Description
This article describes how to create VDOM with Transparent mode.
Scope
- For FortiGate unit with some situations, it is necessary to have more than one VDOM with the different VDOM mode such as NAT mode or Transparent mode depending on the design in the environment.
- Manage multiple VDOM with the different operation mode.
- Use the firewall to protect the different environment in the system with the different mode by only one firewall. (NAT mode VDOM and Transparent mode VDOM).
Solution
-In some situation , a request to use only one firewall to protect the system with the different mode can appear (NAT mode and Transparent mode).
It is necessary to have multiple VDOM and necessary to use VDOM with both NAT mode and transparent mode.
- After VDOM enabled by using the following CLI commands.
v5.6.x and v6.0.x.
From GUI :
- Go to Global -> System -> VDOM -> Create New , put the VDOM name and information as required and select 'OK'.
This article describes how to create VDOM with Transparent mode.
Scope
- For FortiGate unit with some situations, it is necessary to have more than one VDOM with the different VDOM mode such as NAT mode or Transparent mode depending on the design in the environment.
- Manage multiple VDOM with the different operation mode.
- Use the firewall to protect the different environment in the system with the different mode by only one firewall. (NAT mode VDOM and Transparent mode VDOM).
Solution
-In some situation , a request to use only one firewall to protect the system with the different mode can appear (NAT mode and Transparent mode).
It is necessary to have multiple VDOM and necessary to use VDOM with both NAT mode and transparent mode.
- After VDOM enabled by using the following CLI commands.
v5.6.x and v6.0.x.
FGT # config system globalv6.2.x and v6.4.x.
FGT (global) set vdom-admin enable
FGT (global) end
FGT # config system globalThen the unit may be forced to log out and log in again after the message as below:
FGT (global) set vdom-mode multi-vdom
FGT (global) end
You will be logged out for the operation to take effect.Solution to fix the issue:
Do you want to continue? (y/n) y
From GUI :
- Go to Global -> System -> VDOM -> Create New , put the VDOM name and information as required and select 'OK'.
- By default, create VDOM with NAT mode. For that, change operation mode from NAT mode to Transparent mode.
From CLI command as below.
y.y.y.y <----- Is the subnet mask of x.x.x.x.
z.z.z.z <----- Is gateway IP address as required.
Then it will show 'Changing to TP mode' message to tell that the FortiGate changes operation mode from NAT to Transparent completely.
- Go to Global -> System -> VDOM > Transparent VDOM.
It will show 'Operation Mode that it is possible to choose as below.
From CLI command as below.
# config vdomx.x.x.x <----- Is the manage IP address that you’ll use to access to this transparent mode VDOM.
edit < VDOM name >
# config system settings
set opmode transparent
set manageip x.x.x.x y.y.y.y
set gateway z.z.z.z
set status enable
end
end
y.y.y.y <----- Is the subnet mask of x.x.x.x.
z.z.z.z <----- Is gateway IP address as required.
Then it will show 'Changing to TP mode' message to tell that the FortiGate changes operation mode from NAT to Transparent completely.
- Go to Global -> System -> VDOM > Transparent VDOM.
It will show 'Operation Mode that it is possible to choose as below.
-But when it is required to create the new VDOM, it still does not have 'Operation Mode' to choose by default.
Enable Transparent mode via CLI command in the new VDOM required to be created again.
