Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
caunon
Staff
Staff

Created on ‎03-29-2021 07:31 AM Edited on ‎10-29-2024 05:31 AM By Moderator

Article Id 197046

Technical Tip: How to create a VDOM with Transparent mode

Description

 

This article describes how to create a VDOM with Transparent mode.

Scope

 

FortiGate.

 

Solution

 

  • For a FortiGate unit in some situations, it is necessary to have more than one VDOM with a different VDOM mode such as NAT mode or Transparent mode, depending on the design in the environment.
  • Manage multiple VDOMs with the different operation modes.
  • Use the firewall to protect the different environment in the system with the different mode by only one firewall. (NAT mode VDOM and Transparent mode VDOM.)
  • In some situations, a request to use only one firewall to protect the system with the different modes can appear (NAT mode and Transparent mode.)
  • It is necessary to have multiple VDOMs and necessary to use VDOM with both NAT mode and transparent mode.

 

Enable the VDOM by using the following CLI commands:

v5.6.x and v6.0.x.

 

FGT # config system global
FGT (global) set vdom-admin enable
FGT (global) end

 

v6.2.x and v6.4.x.

 

FGT # config system global
FGT (global) set vdom-mode multi-vdom
FGT (global) end

 

v7.0.x, v7.2.x, v7.4.x and v7.6.x.

 

FGT # config system global
FGT (global) set vdom-mode multi-vdom
FGT (global) end

 

Afterwards, the unit may be forced to log out and log in again, and will present the following message:

 

You will be logged out for the operation to take effect.
Do you want to continue? (y/n) y

 

Use the following solution to fix the issue:

From the GUI:

Go to Global -> System -> VDOM -> Create New, enter the VDOM name and information as required, and select 'OK'.


 
In most scenarios, VDOMs should be created with NAT mode. To do this, change the operation mode from NAT mode to Transparent mode.

In the CLI:

config vdom
    edit < VDOM name >
        config system settings
            set opmode transparent
            set manageip x.x.x.x  y.y.y.y
            set gateway z.z.z.z
            set status enable
        end
    end
 
x.x.x.x <----- Is the manage IP address that will be used to access this transparent mode VDOM.
y.y.y.y <----- Is the subnet mask of x.x.x.x.
z.z.z.z <----- Is the gateway IP address, as required.

Afterwards, a 'Changing to TP mode' message will be shown to indicate that the FortiGate is changing operation mode from NAT to Transparent completely.
 
Go to Global -> System -> VDOM > Transparent VDOM.

 'Operation Mode' will be possible to choose as below.
 
 
However, when it is necessary to create the new VDOM, it still does not have 'Operation Mode' to choose by default.
Enable Transparent mode via CLI command in the new VDOM required to be created again.
24037
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.