Allow VDOM admin to create IPSEC

5q46n2te8jPWJY · ‎06-06-2024

Hello,

I am using Fortigate with FortiManager. I have configured several VDOMs based on this schema.

I want the user of VDOM1 to be independent in creating their own IPSEC tunnels. They have public IP addresses routed within their VDOM.

How can I do this?

Thank you for your help!

firolver · ‎06-06-2024

Yes you can terminate a VPN on a VDOM or NP Link. We do this for multiple customers that have 3rd party IPSEC tunnels to vendors or remote sites. The internet just needs to be able to hit the IP on VDOM A.

https://9apps.ooo/

Debbie_FTNT · ‎06-06-2024

as @firolver mentioned, the VPN can teminate on any physical or virtual interface in that VDOM.

Given that you're using FortiManager, you should ensure that VDOM is not part of central VPN management in FortiManager, or you're going to get sync issues.

The admins can create the VPN locally on FortiGate no issue, and that does get synced to FortiManager by default, but creating interface mappings and policies has to happen on FortiManager. If you want the same admins to be able to do this as well (interface mappings, policies), you need to add them to FortiManager and give them access to that FortiGate VDOM (device entry) and the particular policy package.

Cheers,

Debbie

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

hbac · ‎06-06-2024

Hi @5q46n2te8jPWJY,

Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-IPSec-VPN-tunnels-on-VDOMs-tha...

Regards,

Allow VDOM admin to create IPSEC

Nominate a Forum Post for Knowledge Article Creation