Where to put firewall policies when using VDOMs

Forum|Forum|16 years ago
September 1, 2009
1 reply
1740 views

In general when using VDOMs in a Fortigate device, where do you put the firewall policy. If using a management VDOM configuration as in the Fortigate VLAN' s and VDOM' s guide. It looks like the firewall policy could go in the root VDOM , local VDOM or in the inter-VDOM link. In addition, if you wanted to utilize multiple local VDOM' s as in the diagram it appears that you would want to allow the root VDOM to allow pretty much anything since it will need to allow traffic for all local VDOM' s. Does anyone have any ideas on this ? Thanks,

A

Anonymous_UserAuthor

Contributor

Hello Jon, As each VDOM will have it' s own interfaces and could be seen as an " individual" firewall, the firewall policies can be configured in each VDOM/Interafce depending on your traffic flow requirement. They can be applied to any interface (physical, VLAN, inter-VDOM links...). The VDOMs can be completely independent, or have traffic between each other, depending on the network design. One requirement in VDOM mode is that there must be one management VDOM (but not necessarily the root VDOM) that needs a link/route to the internet for accessing the FortiGuard services (if applicable), Fortigate' s DNS requests, syslog.... Hope this will help. -J.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded