Setting up Apache NiFi for Fortinet SD-WAN Technology Pack

Set up and start Apache NiFi to convert the data files that are collected from Fortinet SD-WAN servers to Avro format records and write them to Kafka. These records are then picked up by File Collector for processing the metrics and device inventory data.

Before you begin

To get a session and token from FortiManager and FortiGate to fetch data in NiFi, the default credentials are set to admin/admin.
ADOM values are configured as Site values. You must manually configure the ADOMs sites and add FortiGate devices to the ADOMs.

For more information, see https://docs.fortinet.com/document/fortimanager/5.4.0/cookbook/666580/adding-online-fortigates-to-fortimanager-5-4-1-adoms.

NiFi setup tasks

Following are the configuration tasks that are needed to set up Apache NiFi to start collecting metrics and inventory metadata from Fortinet SD-WAN control pane:

Access the NiFi UI on Red Hat OpenShift Container Platform.
Access the NiFi UI on your cloud platform.
Enable the controller services.
Configure the variables.

Access the NiFi UI on OpenShift Container Platform

Follow these steps to access the NiFi web interface on OpenShift® Container Platform:

Log in to your cloud platform web console of your cluster.
Make sure you are in tncp project or namespace.
Navigate to Networking > Routes.
Click the NiFi route link.
You can see the UI that has a canvas to orchestrate a data flow for the installed File-based Technology Packs:

Access the NiFi UI on Kubernetes

Open a web browser and type the following URL on Kubernetes cloud platform:
http://<node_hostname>:30026/nifi

Where, <node_hostname> is the hostname of any node in your cluster.

30026 is the port number of the NiFi Service on the node where it is installed.

You can see the UI that has a canvas to orchestrate a data flow for the installed File-based Technology Packs:

NiFi flow

NiFi flow in the Fortinet SD-WAN Technology Pack project is divided into the following sections:

Get session value for FortiManager authentication
Get token value for FortiGate authentication
Generate flow data
Device and Interface flow
Generate Tunnel Data
Generate Application Data
Generate AVRO Record

Enable the controller services

Right-click the Fortinet SD-WAN processor group and select Configure > CONTROLLER SERVICES.
The following Controller Services are available:
Click the Enable icon ( ) and enable all the controller services.
Close the window.
Click the processor group and select Start to start the data collection.

Configure the variables

Right-click the project canvas with nothing selected and select Variables from the menu.

In the Variables window, provide values for the following variables:

Fortinet SD-WAN pack variables

Variable	Value
interval	The default value is 10 minutes, which is expressed as 600 seconds. You can increase or decrease this value to delay or fasten the AVRO record generation by the NiFi Collector Service that can be picked up by the File Collector Service. You must update the Flow File Processors to schedule to run according to this value as well.
vmanage	IP address of the FortiManager Dashboard.

Note: Rest of the variable values are auto-populated for you.

After a variable value is changed, click OK and Apply.
Start all the processors in the flow.