Skip to main content
alpha202ej
alpha202ej
New Member
April 8, 2013
Question

VDOM with VLANs Cannot Connect to Internet

  • April 8, 2013
  • 4 replies
  • 8479 views
Hi all, I have been trying to make a proof of concept for our office with a FortiGate 50B (v4.0 MR2 Patch 4 firmware) to support a multitenet configuration using the Management VDOM. I have been trying to follow along on the example, however, the FortiGate 50B doesn' t support configuration of individual ports so I have had to fall back on VLANs. For this task I have a HP ProCurve 1700-8 (a L2 managed switch) which supports VLANs. On the switch, port one is configured for tenet one and port two for tenet two. The only issue is that I cannot connect to the internet when connected to either of the ports, however, the root VDOM connects to the internet just fine. I think it has something to do with my firewall rules but since I am adapting the example from the one listed in the FortiOS Handbook: Virtual Domains (Figure 201) I cannot be sure I am doing wrong. I would be grateful for any assistance or guidance with this! :) Thank you for reading!

    4 replies

    Matthijs
    Matthijs
    New Member
    April 9, 2013
    Have you created vdom links between the vdoms and policy' s in both vdom' s to allow the traffic? Don' t forget to route the ip' s you use from the management vdom to the tenet vdom and in the tenet vdom add a default route to the management vdom. check what happens in a traceroute to see where the traffic stops..
    alpha202ej
    alpha202ejAuthor
    New Member
    April 10, 2013
    Thank you for the reply. I have setup the routing for the vdoms but it isn' t pinging properly. A thoughr had occurred to me that I may be missing a VLAN for my wan interface I can assign to the extra vdom. It could also be my firewall policies. Do I need to have NAT disabled for communication with the management vdom? Later today I will post a detailed configuration (screenshots of the settings) Thanks!
    alpha202ej
    alpha202ejAuthor
    New Member
    April 12, 2013
    Hello guys! I have gone ahead and taken screenshots of my UI and made a diagram of the lab I have setup. Presently I am unable to connect to the internet from TenetA. If any one could look at this configuration and see if there is anything wrong with it, please let me know. This is my diagram of my Management VDOM. All tenets utilize the same internet connection. I am using a FortiGate 50B so I must use VLANs to assign ports. Network Diagram Global Interfaces Root/Management VDOM Root Addresses Root Policies Root Static Route Root Route Monitor TenetA VDOM Root Addresses Root Policies Root Static Route Root Route Monitor Again, any help would be GREATLY appreciated!!!
    alpha202ej
    alpha202ejAuthor
    New Member
    April 12, 2013
    Hi guys, I just wanted to let you know that I got it figured out. It was all in the routing table and firewall polices. If anyone would like a more indepth, please let me know and I will post it. I am currently away from my notes at the moment. Thanks again!
    tvidal
    tvidal
    New Member
    October 22, 2013
    Hi, Any chance to give us an output of your solution ? I am facing the same problem... Many thanks Thomas
    Seizuriffic
    Seizuriffic
    New Member
    May 9, 2013
    Please post your solution. I have been beating my head on the table for two days trying to figure out why my VDOMs can' t get out. Any and all help appreciated.
    Terms & ConditionsAccessibility statement