Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

TimMcKe
New Contributor

Created on ‎01-02-2018 09:22 AM

Split VDOM

Is it possible to have IPSec VPNs that split between 2 VDOMs like Cisco tunnels?  I need to have many tunnels using a public interface in the 'root' VDOM, but routing/terminating in a different VDOM...

Labels:
614
0 Kudos
1 Solution
RolfStan
New Contributor

Created on ‎01-24-2018 07:53 PM

If I understand your question right. You are having 2 VDOM. The first one which is the root VDOM which is connected to the public Interface and the 2. one which is the VPN VDOM and that is connected to the 1. one via inter VDOM-link. Is this correct?

If so, you need a public IP on the inter VDOM-link of the 2. one. Alternate you can have this public IP one the 1. one as a VIP and forward the traffic to a private IP on the inter VDOM-link to the second VDOM.

View solution in original post

599
0 Kudos
2 REPLIES 2
RolfStan
New Contributor

Created on ‎01-24-2018 07:53 PM

If I understand your question right. You are having 2 VDOM. The first one which is the root VDOM which is connected to the public Interface and the 2. one which is the VPN VDOM and that is connected to the 1. one via inter VDOM-link. Is this correct?

If so, you need a public IP on the inter VDOM-link of the 2. one. Alternate you can have this public IP one the 1. one as a VIP and forward the traffic to a private IP on the inter VDOM-link to the second VDOM.

600
0 Kudos
TimMcKe
New Contributor
In response to RolfStan

Created on ‎01-25-2018 04:29 AM

Yes, I could do it this way, but I would prefer to keep the two VDOMs isolated from each other. In the Cisco and Juniper worlds you can create a VPN tunnel with the physical interfaces in one VRF and the logical tunnel interfaces in a different VRF.


This would 1) simplify policy setup and 2) allow for small remote office cases where only one public address is allowed.


Tim McKee

________________________________
From: Rolf Stange via VPN:
Sent: Thursday, January 25, 2018 12:52:59 AM
To: vpn@lists.fusecommunity.fortinet.com
Subject: [VPN:] - RE: Split VDOM


If I understand your question right. You are having 2 VDOM. The first one which is the root VDOM which is connected to the public Interface and the 2. one which is the VPN VDOM and that is connected to the 1. one via inter VDOM-link. Is this correct?

If so, you need a public IP on the inter VDOM-link of the 2. one. Alternate you can have this public IP one the 1. one as a VIP and forward the traffic to a private IP on the inter VDOM-link to the second VDOM.

-----End Original Message-----
599
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.