Skip to main content
AGS-1
AGS-1
New Member
January 6, 2025
Solved

Vdoms, NAT and dual Wan

  • January 6, 2025
  • 3 replies
  • 1096 views

Hello,

I'm trying to dedicate one wan link to a server in my infrastructure.

 

I'm using a cluster of 601F, 3 Vdoms (Root, Internal, housing). The wan i want to use for my server is already NATed (ISP router cannot be set in bridge mode....) So i created the wan interface, using a private IP (192.168.10.10/24) on one VLAN interface of my root Vdom. Firewall is able to ping the ISP router

 

But then i can't understand how i'm supposed to route traffic to/from my server through the 2 vdoms ...

Do i need to create a VIP on the root vdom, pointing to the IP address of the internal Vdom on the Vlnk and then another VIP on the internal Vdom pointing to the server ?

Is there any other solutions ?

 

Thank you

Matthieu

 

 

Best answer by dingjerry_FTNT

Hi @AGS-1 ,

 

You may use one VIP only, either in root VDOM or another VDOM, up to you.  Then use the regular route control and firewall policy control for the rest.

3 replies

Yurisk
SuperUser
Yurisk
SuperUser
January 6, 2025

Think of each VDOM as a standalone physical Fortigates connected to each other with Inter-VDOM links and do policies/routing accordingly. You can create a single VIP on WAN interface in root VDOM  pointing to IP address of the server in the another VDOM, then add route in root VDOM for this IP towards Iner-VDOM link between root VDOM and VDOM containing the server, then do policy allowing the needed traffic as well. Not exactly the same but close example https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/335646/inter-vdom-routing-configuration-example-internet-access 

 

    dingjerry_FTNT
    Staff
    dingjerry_FTNTAnswer
    Staff
    January 6, 2025

    Hi @AGS-1 ,

     

    You may use one VIP only, either in root VDOM or another VDOM, up to you.  Then use the regular route control and firewall policy control for the rest.

    AGS-1
    AGS-1Author
    New Member
    January 6, 2025

    Thank you both for your inputs.

     

    I did use 1 VIP on the root VDOM and policy routing magic. It's working.

     

    Thanks !

      Terms & ConditionsAccessibility statement