Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msolanki
Staff
Staff

Created on ‎05-20-2022 06:25 AM Edited on ‎04-02-2025 11:49 PM By Community Manager

Article Id 212709

Technical Tip: Difference and understanding between NPU Vdom link, NPU Vdom link with VLAN and Vdom link

Description

 

This article describes the basic difference between NPU vdom link, NPU vdom link with VLAN ID and Vdom link.

 

Scope

 

FortiGate.

 

Solution

 

NPU Vdom Link:

NPU VDOM links are inhibited and the moment you enable multi VDOM mode the 'npu0_vlink' interface name is visible in FortiGate under interfaces.

Let's say if a hardware has NP4 or NP6, then the interface name is shown like 'npu0_vlink0' and 'npu0_vlink1' in the interface list.

 

It is possible to use this VDOM link to communicate between two VDOMs.

It is always good to have an ingress and egress interface in the same NPU for better performance in case FortiGate hardware has multiple NPUs (NP6 or NP4).

 

    edit "npu0_vlink0"

        set vdom "root"

        set type physical

        set snmp-index 22

    next

    edit "npu0_vlink1"

        set vdom "root"

        set type physical

        set snmp-index 23

        next

msolanki_0-1653050806878.png

 

NPU Vdom Link with VLAN:

NPU VDOM link with VLAN tag is like a sub-interface and can be used when it is necessary to connect multiple VDOM.

For the links to work, the VLAN interfaces must be added to the same NPU VDOM link interface. It must be on the same subnet and must have the same VLAN ID.

 

Topology to understand.

 

msolanki_1-1653050923897.png

 

Interface with VLAN 100 in root VDOM.

 

edit "VLAN-100"

        set vdom "root"  <------------------

        set ip 100.0.0.1 255.255.255.252

        set allowaccess ping https ssh snmp http fgfm

        set alias "npu0_vlink0_100"

        set device-identification enable

        set role lan

        set snmp-index 30

        set interface "npu0_vlink0" <-----

        set vlanid 100

 

 edit "Vdom-1_VLAN-100"

        set vdom "Vdom-1"<-----

        set ip 100.0.0.2 255.255.255.252

        set allowaccess ping https ssh snmp http

        set alias "npu0_vlink1_100"

        set device-identification enable

        set role lan

        set snmp-index 31

        set interface "npu0_vlink1" <-----

        set vlanid 100

 

msolanki_2-1653050968304.pngmsolanki_3-1653050975008.pngmsolanki_4-1653050997753.png

 

It is possible to create in the same way another VLAN interface, for example, VLAN 300 between root VDOM and Vdom-3.

 

Interface with VLAN 300 in VDOM root and VDOM vdom-3.

 

VDOM root:

 

msolanki_5-1653051091578.png

 

VDOM Vdom-3:

 

msolanki_6-1653051127288.png

msolanki_8-1653051155337.png

 

The same can be done for the NPU VDOM link between non-root VDOMs, as an example, the NPU Vdom link (vlan 105) is used to connect Vdom-2 and Vdom-4.

 

VDOM Vdom-2:

 

msolanki_9-1653051291794.png

 

VDOM Vdom-4:

 

msolanki_10-1653051323773.png

 

VDOM Link:

It is possible to create as many VDOM links as necessary, in order to communicate between any two VDOM in FortiGate.

VDOM links are similar to the VLAN sub-interface, a virtual interface between two VDOMs, where inter-vdom routing can be achieved between two VDOMs.

VDOM link does not support NPU acceleration/offloading.

 

The example below shows one VDOM link(Non-NPU) created between vdom-2 and vdom-4 as per topology with IP 106.0.0.0/32.

 

msolanki_11-1653051383775.pngmsolanki_12-1653051396721.png

 

Similar way VDOM link can be created between root and Vdom-1, Vdom-2 etc.

Labels:
28127
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.