Technical Tip: Same name for VLAN and Zone interface in VDOMs

This article describes that it is possible to divide FortiGate into instances called VDOMs.

Each VDOM is autonomous in functionality and configuration, except when it comes to set same name for a VLAN in VDOM A and zone interface in VDOM B.

Example:

FG2K5E3916-----5 (global) # show system interface servers

# config system interface

    edit "servers"

        set vdom "FW01"

        set ip 192.168.172.254 255.255.255.0

        set device-identification enable

        set role lan

        set snmp-index 60

        set interface "port1"

        set vlanid 72

    next

end

FG2K5E3916-----5 # config vdom

FG2K5E3916-----5 (vdom) # edit FW02  

current vf=FW02:6

FG2K5E3916-----5 (FW02) # config system zone

FG2K5E3916-----5 (zone) # edit servers

the name "servers" conflicts with a system interface of the same name.

node_check_object fail! for name servers

value parse error before 'servers'

Command fail. Return code -553

Such configuration is not supported, nevertheless, it is possible to  trick the system by accepting such configuration if the zone interface is created in VDOM A first, then the VLAN with same name in VDOM B.

Consequence of such configuration can surface after upgrade. (configuration for that zone interface is lost) or if the VLAN is first created in VDOM A and then the zone in VDOM B (like the example above).

It is strongly recommend avoiding configuring same name for a VLAN and zone interface, even in separate VDOMs.