Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
5q46n2te8jPWJY
New Contributor III

Allow VDOM admin to create IPSEC

Hello,

 

I am using Fortigate with FortiManager. I have configured several VDOMs based on this schema.

4b71aa7a1dc7259b927ed41ff8afe22f_Topology_Inter VDOM Routing Ex_Internet access_Updated-01.png

 

I want the user of VDOM1 to be independent in creating their own IPSEC tunnels. They have public IP addresses routed within their VDOM.

 

How can I do this?

 

Thank you for your help!

3 REPLIES 3
firolver
New Contributor

Yes you can terminate a VPN on a VDOM or NP Link. We do this for multiple customers that have 3rd party IPSEC tunnels to vendors or remote sites. The internet just needs to be able to hit the IP on VDOM A.

https://9apps.ooo/
Debbie_FTNT
Staff
Staff

as @firolver mentioned, the VPN can teminate on any physical or virtual interface in that VDOM.

Given that you're using FortiManager, you should ensure that VDOM is not part of central VPN management in FortiManager, or you're going to get sync issues.

The admins can create the VPN locally on FortiGate no issue, and that does get synced to FortiManager by default, but creating interface mappings and policies has to happen on FortiManager. If you want the same admins to be able to do this as well (interface mappings, policies), you need to add them to FortiManager and give them access to that FortiGate VDOM (device entry) and the particular policy package.

 

Cheers,

Debbie

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
hbac
Staff
Staff
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors