Security Rating, Interface Classification: What should be VDOM Links roles?
I have a 100F with 3 VDOM's. Each of it provides internet access to some separated internal subnets.
For management reasons, I do have VDOM Links configured with mostly SNMP, ssh and RDP traffic.
To satisfy one of the Security Rating questions (Interface Classification), I should assign a role to the VDOM Links. I can't do that in the interface configuration, like I do it for "normal" interfaces.
For normal interfaces, I would see the differences between the interface roles. Not for VDOM Links..
For VDOM Links, I only could change the role in the Security Control via the Recommendations.
What is the best VDOM link role? LAN role or WAN role? I would guess LAN, but I am quite unsure.
What is the difference between LAN role and WAN role in case of the VDOM Link? Same as for any interface?
What is the best practice for VPN links? WAN role (if connecting to other businesses) or LAN role (if connecting sites of the same business)?
How "safe" is changing the interface role via the "Recommendations"? I have several interfaces with "Undefined" role (this is probably not good practice, I know.. that's why I want to better this.. )
Role do not have any effect on the FortiGate. Setting the role means some GUI option is being hidden, and it simplifies things from GUI itself. I don't really set the role and I think it is safe to leave at LAN (default) or undefined.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.