Skip to main content
redy
redy
New Member
February 14, 2020
Question

1-ISP , multiple VDOMs on vlans

  • February 14, 2020
  • 2 replies
  • 10656 views

Hi All,

I have a problem to configure setup like in the topic. I have 1 ISP with pool of 64 IPs connected to port 1 (WAN), port 2 (LAN) is connected to trunk port on internal network switch

How to configure vdom to have access to internet and where to setup VIP to redirect to internal vdom lan?  I\m confused where to setup what ? I have setup  internal interfaces for VDOMS in Global vdom -->interfaces but how to add access to port 1 (WAN) to vdom_x, vdom_y, vdom_z? where to setup main external ip for each vdom? Cookbook have wired examples  2 ISP 2 Vdoms and uses 4 ports, I want to use only 2 ports for that because I will have 8 vdoms and there is not enough physical ports on FG300D but they say I can use VLANs for VDOMs and I agree with that it's reasonable :) but how to share 1 ISP port?

thanks 

Marek 

2 replies

Alexis_G
Alexis_G
New Member
February 14, 2020

To my understanding you have wan interface on root VDOM and some other VDOMS.

In order to dispatch internet traffic to other VDOMs the best way is to create VDOM links interfaces between

Root and VDOMx

Root and VDOMy

.....

also static routes between vdoms (Root and VDOMx, Root and VDOMy , .....)

AND then appropriate policy rules.

Concerning VIP: you create VIP on root VDOM and the real IP points the one you wish to redirect to. 

 

 

redy
redyAuthor
New Member
February 14, 2020

This looks reasonable, but question where to create link and where add policy? Now it looks like all interfaces and rules should be in created in Global or ROOT vdom so what is the point to have vidoms ?

emnoc
emnoc
New Member
February 14, 2020

agreed, this is what cisco ASA has had for decades nows and shaed-media access.

 

Ken Felix

romanr
romanr
New Member
February 14, 2020

redy wrote:

Hi All,

I have a problem to configure setup like in the topic. I have 1 ISP with pool of 64 IPs connected to port 1 (WAN), port 2 (LAN) is connected to trunk port on internal network switch

How to configure vdom to have access to internet and where to setup VIP to redirect to internal vdom lan?  I\m confused where to setup what ? I have setup  internal interfaces for VDOMS in Global vdom -->interfaces but how to add access to port 1 (WAN) to vdom_x, vdom_y, vdom_z? where to setup main external ip for each vdom? Cookbook have wired examples  2 ISP 2 Vdoms and uses 4 ports, I want to use only 2 ports for that because I will have 8 vdoms and there is not enough physical ports on FG300D but they say I can use VLANs for VDOMs and I agree with that it's reasonable :) but how to share 1 ISP port?

thanks 

Marek 

EMAC Interfaces is what you are going to need

 

https://help.fortinet.com/fos60hlp/60/Content/FortiOS/fortigate-networking/Interfaces/Enhanced%20MAC%20VLANs.htm

 

Br,

Roman

Terms & ConditionsAccessibility statement