Troubleshooting Tip: A possible reason for connectivity issues through the Inter-VDOM link

acevik · ‎07-31-2025

Description

This article describes a possible failure reason for inter-VDOM connections.

Scope

FortiGate.

Solution

In some cases, traffic fails to pass through the inter-VDOM links, and the Debug flows show a correct route match, but there is no policy match, and the egress packet looks like the following in the ingress VDOM:

2023-04-03 12:10:33 id=20085 trace_id=50042 func=print_pkt_detail line=5845 msg="vd-VDOM_TRM:0 received a packet(proto=1, 192.168.252.1:5376->10.71.2.239:2048) tun_id=0.0.0.0 from vdl1-TRM_INT. type=8, code=0, id=5376, seq=0."
2023-04-03 12:10:33 id=20085 trace_id=50042 func=init_ip_session_common line=6024 msg="allocate a new session-003bc6ae, tun_id=0.0.0.0"
2023-04-03 12:10:33 id=20085 trace_id=50042 func=vf_ip_route_input_common line=2605 msg="find a route: flag=04000000 gw-10.71.2.239 via Red5.571"

One possible reason is that VDOM itself is disabled in the system settings.

To confirm the status of the VDOM, review the following entry

config vdom
edit <VDOM>
config system settings

"show full"

set status <enable/disable> <-----

Related documents:

Debugging the packet flow

config system settings

Troubleshooting Tip: A possible reason for connectivity issues through the Inter-VDOM link

You are leaving our website