'AND' logic options are available. It provides a more dynamic filter for the addresses pulled from Kubernetes.
3) Policy Package:
After the Kubernetes addresses are created, itcan be applied in Policy Packages for firewall policy.
If FortiManager is unable to import Kubernetes addresses during object configuration, apply the debug below to obtain more information about the error for troubleshooting:
# diagnose debug application connector 255
# diagnose debug enable
Related article:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.