Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Maxim_Vanichkin
New Contributor II

Transparent mode in the VDOM with shared WAN-port

Hello! Guys, need help to solve the problem. There is one ISP, one cable is connected to the first port of FG300D. I have a block of IP addresses – for NAT and Transparent modes. I need to create 2 VDOMs - one of them will work in NAT mode, the other will be in Transparent. Unable to add already used by root VDOM WAN interface to the second VDOM (Transparent). Is it possible?

I’m sorry for my English  - I am doing my best )))

 

 

1 Solution
Carl_Wallmark

Actually you don´t need to enter any IPs, if you dont have special needs for them, just make sure your routing is correct and pointing to the vdom-link for the netoworks behind them

 

If you do the other way around, your asterisk would still need to enter the NAT vdom to reach the Internet ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

View solution in original post

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
5 REPLIES 5
Carl_Wallmark
Valued Contributor

Hi Maxim,

 

What you can do is to create a VDOM in transparent mode, add the pshysical interface to that vdom, then create a VDOM in NAT mode and create a inter-vdom link between the NAT and TP VDOM.

 

In this way you can share that interface with other VDOMs.

An pshysical interface can only me member of one vdom, but you can create VLANs in multiple VDOMs.

 

 

 

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Maxim_Vanichkin

Hi Selective!

 

Thank you for your answer!

Can i do it vice versa? I already have root VDOM with NAT. I created second VDOM - transparent. Im trying to create link between them. Wich ip-address should i place into root vlink?

 

Unfortunatly my ISP cant give me vlans...

 

I have problems with Asterisk - that is why I decided to create Transparent VDOM.

 

Carl_Wallmark

Actually you don´t need to enter any IPs, if you dont have special needs for them, just make sure your routing is correct and pointing to the vdom-link for the netoworks behind them

 

If you do the other way around, your asterisk would still need to enter the NAT vdom to reach the Internet ?

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Maxim_Vanichkin

Dear Selective!

 

You are the man! Your scheme is working! Thank you very much!

Carl_Wallmark

Glad I could help :)

FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C

FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail 100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B, 11C
Labels
Top Kudoed Authors