Hi All,
I have a problem to configure setup like in the topic. I have 1 ISP with pool of 64 IPs connected to port 1 (WAN), port 2 (LAN) is connected to trunk port on internal network switch
How to configure vdom to have access to internet and where to setup VIP to redirect to internal vdom lan? I\m confused where to setup what ? I have setup internal interfaces for VDOMS in Global vdom -->interfaces but how to add access to port 1 (WAN) to vdom_x, vdom_y, vdom_z? where to setup main external ip for each vdom? Cookbook have wired examples 2 ISP 2 Vdoms and uses 4 ports, I want to use only 2 ports for that because I will have 8 vdoms and there is not enough physical ports on FG300D but they say I can use VLANs for VDOMs and I agree with that it's reasonable :) but how to share 1 ISP port?
thanks
Marek
To my understanding you have wan interface on root VDOM and some other VDOMS.
In order to dispatch internet traffic to other VDOMs the best way is to create VDOM links interfaces between
Root and VDOMx
Root and VDOMy
.....
also static routes between vdoms (Root and VDOMx, Root and VDOMy , .....)
AND then appropriate policy rules.
Concerning VIP: you create VIP on root VDOM and the real IP points the one you wish to redirect to.
--------------------------------------------
If all else fails, use the force !
This looks reasonable, but question where to create link and where add policy? Now it looks like all interfaces and rules should be in created in Global or ROOT vdom so what is the point to have vidoms ?
agreed, this is what cisco ASA has had for decades nows and shaed-media access.
Ken Felix
PCNSE
NSE
StrongSwan
redy wrote:This looks reasonable, but question where to create link and where add policy? Now it looks like all interfaces and rules should be in created in Global or ROOT vdom so what is the point to have vidoms ?
To be honest - I don't know why you would need VDOMS - The initial posting was a question how to set it up with VDOMS. VDOMs might only be necessary if you need like a multi-tenant setup or something comparable.
What are you actual requirements?
Br,
Roman
I have a redundant ISP on one side and 8 customers on other side of firewall i want to replace 8 firewalls with one is it correct thinking?
redy wrote:Hi All,
I have a problem to configure setup like in the topic. I have 1 ISP with pool of 64 IPs connected to port 1 (WAN), port 2 (LAN) is connected to trunk port on internal network switch
How to configure vdom to have access to internet and where to setup VIP to redirect to internal vdom lan? I\m confused where to setup what ? I have setup internal interfaces for VDOMS in Global vdom -->interfaces but how to add access to port 1 (WAN) to vdom_x, vdom_y, vdom_z? where to setup main external ip for each vdom? Cookbook have wired examples 2 ISP 2 Vdoms and uses 4 ports, I want to use only 2 ports for that because I will have 8 vdoms and there is not enough physical ports on FG300D but they say I can use VLANs for VDOMs and I agree with that it's reasonable :) but how to share 1 ISP port?
thanks
Marek
EMAC Interfaces is what you are going to need
Br,
Roman
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1735 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.